OTL Extras logfile created on: 11/3/2010 5:25:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.77 Gb Total Space | 69.56 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 4.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 930.86 Gb Total Space | 475.57 Gb Free Space | 51.09% Space Free | Partition Type: NTFS
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SHUGS-DUO | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-814749126-3938140228-794553022-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe File not found
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0x00000000
"AntiVirusDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-814749126-3938140228-794553022-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C9B76B-02CA-40D0-951F-3B50D4B9114E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0A984427-3253-49CB-B352-5131911F1D27}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0F10BB5B-8EEF-4DE6-8371-EFE583403012}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10E070DA-73F2-4E39-B23B-BB2AC574C975}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11254A1C-8FE4-4592-B616-2F4FC475FBE4}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{15B5C011-8F28-425E-9F84-4BAE1EFEBC34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D3A14C2-4B36-4ECB-AA1C-B2E66BDF110B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20951594-0ABB-410F-8948-FDF098326E5F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2341BD2A-9E24-4A76-83AE-F7B25194F291}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30A00AF4-06AC-4720-A2F7-D15A42A30DB3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{316D3E8D-0273-403F-97EC-4E0A6CC7872A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3210F3D9-E43F-4FB0-B098-F771DCBFCCB0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{36ECF6C7-CEB4-42D3-82A3-DABD90D2ABC3}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3A7DEB95-0DC6-418B-B572-987E75B1F29E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46FB526D-EDD9-4E33-B70B-C7261BEB9440}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EF99A38-285E-4A33-99BF-84C709C465BA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4FD5D07D-CAD1-4C32-A9CF-246D1177CABC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{51A87082-92C1-46E2-835A-6E11469F8498}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B47C1F9-846D-46E8-BFCA-54C64832EF03}" = rport=10244 | protocol=6 | dir=out | app=system |
"{75B03BDE-0751-4732-97DB-9F063E8D4223}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A885598-97AF-4489-AE74-964C52618F99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CAC6195-1839-4DF8-B9EC-0D67330D3866}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{81594844-0675-496E-81A7-01D838AF9156}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85695DC7-07F7-494A-BF4C-5E364F4D761B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{882FBD87-8A94-43EB-8734-E04BC4A66262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90CBF72A-287F-463C-B8F0-9BB13AD87AF2}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9E85A1D5-8450-4C25-AF94-37304CDB8314}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A75889E9-3227-4A8C-A202-36419DF853D7}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B16948A9-80C7-4F8B-AC28-6838FE0F3B28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4577B27-9870-4066-B8F3-0FD2E09008DE}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{E2F3A44A-D2F9-47F1-9223-ED86E401BCF9}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{E60586CA-A1B9-44C1-AA4E-ED351E5A35BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED2A199C-047D-465C-B3B3-66DB029EE711}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFBFEA36-36DA-47BE-BA00-93780C171A0B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F6F721AA-BDC8-43DA-8D85-8AF86F3AA7DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D13714E-2EAE-4453-A976-7786B59F38A5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp5.bat |
"{13F3EF63-7494-4BDC-8CEC-BA6B25730C82}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{148254CF-B81E-456E-BD2D-FDE0566E76DD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{201B5AE3-8674-41C6-915C-6C65D51B7F59}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwn2main.exe |
"{22B53AD1-E19B-49C0-B5C2-6C43FB55E8D5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{259F4FD6-38AD-42B3-8035-2E8BCF678760}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp4.bat |
