Google Redirect Virus?

View previous topic View next topic Go down

Google Redirect Virus?

Post by andywu94 on 15th September 2011, 1:44 am

Hi guys, So this is what I got from OTL. I'm really sorry but I'm very bad with technology D:
SO this is what happens. I'm searching stuff on google and when I click a link, it redirects to some other site. I'm forced to click back a million times just to get to the page I was looking for. Please help!
I'm running on Windows Vista Home Premium Service Pack 2.

Heres the info from my scan.

OTL logfile created on: 9/14/2011 9:26:46 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Andy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 67.97% Memory free
16.03 Gb Paging File | 13.52 Gb Available in Paging File | 84.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.70 Gb Total Space | 811.04 Gb Free Space | 88.38% Space Free | Partition Type: NTFS
Drive D: | 13.81 Gb Total Space | 1.95 Gb Free Space | 14.12% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/14 21:23:21 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Downloads\OTL.com
PRC - [2011/09/10 00:24:28 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/09/07 16:05:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/01 20:09:54 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/07/01 15:36:48 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/11/18 15:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2009/09/09 15:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/10 02:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/10 02:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/04 17:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 17:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/10 00:24:25 | 014,407,976 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/09/10 00:24:07 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/09/10 00:24:05 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/09/10 00:24:05 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/09/10 00:24:05 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/09/07 16:05:09 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/15 18:18:38 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/31 21:48:12 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/04/10 02:22:04 | 000,906,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/10 00:24:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 22:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 17:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/26 07:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 10:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/12/14 19:16:40 | 000,709,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2007/10/28 13:22:00 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MRVW24C.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV - [2008/11/14 04:52:54 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\NEOFLTR_600_13705.sys -- (NEOFLTR_600_13705) Juniper Networks TDI Filter Driver (NEOFLTR_600_13705)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Andy\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\Andy\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/08 20:16:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011/08/28 12:33:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 16:05:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/15 17:57:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Andy\AppData\Roaming\Move Networks [2010/03/12 23:11:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/08 20:16:59 | 000,000,000 | ---D | M]

[2009/12/31 00:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions
[2011/08/04 23:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\3a7uzqaj.default\extensions
[2010/04/27 14:52:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\3a7uzqaj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/30 19:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/12 12:56:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/13 11:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/16 15:39:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/30 19:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3A7UZQAJ.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3A7UZQAJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/07 16:05:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/01 16:04:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.] File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - [You must be registered and logged in to see this link.] File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files (x86)\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files (x86)\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} [You must be registered and logged in to see this link.] (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.166 213.109.73.41 1.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6DEA4B-0E0C-40AA-96A8-D01FB592A458}: DhcpNameServer = 213.109.67.166 213.109.73.41 1.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BB2CE99-1CAE-404F-AB8C-76E32444D980}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F14D7AB-2C98-4447-BDFE-5EB66B30CC53}: DhcpNameServer = 213.109.67.166 213.109.73.41 1.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5A1D54F-F81A-4B54-8F19-6246D55782B1}: DhcpNameServer = 213.109.67.166 213.109.73.41 1.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD53676E-72DE-4598-863F-07926252442F}: DhcpNameServer = 213.109.67.166 213.109.73.41 1.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F80B2ABB-39B1-4360-817E-4D8E1DF01E8B}: DhcpNameServer = 213.109.67.166 213.109.73.41 1.1.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 18:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/09 18:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/09 18:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/09 18:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/09/05 13:49:40 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\China Pictures
[2011/09/04 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\SoftGrid Client
[2011/09/04 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\SoftGrid Client
[2011/09/04 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\TP
[2011/08/29 22:35:12 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Blog
[2011/08/28 12:33:51 | 002,029,520 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/08/28 12:33:51 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/08/28 12:33:51 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/08/28 12:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/08/28 12:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/08/28 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/23 23:51:38 | 000,000,000 | --SD | C] -- C:\Users\Andy\Documents\My Webs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/14 21:32:13 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/14 21:32:12 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/14 20:55:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/14 20:38:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129204010-3227512483-1809511921-1000UA.job
[2011/09/14 20:14:29 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{92EEF5CC-F8BC-4DB4-A72F-24424F372744}.job
[2011/09/14 19:14:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAndy.job
[2011/09/14 18:49:55 | 000,002,341 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/09/13 00:38:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129204010-3227512483-1809511921-1000Core.job
[2011/09/12 15:44:06 | 000,000,680 | ---- | M] () -- C:\Users\Andy\AppData\Local\d3d9caps.dat
[2011/09/10 11:13:16 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/10 11:13:16 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/10 11:13:16 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/09 18:37:16 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/04 18:24:05 | 000,721,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/03 19:36:39 | 000,002,039 | ---- | M] () -- C:\Users\Andy\Desktop\Google Chrome.lnk
[2011/09/03 19:36:39 | 000,002,001 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/01 21:08:08 | 000,030,747 | ---- | M] () -- C:\Users\Andy\Desktop\Common App 2 reworked.odt
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/28 15:41:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/28 12:30:08 | 002,898,412 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/08/28 12:28:11 | 000,513,008 | ---- | M] () -- C:\Users\Andy\Desktop\avinstall.exe
[2011/08/21 09:18:51 | 158,067,944 | ---- | M] () -- C:\Users\Andy\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/10 11:01:43 | 000,000,680 | ---- | C] () -- C:\Users\Andy\AppData\Local\d3d9caps.dat
[2011/09/09 18:37:16 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/04 18:24:05 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/01 20:30:26 | 000,030,747 | ---- | C] () -- C:\Users\Andy\Desktop\Common App 2 reworked.odt
[2011/08/28 12:33:52 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/08/28 12:33:51 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2011/08/28 12:33:51 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/08/28 12:33:51 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/08/28 12:33:51 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/08/28 12:29:49 | 002,898,412 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/08/28 12:28:27 | 000,513,008 | ---- | C] () -- C:\Users\Andy\Desktop\avinstall.exe
[2011/08/21 08:55:12 | 158,067,944 | ---- | C] () -- C:\Users\Andy\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2011/01/25 01:03:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/08 20:09:13 | 000,208,102 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/06/13 22:09:45 | 000,007,680 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 17:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/01/13 21:06:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/11 19:48:19 | 000,002,650 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\wklnhst.dat
[2010/01/01 20:40:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/01 20:40:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/01/01 20:39:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/30 12:09:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/07/30 11:49:10 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/07/30 11:49:10 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/09/18 10:53:48 | 000,000,859 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/01/12 17:05:41 | 000,061,440 | ---- | M] (Gary's Hood) -- C:\Users\Andy\Desktop\Auto Type Click.exe
[2011/08/28 12:28:11 | 000,513,008 | ---- | M] () -- C:\Users\Andy\Desktop\avinstall.exe
[2011/06/20 15:37:27 | 2377,931,650 | ---- | M] (Nexon) -- C:\Users\Andy\Desktop\MSSetupv98.exe
[2011/08/21 09:18:51 | 158,067,944 | ---- | M] () -- C:\Users\Andy\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/07 16:05:09 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2011/09/07 16:05:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2011/09/07 16:05:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2011/09/07 16:05:08 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >


andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 15th September 2011, 1:44 am

< %PROGRAMFILES%\*. >
[2010/08/05 21:13:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[2011/02/20 18:39:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/07/11 22:39:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/07/14 19:49:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2011/07/29 19:23:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/08/28 12:29:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/09/08 20:17:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupons
[2009/07/30 12:12:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2009/12/30 20:39:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/02/22 19:25:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/09/08 20:16:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2009/07/30 12:28:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/09/08 20:17:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
[2011/09/05 20:29:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/07/30 13:32:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/08/15 17:58:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/09/09 18:37:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/07/30 19:12:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/05/31 21:47:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JRE
[2010/03/28 18:01:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Juniper Networks
[2009/07/30 12:29:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JunoPreloader
[2011/07/14 20:52:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame For Audacity
[2009/12/30 20:02:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Linksys
[2011/09/14 21:23:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/07/30 12:29:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/04 18:46:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/06/18 01:47:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/05/31 17:29:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/12/16 16:06:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/08/05 21:11:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/09/07 16:05:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/03/20 20:58:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2009/07/30 12:29:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2009/12/31 04:12:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2009/07/30 12:28:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetZeroPreloader
[2009/07/30 13:32:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2010/05/31 21:46:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/01/01 13:36:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2011/08/28 15:36:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Tools Security
[2009/07/30 12:17:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2009/07/30 11:49:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Python
[2011/05/31 19:58:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Quick Web Player
[2011/08/15 17:57:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/30 12:02:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/07/29 19:29:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2011/07/12 06:25:09 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/05/31 23:58:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartSound Software
[2009/12/30 20:20:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SMINST
[2010/10/08 18:07:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Starcraft
[2011/07/30 17:21:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2011/09/14 20:59:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2011/06/07 18:09:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2009/07/30 12:02:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2006/11/02 11:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/01/26 14:38:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 23:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 23:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/05/31 17:43:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/08/15 17:58:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/05/31 23:50:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Components
[2010/10/13 18:45:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/01/26 14:38:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2010/01/27 13:22:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/01/26 14:38:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/05/31 20:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2009/12/30 20:34:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinZip


< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: DISK.SYS >
[2008/01/20 22:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\SysNative\drivers\disk.sys
[2008/01/20 22:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys
[2009/04/11 03:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_57d0967429abbfdc\disk.sys

< MD5 for: IASTOR.SYS >
[2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\hp\drivers\Intel_Storage\IaStor.sys
[2008/12/04 16:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Windows\SysNative\drivers\iaStor.sys
[2008/12/04 16:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/07 16:05:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/07 16:05:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/07 16:05:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/09/07 16:05:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/09/07 16:05:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/07 16:05:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/23 05:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/23 05:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/23 05:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 15th September 2011, 1:46 am