"{273AADDD-D9B3-4817-B80A-2DB47E223FBA}" = protocol=6 | dir=out | app=system |
"{27F2A500-ED69-4C9E-B995-0EBE9741D0E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B20FEA2-2836-4F32-8A6E-8C4037E6DA69}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp4.bat |
"{34D6EA95-6A9D-430A-980C-AEAE1C05A873}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40B6D366-8B46-49F8-8FA0-8CBFA97F9083}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4150437F-59C6-42FD-AF33-8705BFD282BC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{41D807B7-8F41-4914-9415-849F4FF37BCD}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{47505A7D-8472-4EB8-94EB-2E7852869C0C}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwn2server.exe |
"{4F7D34A3-F39C-4409-9358-E70C2772168A}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwupdate.exe |
"{51513E13-FF2C-4F5C-97E3-207063F3D3AA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5D2CBC8A-DA96-4E69-8EA4-1632F64E4363}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5EA0BCD1-E89D-45ED-951B-E288412C355E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5EEAB07F-AA70-4A4E-B579-4A7F97A4AEC4}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwn2server.exe |
"{62CB9516-A6CB-4E7D-B006-A6856D10C0C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp3.bat |
"{63F92550-0F39-4EBC-92FE-FF6B55ECA56C}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwn2main_amdxp.exe |
"{67240470-EDAB-4A27-A323-E65899238FAE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6B821841-76D2-4D9A-993C-2FBFD03D668F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7403CA35-120E-47E4-ADC3-3E5CB2E02611}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 1.bat |
"{7E23D584-C77A-48E1-8BE7-5D5DEEB0F61C}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{7E89F4E4-9065-4852-8A7A-A64A1681B3B8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7F249244-EC45-4773-AD9E-395E5DA0A11D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{7F61EC40-4902-4AE8-8B5A-B9D52F72C84C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{816441AE-D118-4ECB-A339-E07D7C48EEBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82ACA149-1F01-4F0B-8BC1-0D3ABB69D9C4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp3.bat |
"{8328A9AE-92AE-4AD5-83B3-DFF4654FC603}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{852F38D8-6E68-4590-9259-C4FD2F1AE352}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 1.bat |
"{8CE6B5EB-9F57-4DBE-8544-6E97C6996EAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{9396E62D-33D7-464D-880C-1BA85ECA77AA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 2.bat |
"{9A6AAA95-6AE5-4BDC-AD7E-B7E677BCC516}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A2AA4790-D76E-4D19-8569-377EB8504E04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6A1312E-F942-415D-8145-40BE7D027337}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A9DC901F-C8DC-4116-A526-26FF753E5A02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 2.bat |
"{A9E1C81B-6B00-4DC4-93E9-6E2EF412FD2E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AB2C3B22-B294-4796-A24A-F628B7C477C6}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{AC422FBE-15C6-4109-A692-4B72084C9DE8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{ADB073E6-75CF-48EC-B447-76A2E4D0E7CE}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AFD2D299-FCAF-4572-A996-8AE53D75C379}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B0000FE4-4E80-4495-ABD2-1117A0E2BAA5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B3CE2569-3F80-4262-9468-AAE3CFDCDB24}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B549E3BA-7CEE-4492-A968-7CCE24A43778}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{B876D685-55EF-4AE1-B164-84929C723033}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwupdate.exe |
"{C309CC2F-0ECD-435C-93AB-EA87329170D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C48A33CD-3BF3-4807-8537-E039E0E3C4EC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CA19764B-3A22-42CC-BF6A-2B9FDF40F830}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwn2main_amdxp.exe |
"{D50B6021-0CEC-41C7-96F3-E06304CC76D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D642C747-8E37-4AE8-931F-62D9102ABE56}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D8CAA3A5-A695-4C85-A9D2-AE4B11422D69}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{DB5924D7-56C0-47E8-B617-E0C294F2B751}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E55FBB7F-F05E-402C-B0B4-2BB0B633863F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{E6928605-0FB7-46EB-96AE-E8AD6E52A88C}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{EA5A4C42-A436-45EB-AABB-6B21682031A2}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwn2main.exe |