This is from my Extras pad
OTL Extras logfile created on: 9/14/2011 9:26:46 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Andy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 67.97% Memory free
16.03 Gb Paging File | 13.52 Gb Available in Paging File | 84.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.70 Gb Total Space | 811.04 Gb Free Space | 88.38% Space Free | Partition Type: NTFS
Drive D: | 13.81 Gb Total Space | 1.95 Gb Free Space | 14.12% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F0 D0 78 8B B7 9E CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00743C8B-79CC-40F2-BF42-7F1895CBFAAC}" = rport=139 | protocol=6 | dir=out | app=system |
"{0D3C2E8C-2AA9-41D8-86BE-AAD381FF9A74}" = lport=445 | protocol=6 | dir=in | app=system |
"{36660B9D-16F6-467D-B307-56A13F473E51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38EA82E7-1115-49B7-AA60-7C1DDB62EC3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{4DC2393B-396D-4B7E-A52E-6E4E1627E791}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4DE4D8D2-C251-41C4-BE10-0D5AD4112BB3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{65B83128-EF9A-425B-98AC-1866115EA20F}" = rport=137 | protocol=17 | dir=out | app=system |
"{A14CA759-9FF1-4023-BC4E-7EC5B826F890}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A3485F07-2EA8-4DBA-8F5F-87109CAE8097}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A36F7F40-7D60-4512-BB4D-0296AC1D24AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A88189EA-0DF9-4FDE-BED2-6713C27B21C8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AD0C0296-B450-4E98-B9C7-7D3583684EF9}" = rport=445 | protocol=6 | dir=out | app=system |
"{AFAF67F2-E153-48E2-A0B8-0D28FBAFB4D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B16B742B-872D-40CB-85CB-C005BF55F7E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC0887DE-71C0-48F6-B742-11DAB4D4D908}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF2914E5-9EBA-4B31-94CA-C620AB34ADD9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE02ED66-F229-4233-9096-1EF78D56695A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E923ED14-DAD3-4006-A897-E055C5E9550D}" = rport=138 | protocol=17 | dir=out | app=system |
"{F5366E11-E374-4AD3-94CC-F8EC24E14194}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F5A894F3-6DB5-42CC-B1CC-2D864425E366}" = lport=138 | protocol=17 | dir=in | app=system |
"{F90F0B68-D083-4617-8B3D-B58EFA547B82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F9AE9A72-0493-4BE2-A1A8-8A6D89997455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04516AD2-9B11-4E47-A70D-D67E6481E6B3}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{117C707C-3F74-4E13-9ECD-17F2EA97786D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{16611346-44AB-4FDC-A7FC-251052FFF799}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{18A8E37B-A1FE-4B33-BBB7-FA1C5B05E90E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1A6E7729-55B8-4963-8A18-66DB066DF341}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{205AE3B6-6134-46B9-BC60-AFA9400FD690}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2348F81F-65F6-4C99-9DF3-A722B6DB5A20}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{262B0C46-2E5E-49C6-A0EE-1EE796647FF5}" = dir=in | app=e:\setup\hpznui40.exe |
"{2C07B55A-05E6-4187-BA9A-94E11E57BB0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CAF066D-9F0E-4E4E-A0E3-56E35C2559A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32E7B402-DC62-4F3D-A7A2-15D7A77AD2FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3357D265-D3F6-4914-AB8F-43F239550318}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{34262BEF-548C-4CD9-86BC-7FBD11492608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3562E624-9A38-4BFA-B6EB-8CB88D1793A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{363D446C-8BD9-40E8-A45A-56086B74D8EA}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{39A318C5-AD3C-4A4A-81D4-E786BCF24FFC}" = protocol=17 | dir=in | app=c:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe |
"{3C2E238F-D1B5-4758-BC91-28BAA54D9603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3D1657E2-E6F9-46AE-82D1-37A3ABB07860}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{3D2EA110-C4AB-448A-B562-25D6391CD106}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{41971908-CBBC-47A4-8840-464753DBDF5F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{48072C47-7726-4F45-B388-4B0E2ACA1D53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{49088353-0B62-4B66-B028-AF86CD0EC06F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{49C2527E-1ACD-49C9-ADFB-D58FF1661C30}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4F8B770B-AF53-4433-8877-A0BF334648F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{5002C5F1-5DC2-421A-BE42-7E97076C089C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{508813E2-CC89-43DC-8192-CCC3BED15CE8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{53D5F1F3-0660-438B-BC71-4BAA57DCFDCE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{55785AE7-CFFB-46FE-AC88-C32E6E7BF1F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5754B2C5-9A1C-49E4-BFE0-B23BD80776C7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{586370CF-B556-4A78-8744-4DE25976EC2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5C9C4C83-D739-4E40-A4D6-EFE3B7D5D7F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5D4BE90B-E7E7-4511-86B4-D72089166EC6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{61D455E1-507B-4A0E-A988-F153E01309C8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{680BC4DE-4E5A-459E-900E-C7892119BA2A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6B8EA3AD-804B-4443-80C9-654472D46C76}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{70337CFF-709E-4EF7-ACA5-F94C97704E08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{7CF601B8-D6A0-4D10-B402-6198621C4F38}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{7DC00CE4-CEBB-4D17-A5DB-D5DB494DE593}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7F9D6207-1173-40B6-BDD9-994EDC6F1417}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8E3BA7DF-8744-443A-A642-CA6BA5A13A26}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{900A489D-2504-4D65-8C20-9611E3E676D4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{9350E00A-F139-4FE1-86BC-32C66FABB3CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9765ECCD-FDFC-4563-8B58-B0553ACAEF1E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{9D1DB138-1C95-4630-AD74-C2B04C055949}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\imaubernoob\counter-strike source\hl2.exe |
"{A0CB0BB3-C242-4682-B035-F8A11672F622}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A7219FB1-3C7F-4100-BEA0-CD4EA3CC2E60}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA3D3DF3-0220-41D2-B2D6-89F3AD07B209}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AAEDCE34-8DF7-4829-85E3-423E07D34970}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ABF68855-B168-4C5B-9F49-D7D9F2950051}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{B5F20DEF-9BE5-43BE-9D39-C31F265AA880}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BD576CA1-72C4-4017-A283-1DD89692C3DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C0C3516F-7413-403D-8454-B00A96B51A94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C332F0A7-2842-4654-8D12-FB00FE1A6408}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C5DE6086-DE42-4679-8BED-7F16FF65334C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CC50744D-6F86-45F1-B9FC-D4206261BEF4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{CEB5ABFB-61CF-4D41-B05B-F178E0F87CC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D1B4D9C4-6EBF-4EC8-AD3C-EE9D3817816D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D4E99854-3113-4563-9649-1B08E5FF2728}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{D5D5D887-1D42-40E0-A09D-EB12670CEA56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\imaubernoob\counter-strike source\hl2.exe |
"{D9452D4E-C1E7-4787-B435-6BC06C8EC5CC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{E08D5EA3-399A-4941-90AA-A6EC51230598}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{E0B2686C-F92F-406C-9742-0FBA09959D78}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E5852AAD-EAF3-4309-A3F1-9DC6A800CEC1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{ED7C6AFA-6F75-43D2-AD6A-BE5E91C13BEE}" = protocol=6 | dir=in | app=c:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe |
"{F2C4ABF0-9F95-4634-85A3-64608B4EC9A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2CF9F1F-BE3C-43FE-B1AF-F3E57D7753CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"TCP Query User{087ADCEB-97A0-4E9A-9662-A8F8DD3C3EDF}C:\program files (x86)\starcraft ii beta\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"TCP Query User{1926CC2F-9CCC-4843-A639-857BD98656AF}C:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe |
"TCP Query User{27016B3D-3FE8-42E1-B3E4-376C918BA114}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{2DC1A46F-CF1F-42FF-937A-D2C580281EFD}C:\users\andy\downloads\starcraft_2_na_en-us(4).exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us(4).exe |
"TCP Query User{4A750FCD-27CC-4943-A6CF-727786436B36}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{4D924E19-90EE-43DA-B28C-EB3A177FAE01}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4EE598DC-E90B-4D32-973B-16DF55C18E33}C:\users\andy\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us.exe |
"TCP Query User{51CE105A-F1BF-4CAF-9B3C-47E302CB63BC}C:\users\andy\downloads\starcraft_2_na_en-us(2).exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us(2).exe |
"TCP Query User{565F1466-F4AD-4C0E-A515-0764AB143E39}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe |
"TCP Query User{572285E9-4190-4F22-ABEF-A3F16E8B9B98}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{57E5888F-0F59-4139-B63C-FF6D8DC69C55}C:\Program Files (x86)\starcraft ii\Versions\base19132\SC2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{5B1E0D27-DD49-4B21-A197-9463F691F5A6}C:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe |
"TCP Query User{5E595E8E-F23F-460F-A303-1A1088C1BC26}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{61DA7572-2CE4-4074-AC87-878D9F213799}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{79BCB114-44F9-4886-8542-79893BF07B60}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{81FE9834-F857-472C-90B9-DB1E61125B72}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{85E7D175-D3BE-4E58-AAD0-3488BA0560C9}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{97CE273E-7ABD-40E0-BEAB-6AFB997BE85E}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"TCP Query User{9FDB7CB7-D83F-4E27-BF9B-319F53EB9E05}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{A1325738-B124-4C5C-B322-E85BA3A4A79F}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe |
"TCP Query User{B67DAB27-9339-469A-964C-565FBE18FB38}C:\users\andy\downloads\starcraft_2_na_en-us(3).exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us(3).exe |
"TCP Query User{C2ED31B1-3C1C-4E18-834A-6BC5EBFB08B3}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{C687B642-BCAC-4048-8386-A6544043F495}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{CCE21E7C-6432-45BF-9A7A-BED890333969}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{D03987AD-2654-4AD5-B89E-FC17E09432F4}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{D0B3445B-1681-4FC0-9DEE-912078A44B56}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E09E1348-AD82-447D-9E6B-A2E94EAA1D81}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E723EB09-D9CB-4F42-A7AF-8CE2F58DE459}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{E842F96B-78BD-4687-8736-B922A971EB7E}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{EE05F5CA-B9FB-4ABC-AC28-5C36A409C632}C:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"TCP Query User{F0C54F2F-D1AE-4C14-BD2F-A8F280B0A9E9}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{06DEFF57-50D6-426D-A6F1-55B5FFC37FD9}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{11355756-9012-4F2D-9684-48CA4CE67744}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe |
"UDP Query User{1ACFE814-5BD0-4311-9702-2D536255E0A4}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{20E628E3-117F-4D1C-9469-5157CBF6FDAE}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{211B7451-FCCF-46FE-A25D-E9D492E22088}C:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe |
"UDP Query User{27726528-BA19-4A98-8042-0B6156473754}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{295F57BB-7E3D-4DFB-A7DB-7B9C995F3BC5}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe |
"UDP Query User{29C1E9A9-5B3D-4D4C-BDF7-075EBCD926FB}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{372EEEC1-B7D8-4050-9DAB-C61F1ACEF25B}C:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe |
"UDP Query User{47CE2C68-83DD-4487-8D28-6A057D505AB5}C:\program files (x86)\starcraft ii beta\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"UDP Query User{500894C4-127C-4C67-AA9F-2647275A4584}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{5363A3B5-E7FC-4DFD-AEED-0CC479B83DB9}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{5D49FF4E-7220-471C-8B39-AE19D21D5E87}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{6A879438-F166-441D-AC6E-F8F81B5B640A}C:\Program Files (x86)\starcraft ii\Versions\base19132\SC2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{7665C18E-D3BB-4FAF-9A43-65527DD5193E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{80072C62-6FF4-4A41-B04F-856A0FE0D115}C:\users\andy\downloads\starcraft_2_na_en-us(4).exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us(4).exe |
"UDP Query User{886CA267-8BFB-4309-B717-4388E2DBEEA5}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{91FC826F-0CF2-44E1-83FE-EE3896E17A59}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{A6456AC5-F90D-46F0-8F56-33468837C872}C:\users\andy\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us.exe |
"UDP Query User{A7927243-9307-4FAE-BABA-09A85FD5BB21}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"UDP Query User{ABA67532-6531-4DE3-BB5D-DDA1E8859685}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{B128A77C-E90D-48A9-A111-EE8F4C924428}C:\users\andy\downloads\starcraft_2_na_en-us(2).exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us(2).exe |
"UDP Query User{BC10DBA8-014E-406F-8C58-1703B25F9AAA}C:\users\andy\downloads\starcraft_2_na_en-us(3).exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\starcraft_2_na_en-us(3).exe |
"UDP Query User{C0C48983-E00C-4901-AF12-CC8882616605}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{C41A0FBE-0FD2-4FED-9173-3585BBF66853}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{C4520D9D-E4ED-4BF2-AB7C-90A64A4363A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{C45567A0-7728-428E-8AC0-DEB5639CF4D2}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{C8C43A99-62E0-4697-B91A-DD681A07F009}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{D16EE388-64F9-4BEE-BA97-E8CF614D6BB7}C:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"UDP Query User{D397B0C3-E57C-4661-9890-0D0EFCC20453}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{ED8937BC-1A27-4C7A-99EB-1F58CE8B3995}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"pywin32-py2.6" = Python 2.6 pywin32-212
"sp44626" = sp44626
"StarCraft II" = StarCraft II
"Steam App 240" = Counter-Strike: Source
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Juniper_Networks_Cache_Cleaner 6.0.0" = Juniper Networks Cache Cleaner 6.0.0
"Juniper_Term_Services" = Juniper Terminal Services Client
"JuniperSetupClient" = Juniper Networks Setup Client
"Models of the Hydrogen Atom" = Models of the Hydrogen Atom
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2011 11:27:37 PM | Computer Name = Computer | Source = MsiInstaller | ID = 10005
Description =

Error - 4/19/2011 11:28:17 PM | Computer Name = Computer | Source = MsiInstaller | ID = 10005
Description =

Error - 4/20/2011 3:48:15 PM | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2011 6:06:29 PM | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2011 10:31:45 PM | Computer Name = Computer | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.2.2.12 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1234 Start Time: 01cbffc840bab2c2 Termination Time: 12

Error - 4/21/2011 5:30:29 PM | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2011 1:42:18 PM | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2011 4:06:06 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4da54080,
faulting module shaderapidx9.dll, version 0.0.0.0, time stamp 0x4daf39a5, exception
code 0xc0000005, fault offset 0x00027511, process id 0x870, application start time
0x01cc0127d57b73ad.

Error - 4/22/2011 4:06:18 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4da54080,
faulting module QuickTime.qts, version 7.69.80.9, time stamp 0x4cf4536a, exception
code 0xc0000005, fault offset 0x0001ae24, process id 0x870, application start time
0x01cc0127d57b73ad.

Error - 4/23/2011 11:20:54 AM | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/12/2011 3:45:38 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7026
Description =

Error - 9/13/2011 5:48:22 PM | Computer Name = Computer | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\NEOFLTR_600_13705.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/13/2011 5:50:16 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7009
Description =

Error - 9/13/2011 5:50:16 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description =

Error - 9/13/2011 5:50:16 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7026
Description =

Error - 9/14/2011 6:25:54 PM | Computer Name = Computer | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\NEOFLTR_600_13705.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/14/2011 6:27:36 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7026
Description =

Error - 9/14/2011 8:54:51 PM | Computer Name = Computer | Source = DCOM | ID = 10010
Description =

Error - 9/14/2011 8:55:35 PM | Computer Name = Computer | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\NEOFLTR_600_13705.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/14/2011 8:57:28 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7026
Description =


< End of report >

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 15th September 2011, 2:39 am

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-14 21:57:09
-----------------------------
21:57:09.682 OS Version: Windows x64 6.0.6002 Service Pack 2
21:57:09.683 Number of processors: 2 586 0x170A
21:57:09.683 ComputerName: COMPUTER UserName: Andy
21:57:14.711 Initialize success
21:57:14.945 AVAST engine defs: 11091401
21:57:25.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:57:25.197 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
21:57:25.222 Disk 0 MBR read successfully
21:57:25.224 Disk 0 MBR scan
21:57:25.228 Disk 0 unknown MBR code
21:57:25.231 Service scanning
21:57:26.605 Modules scanning
21:57:26.608 Disk 0 trace - called modules:
21:57:26.631 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:57:26.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b806b0]
21:57:26.640 3 CLASSPNP.SYS[fffffa6000fcac33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007910050]
21:57:29.965 AVAST engine scan C:\Windows
21:57:46.242 AVAST engine scan C:\Windows\system32
22:00:14.321 AVAST engine scan C:\Windows\system32\drivers
22:00:58.329 AVAST engine scan C:\Users\Andy
22:25:50.120 AVAST engine scan C:\ProgramData
22:36:08.329 Scan finished successfully
22:38:34.641 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
22:38:34.647 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 15th September 2011, 2:39 am

Results of screen317's Security Check version 0.99.18
Windows Vista (UAC is enabled)
[You must be registered and logged in to see this link.]
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Adobe Flash Player 10.3.183.5
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Mozilla Firefox AvastSvc.exe -?-
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 16th September 2011, 1:17 am

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 16th September 2011, 1:57 am

I hope this is it
ComboFix 11-09-15.05 - Andy 09/15/2011 21:32:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8181.5312 [GMT -4:00]
Running from: C:\Users\Andy\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Install.exe
C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{38418E70-0ADD-4A3E-A2E8-EE425BA71205}.xps
C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93FF8DD6-6BA6-4D21-BFB0-14D632C2ED6F}.xps
C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF76429B-AA08-482C-9FA1-D29F9409E3EB}.xps
C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F272CFFA-ACAD-4C27-ADCC-BE0B8956F7E9}.xps
C:\Users\Andy\Documents\001.jpg


((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))