"{EE1FF4C5-5D8F-4E14-BB25-D0F57DA1E4A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp5.bat |
"{F3652C71-7CFC-4369-A153-50A8F59DD1E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{F54081D2-2A73-44C6-96EB-6F019D418036}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F803EB95-6DAE-415E-827F-113524588FE3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F89918F6-5CAA-49A3-83C9-625EF722E21D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FDAE7E90-B522-4ACD-8E76-2E8A6B54EEBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{15DE6EB2-C818-4644-A802-24B6D4DCF20A}C:\program files\steam\steamapps\common\quake 3 arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\quake 3 arena\quake3.exe |
"TCP Query User{1E3BF29B-0CC5-4A80-A114-D3BF9DE2CD06}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{21E410F1-7983-45B8-B041-AECE5BF48E4B}C:\games\warsow\warsow_x86.exe" = protocol=6 | dir=in | app=c:\games\warsow\warsow_x86.exe |
"TCP Query User{238039E7-F637-48DA-B708-E20EB49AF0C4}C:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe |
"TCP Query User{2DB6BA2C-C656-4697-9553-5B3FC4C31C91}C:\games\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\games\quake iii arena\quake3.exe |
"TCP Query User{2FA6593E-07F4-42C3-83B1-09B4FA328BF7}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{4336DC7D-C3C7-405E-9050-7A4C627F12C7}C:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe |
"TCP Query User{502F2AC8-E683-40B3-9957-1A22A114E9CF}C:\games\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\games\quake 4\quake4.exe |
"TCP Query User{69C8962E-018E-424F-951E-35BB9B158A62}C:\downloads\nexuiz-24\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\downloads\nexuiz-24\nexuiz\nexuiz.exe |
"TCP Query User{71D2812C-0FE2-4C91-B107-A547AFAA5AE5}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{72C4DB4F-6FA4-4270-8747-570D7EF068C4}C:\program files\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\program files\qtracker\qtracker.exe |
"TCP Query User{82A75D6E-AED6-4F22-8530-DA43F076AE01}C:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe |
"TCP Query User{843EE37E-D6A7-453C-A2E2-202A4546129E}C:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe |
"TCP Query User{86FF1440-FB57-4165-B5C0-A3E7C07482D6}C:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\games\warcraft iii\war3.exe |
"TCP Query User{A3861A53-BFC2-4893-BF5E-4E8E6A0C5BD6}C:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe |
"TCP Query User{A71BD383-5D28-44AA-BBAF-B8118090FF9F}C:\program files\keyclone\keyclone.exe" = protocol=6 | dir=in | app=c:\program files\keyclone\keyclone.exe |
"TCP Query User{A7E8B667-21E7-42BA-AC69-C3DE7061410C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ACCC35F0-B101-4B1C-9707-DF5ED966EB2B}C:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe |
"TCP Query User{B84AC1D3-7E55-499D-8C48-A7395EC88C35}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{BAC1BCBE-08C6-40DD-BD53-46EDFA4A8749}C:\games\nquake\ezquake-gl.exe" = protocol=6 | dir=in | app=c:\games\nquake\ezquake-gl.exe |
"TCP Query User{C360BB0A-651D-41AB-9A65-F0F9EA680757}C:\games\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\games\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{C4FF8933-3D27-43C3-BA7F-EE0B7DBD1A69}C:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe |
"TCP Query User{CC20714A-C50F-496C-A7CC-2F7EF6F83848}C:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\game.exe |
"TCP Query User{CF614B89-D774-4747-B16B-C1AA0FDC3394}C:\games\quake iii arena\cnq3.exe" = protocol=6 | dir=in | app=c:\games\quake iii arena\cnq3.exe |
"TCP Query User{EEC87E42-B3BB-4C71-90F7-8D3F5F374D34}C:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe |
"TCP Query User{F21FDA0E-B443-471A-9B07-4E5CAB527951}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{05D2573F-9C10-4928-9B5F-A7E98B43A5D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0619A77A-F0F6-4DDA-8A5B-481DBFE63A69}C:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe |
"UDP Query User{067AE1BB-577E-41DE-ACB6-32743F9F7623}C:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe |
"UDP Query User{19305EE6-0C51-4E34-8258-E5C35A3E4EAE}C:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\game.exe |