2011-09-16 01:43:54 . 2011-09-16 01:43:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-09-15 03:49:00 . 2011-09-15 03:49:00 -------- d-----w- C:\Users\Public\CyberLink
2011-09-09 22:36:51 . 2011-09-09 22:36:51 -------- d-----w- C:\Program Files\iPod
2011-09-09 22:36:50 . 2011-09-09 22:37:14 -------- d-----w- C:\Program Files\iTunes
2011-09-09 22:36:50 . 2011-09-09 22:37:14 -------- d-----w- C:\Program Files (x86)\iTunes
2011-09-04 22:24:58 . 2011-09-04 22:45:59 -------- d-----w- C:\Users\Andy\AppData\Roaming\SoftGrid Client
2011-09-04 22:24:58 . 2011-09-04 22:25:00 -------- d-----w- C:\Users\Andy\AppData\Local\SoftGrid Client
2011-09-04 22:21:44 . 2011-09-04 22:25:08 -------- d-----w- C:\Users\Andy\AppData\Roaming\TP
2011-08-28 16:33:52 . 2011-07-01 19:36:44 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-08-28 16:33:51 . 2011-07-01 19:36:54 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-08-28 16:33:51 . 2011-07-01 19:36:52 2029520 ----a-w- C:\Windows\PCTBDCore.dll
2011-08-28 16:33:51 . 2011-07-01 19:36:52 1533904 ----a-w- C:\Windows\PCTBDRes.dll
2011-08-28 16:29:37 . 2011-08-28 19:36:17 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-08-28 16:29:37 . 2011-08-28 19:36:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-08-28 16:28:27 . 2011-08-28 19:33:24 -------- d-----w- C:\ProgramData\PC Tools
2011-08-24 20:23:06 . 2011-07-11 13:45:57 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-08-24 20:23:06 . 2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-08-31 21:00:50 . 2010-06-12 17:47:32 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-08-15 22:18:38 . 2011-05-29 00:57:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 04:10:01 . 2011-09-13 22:09:18 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F401E9F-EA2A-457C-ADF5-807C89070DC0}\mpengine.dll
2011-07-23 11:31:32 . 2011-08-11 23:39:11 1147904 ----a-w- C:\Windows\system32\wininet.dll
2011-07-23 11:24:17 . 2011-08-11 23:39:05 56832 ----a-w- C:\Windows\system32\licmgr10.dll
2011-07-23 11:23:51 . 2011-08-11 23:39:05 1538560 ----a-w- C:\Windows\system32\inetcpl.cpl
2011-07-23 11:23:30 . 2011-08-11 23:39:05 132096 ----a-w- C:\Windows\system32\iesysprep.dll
2011-07-23 11:23:29 . 2011-08-11 23:39:05 77312 ----a-w- C:\Windows\system32\iesetup.dll
2011-07-23 11:04:29 . 2011-08-11 23:39:13 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-23 11:00:05 . 2011-08-11 23:39:04 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-07-23 10:59:52 . 2011-08-11 23:39:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-07-23 10:59:34 . 2011-08-11 23:39:04 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-07-23 10:59:34 . 2011-08-11 23:39:04 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-07-23 10:31:39 . 2011-08-11 23:39:05 479232 ----a-w- C:\Windows\system32\html.iec
2011-07-23 10:03:47 . 2011-08-11 23:39:05 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-07-23 09:50:14 . 2011-08-11 23:39:05 162816 ----a-w- C:\Windows\system32\ieUnatt.exe
2011-07-23 09:48:56 . 2011-08-11 23:39:04 1638912 ----a-w- C:\Windows\system32\mshtml.tlb
2011-07-23 09:27:04 . 2011-08-11 23:39:04 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-07-23 09:25:38 . 2011-08-11 23:39:04 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-12 15:34:00 . 2011-07-12 15:34:00 96104 ----a-w- C:\Windows\system32\dns-sd.exe
2011-07-12 15:34:00 . 2011-07-12 15:34:00 85864 ----a-w- C:\Windows\system32\dnssd.dll
2011-07-12 15:20:54 . 2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 . 2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-06 15:49:23 . 2011-08-11 23:39:23 275456 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 . 2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 . 2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-07-04 11:43:53 . 2010-08-28 17:08:09 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:43:51 . 2010-02-14 03:56:47 199304 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2011-07-04 11:43:42 . 2011-05-03 03:19:48 253888 ----a-w- C:\Windows\system32\aswBoot.exe
2011-07-04 11:36:56 . 2011-05-03 03:19:48 600920 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2011-07-04 11:36:54 . 2010-02-14 03:57:41 288088 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2011-07-04 11:35:28 . 2010-02-14 03:57:40 45400 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2011-07-04 11:32:35 . 2010-02-14 03:57:40 31064 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2011-07-04 11:32:24 . 2010-02-14 03:57:40 64856 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32:14 . 2010-02-14 03:57:41 22360 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-06-20 08:45:17 . 2011-08-11 23:39:18 4699536 ----a-w- C:\Windows\system32\ntoskrnl.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" [2011-08-02 00:09:54 1242448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:51:33 138240]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2011-06-15 19:02:58 15141768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 17:47:28 62768]
"HP Health Check Scheduler"="c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 15:14:48 75016]
"UpdateP2GoShortCut"="c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 05:15:16 218408]
"UpdateLBPShortCut"="c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 05:15:16 218408]
"UpdatePDIRShortCut"="c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 05:15:16 218408]
"UpdatePSTShortCut"="c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 21:05:26 210216]
"TSMAgent"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 06:26:02 1328424]
"CLMLServer for HP TouchSmart"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 06:22:06 185640]
"Microsoft Default Manager"="c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 23:03:24 224616]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 17:08:54 49208]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 08:44:43 35760]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 04:07:44 932288]
"DVDAgent"="c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 19:26:36 1148200]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 16:59:52 254696]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-07-05 22:36:48 421888]
"PCTools FGuard"="C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 19:36:48 247760]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 05:07:38 421736]

C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
WinZip Quick Pick.lnk - C:\Program Files (x86)\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys [x]
R3 PCDSRVC{4942F9C0-0B403F17-06000000}_0;PCDSRVC{4942F9C0-0B403F17-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\pcdr5\pcdsrvc_x64.pkms [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 18:27:14 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 22:10:10 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 19:36:44 337872]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\MRVW24C.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2011-09-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2129204010-3227512483-1809511921-1000Core.job
- C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 17:50:32 . 2010-09-11 17:50:25]

2011-09-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2129204010-3227512483-1809511921-1000UA.job
- C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 17:50:32 . 2010-09-11 17:50:25]

2010-01-01 C:\Windows\Tasks\HPCeeScheduleForAdministrator.job
- C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-07-30 16:20:24 . 2009-02-25 01:17:30]

2011-09-14 C:\Windows\Tasks\HPCeeScheduleForAndy.job
- C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-07-30 16:20:24 . 2009-02-25 01:17:30]

2011-09-16 C:\Windows\Tasks\User_Feed_Synchronization-{92EEF5CC-F8BC-4DB4-A72F-24424F372744}.job
- C:\Windows\system32\msfeedssync.exe [2011-08-11 23:39:04 . 2011-07-23 09:26:12]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43:42 134384 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 20:11:34 172032]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-03-05 12:24:28 154648]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-03-05 12:24:16 227352]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-03-05 12:24:24 202264]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 21:00:20 186904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.109.67.166 213.109.73.41 1.1.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\3a7uzqaj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows Defender - C:\Program Files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
AddRemove-Models of the Hydrogen Atom - C:\Windows\system32\javaws.exe



andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 18th September 2011, 5:12 pm

bump? sorry I know you guys are super busy! KEEP UP THE GOOD WORK! help whenever you can Big Grin thanks sooo much

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 21st September 2011, 12:28 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 21st September 2011, 11:01 pm

I couldn't find the log, but It found two infected files variants of Win32/Kryptik.SH trojan

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 22nd September 2011, 1:12 am

This is what I found when I ran it again
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5bbe980f-7aac249f multiple threats deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19e0df93-4c3db6ee a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1ea7eb82-75dba6e0 a variant of Java/Exploit.Agent.W trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\d50c015-75504f08 Java/Agent.BV trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2f31845f-45cbe0e9 Java/Agent.BV trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\68b74c9f-331534dc probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b4d836b-7c32d0ba Java/Agent.BV trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3c55f02f-39855303 Java/TrojanDownloader.Agent.NCJ trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\53dc8a73-7a082b74 probably a variant of Win32/TrojanDownloader.Agent.IGYRDAO trojan deleted - quarantined
C:\Users\Andy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\3eb966fe-1103c803 probably a variant of Win32/Agent.FQWXKXL trojan deleted - quarantined
C:\Users\Andy\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application deleted - quarantined

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 24th September 2011, 6:15 pm

Hello.
You did, just need to update some old programs now.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.4.2
    Java(TM) 6 Update 26

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 25th September 2011, 7:07 pm

D: I did that and it still is redirecting me around

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 26th September 2011, 5:51 pm

Hmmm.

Download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 28th September 2011, 11:35 pm

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-28 20:33:04
Windows 6.0.6002 Service Pack 2
Running: op8xm1ts.exe


---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 5120 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{dbd53e7c-dfdb-11e0-b707-0026183301bb}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{dbd53e7c-dfdb-11e0-b707-0026183301bb}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{dbd53e7c-dfdb-11e0-b707-0026183301bb}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-BC8A94AF.pf 18814 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 476 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0012.000 240 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0012.001 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0012.002 65536 bytes

---- EOF - GMER 1.0.15 ----


Last edited by andywu94 on 29th September 2011, 12:33 am; edited 1 time in total (Reason for editing : more updated)

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 29th September 2011, 4:30 pm

Hmmm...

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 30th September 2011, 5:31 am