"UDP Query User{278195C5-AB97-4471-B8EC-313F9DC39B5D}C:\games\warsow\warsow_x86.exe" = protocol=17 | dir=in | app=c:\games\warsow\warsow_x86.exe |
"UDP Query User{291A49E6-D07F-49FF-8338-97C25AA5CA6C}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{363FE1FB-EB7D-4CB6-BEFC-BBF2829EBA5E}C:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe |
"UDP Query User{4DBAB4FE-CAB8-49E9-A4A3-E42997012002}C:\downloads\nexuiz-24\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\downloads\nexuiz-24\nexuiz\nexuiz.exe |
"UDP Query User{5BFA4E0F-0FC7-4E20-9F13-2139F5E3FE47}C:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe |
"UDP Query User{6345F3A4-2C39-4D69-A4ED-54D396A32B22}C:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe |
"UDP Query User{67534652-F894-45D2-A966-4DBBD522A944}C:\program files\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\program files\qtracker\qtracker.exe |
"UDP Query User{6B4BADF5-6959-4D70-B76A-7EF722346A24}C:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe |
"UDP Query User{6DD3E16E-49D8-4B55-A4FB-DF481FF0166C}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{7E72E9B9-9B7D-4369-ACD7-259E258E4E1D}C:\program files\keyclone\keyclone.exe" = protocol=17 | dir=in | app=c:\program files\keyclone\keyclone.exe |
"UDP Query User{857E440D-A158-442B-9653-7DB58DB3E0A3}C:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\games\warcraft iii\war3.exe |
"UDP Query User{8F271A5C-ADBF-4977-924A-5D70CC7B90E9}C:\games\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\games\quake iii arena\quake3.exe |
"UDP Query User{9354AFAD-21E1-4CD1-811B-14CB20E7A76F}C:\games\nquake\ezquake-gl.exe" = protocol=17 | dir=in | app=c:\games\nquake\ezquake-gl.exe |
"UDP Query User{93EC74D9-E60A-45B8-9307-6AC7DFB70447}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{B5FD0890-6E65-400D-965F-6215297BF4B2}C:\games\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\games\quake 4\quake4.exe |
"UDP Query User{BD2522DB-F41F-4EAA-BEF2-168E96315D3E}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C161216B-DC61-46D9-B1C9-48C7C2072331}C:\program files\steam\steamapps\common\quake 3 arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\quake 3 arena\quake3.exe |
"UDP Query User{CF2E34FE-8A74-4E98-880A-01F5A88B0B76}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E785AE64-113D-4849-B2A2-67C070869813}C:\games\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\games\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{EF2BB6ED-2C2D-4191-B4D9-F541F21C809C}C:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe |
"UDP Query User{FA5B93DA-416B-4837-9DA8-6CC4CFA3F41A}C:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe |
"UDP Query User{FD03F085-1B8A-4C79-89D1-BC58CBEE1A2A}C:\games\quake iii arena\cnq3.exe" = protocol=17 | dir=in | app=c:\games\quake iii arena\cnq3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C516E56-0B4B-4BDE-88A2-035B4D170A26}" = DXG-572V
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D44A38DD-6F9A-4F12-ADA9-4C79BC71ECD0}" = WD SmartWare
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CyberScrub® Privacy Suite™ 5.1_is1" = CyberScrub® Privacy Suite™ 5.1
"Doomsday Engine_is1" = Doomsday Engine 1.9.0-beta6.9
"Download Manager" = Download Manager 2.3.6
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PunkBusterSvc" = PunkBuster Services
"Steam App 440" = Team Fortress 2
"Steam App 8980" = Borderlands
"Steam App 9180" = Commander Keen Complete Pack
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-814749126-3938140228-794553022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/31/2010 6:07:38 PM | Computer Name = Shugs-Duo | Source = EventSystem | ID = 4609
Description =
Error - 10/31/2010 6:15:46 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10/31/2010 6:52:10 PM | Computer Name = Shugs-Duo | Source = EventSystem | ID = 4609
Description =
Error - 10/31/2010 6:57:29 PM | Computer Name = Shugs-Duo | Source = EventSystem | ID = 4609
Description =
Error - 10/31/2010 7:02:40 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10/31/2010 7:10:15 PM | Computer Name = Shugs-Duo | Source = Application Error | ID = 1000
Description = Faulting application WinPatrolEx.exe, version 19.1.2010.1, time stamp
0x4ccb4e3e, faulting module WinPatrolEx.exe, version 19.1.2010.1, time stamp 0x4ccb4e3e,
exception code 0xc0000005, fault offset 0x0002cb28, process id 0x1398, application
start time