01:29:46.0251 1636 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
01:29:46.0539 1636 ============================================================
01:29:46.0539 1636 Current date / time: 2011/09/30 01:29:46.0539
01:29:46.0539 1636 SystemInfo:
01:29:46.0539 1636
01:29:46.0539 1636 OS Version: 6.0.6002 ServicePack: 2.0
01:29:46.0539 1636 Product type: Workstation
01:29:46.0539 1636 ComputerName: COMPUTER
01:29:46.0539 1636 UserName: Andy
01:29:46.0539 1636 Windows directory: C:\Windows
01:29:46.0539 1636 System windows directory: C:\Windows
01:29:46.0539 1636 Running under WOW64
01:29:46.0539 1636 Processor architecture: Intel x64
01:29:46.0539 1636 Number of processors: 2
01:29:46.0539 1636 Page size: 0x1000
01:29:46.0539 1636 Boot type: Normal boot
01:29:46.0539 1636 ============================================================
01:29:47.0110 1636 Initialize success
01:29:49.0619 5544 ============================================================
01:29:49.0619 5544 Scan started
01:29:49.0619 5544 Mode: Manual;
01:29:49.0619 5544 ============================================================
01:29:50.0316 5544 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
01:29:50.0320 5544 ACPI - ok
01:29:50.0372 5544 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
01:29:50.0377 5544 adp94xx - ok
01:29:50.0403 5544 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
01:29:50.0407 5544 adpahci - ok
01:29:50.0425 5544 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
01:29:50.0427 5544 adpu160m - ok
01:29:50.0451 5544 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
01:29:50.0453 5544 adpu320 - ok
01:29:50.0540 5544 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
01:29:50.0545 5544 AFD - ok
01:29:50.0580 5544 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
01:29:50.0582 5544 agp440 - ok
01:29:50.0608 5544 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
01:29:50.0609 5544 aic78xx - ok
01:29:50.0635 5544 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
01:29:50.0636 5544 aliide - ok
01:29:50.0653 5544 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
01:29:50.0654 5544 amdide - ok
01:29:50.0684 5544 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
01:29:50.0686 5544 AmdK8 - ok
01:29:50.0740 5544 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
01:29:50.0742 5544 arc - ok
01:29:50.0763 5544 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
01:29:50.0765 5544 arcsas - ok
01:29:50.0802 5544 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
01:29:50.0803 5544 aswFsBlk - ok
01:29:50.0822 5544 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
01:29:50.0823 5544 aswMonFlt - ok
01:29:50.0847 5544 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
01:29:50.0848 5544 aswRdr - ok
01:29:50.0921 5544 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
01:29:50.0924 5544 aswSnx - ok
01:29:50.0943 5544 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
01:29:50.0945 5544 aswSP - ok
01:29:50.0958 5544 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
01:29:50.0959 5544 aswTdi - ok
01:29:51.0011 5544 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
01:29:51.0012 5544 AsyncMac - ok
01:29:51.0060 5544 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
01:29:51.0061 5544 atapi - ok
01:29:51.0127 5544 Beep - ok
01:29:51.0182 5544 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
01:29:51.0184 5544 blbdrive - ok
01:29:51.0273 5544 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
01:29:51.0274 5544 bowser - ok
01:29:51.0297 5544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
01:29:51.0298 5544 BrFiltLo - ok
01:29:51.0327 5544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
01:29:51.0328 5544 BrFiltUp - ok
01:29:51.0360 5544 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
01:29:51.0364 5544 Brserid - ok
01:29:51.0397 5544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
01:29:51.0398 5544 BrSerWdm - ok
01:29:51.0426 5544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
01:29:51.0427 5544 BrUsbMdm - ok
01:29:51.0438 5544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
01:29:51.0439 5544 BrUsbSer - ok
01:29:51.0469 5544 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
01:29:51.0470 5544 BTHMODEM - ok
01:29:51.0498 5544 catchme - ok
01:29:51.0512 5544 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
01:29:51.0514 5544 cdfs - ok
01:29:51.0533 5544 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
01:29:51.0534 5544 cdrom - ok
01:29:51.0589 5544 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
01:29:51.0591 5544 circlass - ok
01:29:51.0637 5544 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
01:29:51.0642 5544 CLFS - ok
01:29:51.0681 5544 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
01:29:51.0683 5544 cmdide - ok
01:29:51.0716 5544 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
01:29:51.0717 5544 Compbatt - ok
01:29:51.0759 5544 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
01:29:51.0760 5544 crcdisk - ok
01:29:51.0839 5544 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
01:29:51.0840 5544 DfsC - ok
01:29:51.0909 5544 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
01:29:51.0911 5544 disk - ok
01:29:51.0970 5544 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
01:29:51.0972 5544 drmkaud - ok
01:29:52.0048 5544 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
01:29:52.0054 5544 DXGKrnl - ok
01:29:52.0078 5544 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
01:29:52.0084 5544 E1G60 - ok
01:29:52.0122 5544 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
01:29:52.0125 5544 Ecache - ok
01:29:52.0156 5544 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
01:29:52.0161 5544 elxstor - ok
01:29:52.0200 5544 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
01:29:52.0200 5544 ErrDev - ok
01:29:52.0262 5544 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
01:29:52.0265 5544 exfat - ok
01:29:52.0316 5544 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
01:29:52.0320 5544 fastfat - ok
01:29:52.0341 5544 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
01:29:52.0342 5544 fdc - ok
01:29:52.0370 5544 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
01:29:52.0371 5544 FileInfo - ok
01:29:52.0399 5544 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
01:29:52.0401 5544 Filetrace - ok
01:29:52.0435 5544 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:29:52.0436 5544 flpydisk - ok
01:29:52.0486 5544 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
01:29:52.0489 5544 FltMgr - ok
01:29:52.0585 5544 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
01:29:52.0587 5544 fssfltr - ok
01:29:52.0623 5544 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
01:29:52.0624 5544 Fs_Rec - ok
01:29:52.0660 5544 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
01:29:52.0662 5544 gagp30kx - ok
01:29:52.0730 5544 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:29:52.0731 5544 GEARAspiWDM - ok
01:29:52.0906 5544 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:29:52.0916 5544 HDAudBus - ok
01:29:52.0944 5544 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
01:29:52.0946 5544 HidBth - ok
01:29:52.0981 5544 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
01:29:52.0983 5544 HidIr - ok
01:29:53.0035 5544 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
01:29:53.0036 5544 HidUsb - ok
01:29:53.0084 5544 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
01:29:53.0086 5544 HpCISSs - ok
01:29:53.0170 5544 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
01:29:53.0178 5544 HTTP - ok
01:29:53.0211 5544 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
01:29:53.0212 5544 i2omp - ok
01:29:53.0245 5544 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
01:29:53.0246 5544 i8042prt - ok
01:29:53.0290 5544 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
01:29:53.0293 5544 iaStor - ok
01:29:53.0348 5544 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
01:29:53.0352 5544 iaStorV - ok
01:29:54.0299 5544 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:29:54.0467 5544 igfx - ok
01:29:54.0725 5544 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
01:29:54.0726 5544 iirsp - ok
01:29:54.0834 5544 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
01:29:54.0847 5544 IntcAzAudAddService - ok
01:29:54.0900 5544 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
01:29:54.0902 5544 intelide - ok
01:29:54.0936 5544 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
01:29:54.0937 5544 intelppm - ok
01:29:55.0003 5544 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:29:55.0006 5544 IpFilterDriver - ok
01:29:55.0021 5544 IpInIp - ok
01:29:55.0052 5544 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
01:29:55.0054 5544 IPMIDRV - ok
01:29:55.0085 5544 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
01:29:55.0087 5544 IPNAT - ok
01:29:55.0136 5544 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
01:29:55.0138 5544 IRENUM - ok
01:29:55.0187 5544 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
01:29:55.0189 5544 isapnp - ok
01:29:55.0229 5544 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
01:29:55.0231 5544 iScsiPrt - ok
01:29:55.0260 5544 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
01:29:55.0264 5544 iteatapi - ok
01:29:55.0302 5544 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
01:29:55.0303 5544 iteraid - ok
01:29:55.0326 5544 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
01:29:55.0327 5544 kbdclass - ok
01:29:55.0360 5544 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:29:55.0362 5544 kbdhid - ok
01:29:55.0429 5544 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
01:29:55.0437 5544 KSecDD - ok
01:29:55.0457 5544 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
01:29:55.0459 5544 ksthunk - ok
01:29:55.0489 5544 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
01:29:55.0491 5544 lltdio - ok
01:29:55.0536 5544 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
01:29:55.0538 5544 LSI_FC - ok
01:29:55.0558 5544 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
01:29:55.0560 5544 LSI_SAS - ok
01:29:55.0592 5544 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
01:29:55.0594 5544 LSI_SCSI - ok
01:29:55.0607 5544 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
01:29:55.0610 5544 luafv - ok
01:29:55.0631 5544 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
01:29:55.0633 5544 megasas - ok
01:29:55.0664 5544 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
01:29:55.0670 5544 MegaSR - ok
01:29:55.0703 5544 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
01:29:55.0704 5544 Modem - ok
01:29:55.0739 5544 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
01:29:55.0740 5544 monitor - ok
01:29:55.0760 5544 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
01:29:55.0761 5544 mouclass - ok
01:29:55.0782 5544 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
01:29:55.0783 5544 mouhid - ok
01:29:55.0805 5544 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
01:29:55.0807 5544 MountMgr - ok
01:29:55.0830 5544 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
01:29:55.0832 5544 mpio - ok
01:29:55.0865 5544 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
01:29:55.0866 5544 mpsdrv - ok
01:29:55.0896 5544 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
01:29:55.0898 5544 Mraid35x - ok
01:29:56.0015 5544 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\MRVW24C.sys
01:29:56.0019 5544 MRV6X64U - ok
01:29:56.0058 5544 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
01:29:56.0060 5544 MRxDAV - ok
01:29:56.0140 5544 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:29:56.0142 5544 mrxsmb - ok
01:29:56.0279 5544 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:29:56.0283 5544 mrxsmb10 - ok
01:29:56.0309 5544 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:29:56.0311 5544 mrxsmb20 - ok
01:29:56.0338 5544 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
01:29:56.0340 5544 msahci - ok
01:29:56.0367 5544 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
01:29:56.0370 5544 msdsm - ok
01:29:56.0403 5544 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
01:29:56.0408 5544 Msfs - ok
01:29:56.0419 5544 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
01:29:56.0420 5544 msisadrv - ok
01:29:56.0481 5544 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
01:29:56.0482 5544 MSKSSRV - ok
01:29:56.0529 5544 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
01:29:56.0531 5544 MSPCLOCK - ok
01:29:56.0546 5544 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
01:29:56.0547 5544 MSPQM - ok
01:29:56.0589 5544 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
01:29:56.0593 5544 MsRPC - ok
01:29:56.0619 5544 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
01:29:56.0620 5544 mssmbios - ok
01:29:56.0633 5544 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
01:29:56.0635 5544 MSTEE - ok
01:29:56.0650 5544 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
01:29:56.0652 5544 Mup - ok
01:29:56.0756 5544 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
01:29:56.0759 5544 NativeWifiP - ok
01:29:56.0855 5544 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
01:29:56.0865 5544 NDIS - ok
01:29:56.0903 5544 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
01:29:56.0908 5544 NdisTapi - ok
01:29:56.0927 5544 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
01:29:56.0928 5544 Ndisuio - ok
01:29:56.0956 5544 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
01:29:56.0961 5544 NdisWan - ok
01:29:56.0981 5544 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
01:29:56.0983 5544 NDProxy - ok
01:29:57.0004 5544 NEOFLTR_600_13705 - ok
01:29:57.0031 5544 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
01:29:57.0032 5544 NetBIOS - ok
01:29:57.0092 5544 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
01:29:57.0096 5544 netbt - ok
01:29:57.0195 5544 netr28ux (7d536aacb9329fe4b21c1870e3410ba6) C:\Windows\system32\DRIVERS\netr28ux.sys
01:29:57.0204 5544 netr28ux - ok
01:29:57.0235 5544 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
01:29:57.0237 5544 nfrd960 - ok
01:29:57.0280 5544 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
01:29:57.0281 5544 Npfs - ok
01:29:57.0350 5544 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
01:29:57.0351 5544 nsiproxy - ok
01:29:57.0493 5544 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
01:29:57.0512 5544 Ntfs - ok
01:29:57.0521 5544 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
01:29:57.0526 5544 Null - ok
01:29:57.0563 5544 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
01:29:57.0565 5544 nvraid - ok
01:29:57.0585 5544 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
01:29:57.0586 5544 nvstor - ok
01:29:57.0618 5544 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
01:29:57.0621 5544 nv_agp - ok
01:29:57.0628 5544 NwlnkFlt - ok
01:29:57.0638 5544 NwlnkFwd - ok
01:29:57.0698 5544 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
01:29:57.0699 5544 ohci1394 - ok
01:29:57.0745 5544 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
01:29:57.0748 5544 Parport - ok
01:29:57.0779 5544 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
01:29:57.0780 5544 partmgr - ok
01:29:57.0798 5544 PCDSRVC{4942F9C0-0B403F17-06000000}_0 - ok
01:29:57.0817 5544 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
01:29:57.0819 5544 pci - ok
01:29:57.0841 5544 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
01:29:57.0842 5544 pciide - ok
01:29:57.0867 5544 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
01:29:57.0870 5544 pcmcia - ok
01:29:57.0911 5544 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
01:29:57.0920 5544 PEAUTH - ok
01:29:58.0015 5544 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
01:29:58.0018 5544 PptpMiniport - ok
01:29:58.0062 5544 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
01:29:58.0064 5544 Processor - ok
01:29:58.0111 5544 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
01:29:58.0112 5544 PSched - ok
01:29:58.0168 5544 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
01:29:58.0188 5544 ql2300 - ok
01:29:58.0224 5544 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
01:29:58.0227 5544 ql40xx - ok
01:29:58.0263 5544 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
01:29:58.0264 5544 QWAVEdrv - ok
01:29:58.0280 5544 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
01:29:58.0281 5544 RasAcd - ok
01:29:58.0296 5544 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:29:58.0298 5544 Rasl2tp - ok
01:29:58.0336 5544 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
01:29:58.0337 5544 RasPppoe - ok
01:29:58.0356 5544 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
01:29:58.0359 5544 RasSstp - ok
01:29:58.0401 5544 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
01:29:58.0405 5544 rdbss - ok
01:29:58.0416 5544 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:29:58.0418 5544 RDPCDD - ok
01:29:58.0546 5544 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
01:29:58.0550 5544 rdpdr - ok
01:29:58.0558 5544 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
01:29:58.0562 5544 RDPENCDD - ok
01:29:58.0596 5544 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
01:29:58.0599 5544 RDPWD - ok
01:29:58.0670 5544 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
01:29:58.0672 5544 rspndr - ok
01:29:58.0704 5544 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
01:29:58.0707 5544 RTL8169 - ok
01:29:58.0742 5544 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
01:29:58.0744 5544 sbp2port - ok
01:29:58.0780 5544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:29:58.0781 5544 secdrv - ok
01:29:58.0816 5544 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
01:29:58.0817 5544 Serenum - ok
01:29:58.0841 5544 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
01:29:58.0843 5544 Serial - ok
01:29:58.0874 5544 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
01:29:58.0875 5544 sermouse - ok
01:29:58.0912 5544 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
01:29:58.0914 5544 sffdisk - ok
01:29:58.0938 5544 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
01:29:58.0939 5544 sffp_mmc - ok
01:29:58.0965 5544 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
01:29:58.0966 5544 sffp_sd - ok
01:29:58.0986 5544 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
01:29:58.0987 5544 sfloppy - ok
01:29:59.0013 5544 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
01:29:59.0016 5544 SiSRaid2 - ok
01:29:59.0054 5544 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
01:29:59.0056 5544 SiSRaid4 - ok
01:29:59.0105 5544 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
01:29:59.0107 5544 Smb - ok
01:29:59.0152 5544 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
01:29:59.0153 5544 spldr - ok
01:29:59.0295 5544 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
01:29:59.0302 5544 srv - ok
01:29:59.0339 5544 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
01:29:59.0342 5544 srv2 - ok
01:29:59.0392 5544 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
01:29:59.0395 5544 srvnet - ok
01:29:59.0449 5544 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
01:29:59.0450 5544 StillCam - ok
01:29:59.0493 5544 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
01:29:59.0494 5544 swenum - ok
01:29:59.0532 5544 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
01:29:59.0534 5544 Symc8xx - ok
01:29:59.0574 5544 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
01:29:59.0577 5544 Sym_hi - ok
01:29:59.0614 5544 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
01:29:59.0616 5544 Sym_u3 - ok
01:29:59.0681 5544 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
01:29:59.0702 5544 Tcpip - ok
01:29:59.0759 5544 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
01:29:59.0769 5544 Tcpip6 - ok
01:29:59.0849 5544 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
01:29:59.0851 5544 tcpipreg - ok
01:29:59.0876 5544 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
01:29:59.0878 5544 TDPIPE - ok
01:29:59.0896 5544 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
01:29:59.0898 5544 TDTCP - ok
01:29:59.0943 5544 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
01:29:59.0945 5544 tdx - ok
01:29:59.0988 5544 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
01:29:59.0989 5544 TermDD - ok
01:30:00.0081 5544 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:30:00.0084 5544 tssecsrv - ok
01:30:00.0124 5544 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
01:30:00.0126 5544 tunmp - ok
01:30:00.0170 5544 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
01:30:00.0171 5544 tunnel - ok
01:30:00.0205 5544 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
01:30:00.0207 5544 uagp35 - ok
01:30:00.0269 5544 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
01:30:00.0274 5544 udfs - ok
01:30:00.0349 5544 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
01:30:00.0351 5544 uliagpkx - ok
01:30:00.0401 5544 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
01:30:00.0405 5544 uliahci - ok
01:30:00.0436 5544 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
01:30:00.0439 5544 UlSata - ok
01:30:00.0462 5544 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
01:30:00.0466 5544 ulsata2 - ok
01:30:00.0492 5544 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
01:30:00.0494 5544 umbus - ok
01:30:00.0546 5544 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:30:00.0549 5544 USBAAPL64 - ok
01:30:00.0597 5544 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
01:30:00.0599 5544 usbaudio - ok
01:30:00.0655 5544 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
01:30:00.0657 5544 usbccgp - ok
01:30:00.0688 5544 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
01:30:00.0690 5544 usbcir - ok
01:30:00.0738 5544 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
01:30:00.0740 5544 usbehci - ok
01:30:00.0758 5544 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
01:30:00.0763 5544 usbhub - ok
01:30:00.0802 5544 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
01:30:00.0805 5544 usbohci - ok
01:30:00.0845 5544 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
01:30:00.0847 5544 usbprint - ok
01:30:00.0882 5544 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:30:00.0884 5544 USBSTOR - ok
01:30:00.0909 5544 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
01:30:00.0910 5544 usbuhci - ok
01:30:00.0934 5544 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
01:30:00.0937 5544 usbvideo - ok
01:30:00.0990 5544 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
01:30:00.0992 5544 vga - ok
01:30:01.0025 5544 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
01:30:01.0026 5544 VgaSave - ok
01:30:01.0047 5544 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
01:30:01.0049 5544 viaide - ok
01:30:01.0081 5544 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
01:30:01.0083 5544 volmgr - ok
01:30:01.0200 5544 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
01:30:01.0206 5544 volmgrx - ok
01:30:01.0248 5544 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
01:30:01.0252 5544 volsnap - ok
01:30:01.0278 5544 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
01:30:01.0281 5544 vsmraid - ok
01:30:01.0329 5544 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
01:30:01.0331 5544 WacomPen - ok
01:30:01.0372 5544 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:30:01.0374 5544 Wanarp - ok
01:30:01.0379 5544 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:30:01.0384 5544 Wanarpv6 - ok
01:30:01.0428 5544 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
01:30:01.0430 5544 Wd - ok
01:30:01.0478 5544 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
01:30:01.0491 5544 Wdf01000 - ok
01:30:01.0609 5544 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
01:30:01.0611 5544 WmiAcpi - ok
01:30:01.0676 5544 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
01:30:01.0679 5544 WpdUsb - ok
01:30:01.0707 5544 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
01:30:01.0709 5544 ws2ifsl - ok
01:30:01.0774 5544 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:30:01.0777 5544 WUDFRd - ok
01:30:01.0860 5544 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
01:30:02.0639 5544 \Device\Harddisk0\DR0 - ok
01:30:02.0681 5544 Boot (0x1200) (a36ba450aaae8444181fbe19a0e31552) \Device\Harddisk0\DR0\Partition0
01:30:02.0682 5544 \Device\Harddisk0\DR0\Partition0 - ok
01:30:02.0720 5544 Boot (0x1200) (19a715f216e04b107f79a1d1aa473249) \Device\Harddisk0\DR0\Partition1
01:30:02.0721 5544 \Device\Harddisk0\DR0\Partition1 - ok
01:30:02.0744 5544 ============================================================
01:30:02.0744 5544 Scan finished
01:30:02.0744 5544 ============================================================
01:30:02.0781 6944 Detected object count: 0
01:30:02.0781 6944 Actual detected object count: 0
01:30:07.0390 6792

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 30th September 2011, 5:31 am

============================================================
01:30:07.0390 6792 Scan started
01:30:07.0390 6792 Mode: Manual;
01:30:07.0390 6792 ============================================================
01:30:08.0094 6792 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
01:30:08.0097 6792 ACPI - ok
01:30:08.0318 6792 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
01:30:08.0322 6792 adp94xx - ok
01:30:08.0382 6792 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
01:30:08.0385 6792 adpahci - ok
01:30:08.0437 6792 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
01:30:08.0439 6792 adpu160m - ok
01:30:08.0529 6792 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
01:30:08.0531 6792 adpu320 - ok
01:30:08.0686 6792 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
01:30:08.0690 6792 AFD - ok
01:30:08.0725 6792 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
01:30:08.0726 6792 agp440 - ok
01:30:08.0786 6792 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
01:30:08.0788 6792 aic78xx - ok
01:30:08.0824 6792 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
01:30:08.0825 6792 aliide - ok
01:30:08.0854 6792 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
01:30:08.0855 6792 amdide - ok
01:30:08.0885 6792 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
01:30:08.0886 6792 AmdK8 - ok
01:30:08.0930 6792 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
01:30:08.0931 6792 arc - ok
01:30:08.0962 6792 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
01:30:08.0964 6792 arcsas - ok
01:30:09.0025 6792 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
01:30:09.0026 6792 aswFsBlk - ok
01:30:09.0082 6792 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
01:30:09.0083 6792 aswMonFlt - ok
01:30:09.0148 6792 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
01:30:09.0149 6792 aswRdr - ok
01:30:09.0356 6792 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
01:30:09.0361 6792 aswSnx - ok
01:30:09.0444 6792 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
01:30:09.0447 6792 aswSP - ok
01:30:09.0481 6792 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
01:30:09.0482 6792 aswTdi - ok
01:30:09.0523 6792 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
01:30:09.0524 6792 AsyncMac - ok
01:30:09.0571 6792 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
01:30:09.0572 6792 atapi - ok
01:30:09.0599 6792 Beep - ok
01:30:09.0650 6792 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
01:30:09.0651 6792 blbdrive - ok
01:30:09.0740 6792 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
01:30:09.0741 6792 bowser - ok
01:30:09.0774 6792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
01:30:09.0775 6792 BrFiltLo - ok
01:30:09.0794 6792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
01:30:09.0795 6792 BrFiltUp - ok
01:30:09.0827 6792 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
01:30:09.0828 6792 Brserid - ok
01:30:09.0864 6792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
01:30:09.0865 6792 BrSerWdm - ok
01:30:09.0877 6792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
01:30:09.0878 6792 BrUsbMdm - ok
01:30:09.0907 6792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
01:30:09.0908 6792 BrUsbSer - ok
01:30:09.0947 6792 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
01:30:09.0948 6792 BTHMODEM - ok
01:30:09.0955 6792 catchme - ok
01:30:09.0991 6792 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
01:30:09.0992 6792 cdfs - ok
01:30:10.0044 6792 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
01:30:10.0045 6792 cdrom - ok
01:30:10.0101 6792 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
01:30:10.0102 6792 circlass - ok
01:30:10.0226 6792 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
01:30:10.0230 6792 CLFS - ok
01:30:10.0291 6792 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
01:30:10.0292 6792 cmdide - ok
01:30:10.0339 6792 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
01:30:10.0339 6792 Compbatt - ok
01:30:10.0370 6792 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
01:30:10.0371 6792 crcdisk - ok
01:30:10.0472 6792 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
01:30:10.0474 6792 DfsC - ok
01:30:10.0521 6792 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
01:30:10.0521 6792 disk - ok
01:30:10.0560 6792 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
01:30:10.0560 6792 drmkaud - ok
01:30:10.0782 6792 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
01:30:10.0788 6792 DXGKrnl - ok
01:30:10.0845 6792 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
01:30:10.0847 6792 E1G60 - ok
01:30:10.0872 6792 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
01:30:10.0875 6792 Ecache - ok
01:30:11.0034 6792 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
01:30:11.0038 6792 elxstor - ok
01:30:11.0089 6792 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
01:30:11.0090 6792 ErrDev - ok
01:30:11.0196 6792 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
01:30:11.0198 6792 exfat - ok
01:30:11.0283 6792 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
01:30:11.0285 6792 fastfat - ok
01:30:11.0341 6792 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
01:30:11.0342 6792 fdc - ok
01:30:11.0383 6792 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
01:30:11.0384 6792 FileInfo - ok
01:30:11.0410 6792 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
01:30:11.0411 6792 Filetrace - ok
01:30:11.0446 6792 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:30:11.0447 6792 flpydisk - ok
01:30:11.0576 6792 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
01:30:11.0578 6792 FltMgr - ok
01:30:11.0697 6792 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
01:30:11.0698 6792 fssfltr - ok
01:30:11.0757 6792 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
01:30:11.0758 6792 Fs_Rec - ok
01:30:11.0816 6792 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
01:30:11.0817 6792 gagp30kx - ok
01:30:11.0886 6792 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:30:11.0887 6792 GEARAspiWDM - ok
01:30:12.0152 6792 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:30:12.0159 6792 HDAudBus - ok
01:30:12.0222 6792 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
01:30:12.0223 6792 HidBth - ok
01:30:12.0293 6792 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
01:30:12.0294 6792 HidIr - ok
01:30:12.0338 6792 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
01:30:12.0339 6792 HidUsb - ok
01:30:12.0407 6792 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
01:30:12.0408 6792 HpCISSs - ok
01:30:12.0615 6792 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
01:30:12.0621 6792 HTTP - ok
01:30:12.0678 6792 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
01:30:12.0679 6792 i2omp - ok
01:30:12.0734 6792 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
01:30:12.0736 6792 i8042prt - ok
01:30:12.0846 6792 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
01:30:12.0849 6792 iaStor - ok
01:30:12.0971 6792 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
01:30:12.0973 6792 iaStorV - ok
01:30:14.0535 6792 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:30:14.0606 6792 igfx - ok
01:30:14.0881 6792 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
01:30:14.0882 6792 iirsp - ok
01:30:15.0334 6792 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
01:30:15.0347 6792 IntcAzAudAddService - ok
01:30:15.0423 6792 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
01:30:15.0424 6792 intelide - ok
01:30:15.0458 6792 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
01:30:15.0459 6792 intelppm - ok
01:30:15.0537 6792 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:30:15.0538 6792 IpFilterDriver - ok
01:30:15.0552 6792 IpInIp - ok
01:30:15.0607 6792 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
01:30:15.0609 6792 IPMIDRV - ok
01:30:15.0652 6792 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
01:30:15.0653 6792 IPNAT - ok
01:30:15.0692 6792 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
01:30:15.0693 6792 IRENUM - ok
01:30:15.0721 6792 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
01:30:15.0722 6792 isapnp - ok
01:30:15.0818 6792 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
01:30:15.0820 6792 iScsiPrt - ok
01:30:15.0850 6792 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
01:30:15.0850 6792 iteatapi - ok
01:30:15.0869 6792 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
01:30:15.0870 6792 iteraid - ok
01:30:15.0904 6792 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
01:30:15.0905 6792 kbdclass - ok
01:30:15.0939 6792 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:30:15.0940 6792 kbdhid - ok
01:30:16.0075 6792 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
01:30:16.0079 6792 KSecDD - ok
01:30:16.0113 6792 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
01:30:16.0114 6792 ksthunk - ok
01:30:16.0156 6792 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
01:30:16.0157 6792 lltdio - ok
01:30:16.0214 6792 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
01:30:16.0215 6792 LSI_FC - ok
01:30:16.0247 6792 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
01:30:16.0249 6792 LSI_SAS - ok
01:30:16.0292 6792 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
01:30:16.0294 6792 LSI_SCSI - ok
01:30:16.0323 6792 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
01:30:16.0325 6792 luafv - ok
01:30:16.0365 6792 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
01:30:16.0366 6792 megasas - ok
01:30:16.0554 6792 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
01:30:16.0557 6792 MegaSR - ok
01:30:16.0592 6792 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
01:30:16.0593 6792 Modem - ok
01:30:16.0617 6792 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
01:30:16.0618 6792 monitor - ok
01:30:16.0649 6792 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
01:30:16.0650 6792 mouclass - ok
01:30:16.0671 6792 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
01:30:16.0672 6792 mouhid - ok
01:30:16.0750 6792 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
01:30:16.0751 6792 MountMgr - ok
01:30:16.0786 6792 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
01:30:16.0787 6792 mpio - ok
01:30:16.0809 6792 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
01:30:16.0811 6792 mpsdrv - ok
01:30:16.0845 6792 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
01:30:16.0846 6792 Mraid35x - ok
01:30:16.0915 6792 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\MRVW24C.sys
01:30:16.0919 6792 MRV6X64U - ok
01:30:17.0003 6792 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
01:30:17.0004 6792 MRxDAV - ok
01:30:17.0107 6792 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:30:17.0110 6792 mrxsmb - ok
01:30:17.0235 6792 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:30:17.0238 6792 mrxsmb10 - ok
01:30:17.0297 6792 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:30:17.0299 6792 mrxsmb20 - ok
01:30:17.0339 6792 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
01:30:17.0340 6792 msahci - ok
01:30:17.0379 6792 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
01:30:17.0380 6792 msdsm - ok
01:30:17.0426 6792 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
01:30:17.0427 6792 Msfs - ok
01:30:17.0472 6792 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
01:30:17.0473 6792 msisadrv - ok
01:30:17.0537 6792 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
01:30:17.0538 6792 MSKSSRV - ok
01:30:17.0574 6792 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
01:30:17.0575 6792 MSPCLOCK - ok
01:30:17.0602 6792 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
01:30:17.0603 6792 MSPQM - ok
01:30:17.0711 6792 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
01:30:17.0714 6792 MsRPC - ok
01:30:17.0753 6792 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
01:30:17.0754 6792 mssmbios - ok
01:30:17.0790 6792 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
01:30:17.0791 6792 MSTEE - ok
01:30:17.0842 6792 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
01:30:17.0843 6792 Mup - ok
01:30:17.0879 6792 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
01:30:17.0881 6792 NativeWifiP - ok
01:30:18.0055 6792 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
01:30:18.0062 6792 NDIS - ok
01:30:18.0092 6792 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
01:30:18.0094 6792 NdisTapi - ok
01:30:18.0127 6792 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
01:30:18.0128 6792 Ndisuio - ok
01:30:18.0212 6792 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
01:30:18.0214 6792 NdisWan - ok
01:30:18.0260 6792 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
01:30:18.0262 6792 NDProxy - ok
01:30:18.0281 6792 NEOFLTR_600_13705 - ok
01:30:18.0304 6792 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
01:30:18.0305 6792 NetBIOS - ok
01:30:18.0394 6792 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
01:30:18.0399 6792 netbt - ok
01:30:18.0807 6792 netr28ux (7d536aacb9329fe4b21c1870e3410ba6) C:\Windows\system32\DRIVERS\netr28ux.sys
01:30:18.0811 6792 netr28ux - ok
01:30:18.0869 6792 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
01:30:18.0870 6792 nfrd960 - ok
01:30:18.0927 6792 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
01:30:18.0928 6792 Npfs - ok
01:30:19.0036 6792 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
01:30:19.0037 6792 nsiproxy - ok
01:30:19.0447 6792 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
01:30:19.0457 6792 Ntfs - ok
01:30:19.0504 6792 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
01:30:19.0505 6792 Null - ok
01:30:19.0530 6792 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
01:30:19.0532 6792 nvraid - ok
01:30:19.0564 6792 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
01:30:19.0565 6792 nvstor - ok
01:30:19.0608 6792 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
01:30:19.0610 6792 nv_agp - ok
01:30:19.0618 6792 NwlnkFlt - ok
01:30:19.0627 6792 NwlnkFwd - ok
01:30:19.0721 6792 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
01:30:19.0722 6792 ohci1394 - ok
01:30:19.0779 6792 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
01:30:19.0780 6792 Parport - ok
01:30:19.0847 6792 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
01:30:19.0848 6792 partmgr - ok
01:30:19.0855 6792 PCDSRVC{4942F9C0-0B403F17-06000000}_0 - ok
01:30:19.0885 6792 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
01:30:19.0887 6792 pci - ok
01:30:19.0920 6792 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
01:30:19.0921 6792 pciide - ok
01:30:19.0991 6792 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
01:30:19.0992 6792 pcmcia - ok
01:30:20.0145 6792 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
01:30:20.0150 6792 PEAUTH - ok
01:30:20.0280 6792 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
01:30:20.0282 6792 PptpMiniport - ok
01:30:20.0330 6792 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
01:30:20.0331 6792 Processor - ok
01:30:20.0390 6792 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
01:30:20.0391 6792 PSched - ok
01:30:20.0859 6792 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
01:30:20.0869 6792 ql2300 - ok
01:30:20.0924 6792 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
01:30:20.0926 6792 ql40xx - ok
01:30:20.0967 6792 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
01:30:20.0968 6792 QWAVEdrv - ok
01:30:21.0002 6792 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
01:30:21.0003 6792 RasAcd - ok
01:30:21.0072 6792 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:30:21.0074 6792 Rasl2tp - ok
01:30:21.0136 6792 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
01:30:21.0137 6792 RasPppoe - ok
01:30:21.0198 6792 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
01:30:21.0199 6792 RasSstp - ok
01:30:21.0302 6792 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
01:30:21.0305 6792 rdbss - ok
01:30:21.0329 6792 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:30:21.0330 6792 RDPCDD - ok
01:30:21.0480 6792 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
01:30:21.0483 6792 rdpdr - ok
01:30:21.0518 6792 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
01:30:21.0519 6792 RDPENCDD - ok
01:30:21.0629 6792 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
01:30:21.0632 6792 RDPWD - ok
01:30:21.0681 6792 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
01:30:21.0683 6792 rspndr - ok
01:30:21.0764 6792 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
01:30:21.0767 6792 RTL8169 - ok
01:30:21.0809 6792 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
01:30:21.0810 6792 sbp2port - ok
01:30:21.0858 6792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:30:21.0859 6792 secdrv - ok
01:30:21.0905 6792 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
01:30:21.0906 6792 Serenum - ok
01:30:21.0953 6792 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
01:30:21.0954 6792 Serial - ok
01:30:21.0996 6792 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
01:30:21.0997 6792 sermouse - ok
01:30:22.0046 6792 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
01:30:22.0047 6792 sffdisk - ok
01:30:22.0083 6792 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
01:30:22.0084 6792 sffp_mmc - ok
01:30:22.0120 6792 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
01:30:22.0121 6792 sffp_sd - ok
01:30:22.0153 6792 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
01:30:22.0154 6792 sfloppy - ok
01:30:22.0213 6792 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
01:30:22.0214 6792 SiSRaid2 - ok
01:30:22.0268 6792 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
01:30:22.0269 6792 SiSRaid4 - ok
01:30:22.0327 6792 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
01:30:22.0329 6792 Smb - ok
01:30:22.0423 6792 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
01:30:22.0424 6792 spldr - ok
01:30:22.0495 6792 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
01:30:22.0498 6792 srv - ok
01:30:22.0563 6792 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
01:30:22.0565 6792 srv2 - ok
01:30:22.0681 6792 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
01:30:22.0682 6792 srvnet - ok
01:30:22.0748 6792 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
01:30:22.0749 6792 StillCam - ok
01:30:22.0839 6792 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
01:30:22.0840 6792 swenum - ok
01:30:22.0910 6792 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
01:30:22.0911 6792 Symc8xx - ok
01:30:22.0952 6792 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
01:30:22.0953 6792 Sym_hi - ok
01:30:22.0992 6792 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
01:30:22.0993 6792 Sym_u3 - ok
01:30:23.0413 6792 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
01:30:23.0421 6792 Tcpip - ok
01:30:23.0543 6792 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
01:30:23.0553 6792 Tcpip6 - ok
01:30:23.0627 6792 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
01:30:23.0628 6792 tcpipreg - ok
01:30:23.0710 6792 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
01:30:23.0711 6792 TDPIPE - ok
01:30:23.0751 6792 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
01:30:23.0752 6792 TDTCP - ok
01:30:23.0810 6792 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
01:30:23.0811 6792 tdx - ok
01:30:23.0855 6792 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
01:30:23.0856 6792 TermDD - ok
01:30:23.0948 6792 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:30:23.0949 6792 tssecsrv - ok
01:30:23.0991 6792 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
01:30:23.0992 6792 tunmp - ok
01:30:24.0048 6792 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
01:30:24.0049 6792 tunnel - ok
01:30:24.0105 6792 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
01:30:24.0106 6792 uagp35 - ok
01:30:24.0291 6792 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
01:30:24.0293 6792 udfs - ok
01:30:24.0393 6792 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
01:30:24.0395 6792 uliagpkx - ok
01:30:24.0533 6792 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
01:30:24.0536 6792 uliahci - ok
01:30:24.0647 6792 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
01:30:24.0648 6792 UlSata - ok
01:30:24.0762 6792 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
01:30:24.0764 6792 ulsata2 - ok
01:30:24.0826 6792 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
01:30:24.0828 6792 umbus - ok
01:30:24.0880 6792 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:30:24.0881 6792 USBAAPL64 - ok
01:30:24.0941 6792 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
01:30:24.0942 6792 usbaudio - ok
01:30:25.0022 6792 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
01:30:25.0023 6792 usbccgp - ok
01:30:25.0088 6792 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
01:30:25.0089 6792 usbcir - ok
01:30:25.0160 6792 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
01:30:25.0162 6792 usbehci - ok
01:30:25.0325 6792 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
01:30:25.0327 6792 usbhub - ok
01:30:25.0391 6792 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
01:30:25.0392 6792 usbohci - ok
01:30:25.0445 6792 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
01:30:25.0446 6792 usbprint - ok
01:30:25.0527 6792 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:30:25.0529 6792 USBSTOR - ok
01:30:25.0587 6792 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
01:30:25.0588 6792 usbuhci - ok
01:30:25.0668 6792 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
01:30:25.0670 6792 usbvideo - ok
01:30:25.0757 6792 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
01:30:25.0759 6792 vga - ok
01:30:25.0802 6792 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
01:30:25.0804 6792 VgaSave - ok
01:30:25.0858 6792 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
01:30:25.0860 6792 viaide - ok
01:30:25.0915 6792 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
01:30:25.0916 6792 volmgr - ok
01:30:26.0090 6792 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
01:30:26.0095 6792 volmgrx - ok
01:30:26.0214 6792 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
01:30:26.0217 6792 volsnap - ok
01:30:26.0379 6792 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
01:30:26.0381 6792 vsmraid - ok
01:30:26.0468 6792 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
01:30:26.0469 6792 WacomPen - ok
01:30:26.0583 6792 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:30:26.0585 6792 Wanarp - ok
01:30:26.0589 6792 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:30:26.0591 6792 Wanarpv6 - ok
01:30:26.0640 6792 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
01:30:26.0640 6792 Wd - ok
01:30:26.0888 6792 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
01:30:26.0892 6792 Wdf01000 - ok
01:30:27.0043 6792 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
01:30:27.0043 6792 WmiAcpi - ok
01:30:27.0165 6792 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
01:30:27.0166 6792 WpdUsb - ok
01:30:27.0241 6792 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
01:30:27.0242 6792 ws2ifsl - ok
01:30:27.0318 6792 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:30:27.0320 6792 WUDFRd - ok
01:30:27.0371 6792 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
01:30:28.0835 6792 \Device\Harddisk0\DR0 - ok
01:30:28.0840 6792 Boot (0x1200) (a36ba450aaae8444181fbe19a0e31552) \Device\Harddisk0\DR0\Partition0
01:30:28.0841 6792 \Device\Harddisk0\DR0\Partition0 - ok
01:30:28.0876 6792 Boot (0x1200) (19a715f216e04b107f79a1d1aa473249) \Device\Harddisk0\DR0\Partition1
01:30:28.0878 6792 \Device\Harddisk0\DR0\Partition1 - ok
01:30:28.0879 6792 ============================================================
01:30:28.0879 6792 Scan finished
01:30:28.0879 6792 ============================================================
01:30:28.0893 4768 Detected object count: 0
01:30:28.0893 4768 Actual detected object count: 0

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 1st October 2011, 2:00 pm

Not seeing any malware, still getting re-directs?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 2nd October 2011, 12:28 am

Yeah... I don't understand why it is... T_T it is very frustrating lol

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 2nd October 2011, 7:36 pm

Hello.
It looks like our tools can detect this so lets tackle this manually.

Please see this article:
[You must be registered and logged in to see this link.]

Please follow the instructions to boot to the RC, and run bootrec /fixmbr.

Let me know how it goes and when your done, please re-run aswMBR and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by andywu94 on 4th October 2011, 1:09 am

T_T sorry about this. It's probably going to take me a very long time to figure out how this works

andywu94
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-09-15
OS OS : Windows Vista version 6.0 build 6002: service pack 2
Points Points : 19343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect Virus?

Post by Belahzur on 4th October 2011, 10:43 am

Sadly this is the only way to stop the re-directs. The malware infected your MBR and our tools aren't detecting it fully, but they are showing there IS code there that isn't supposed to be there.

It is somewhat advanced, but not too hard if you follow the instructions carefully. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum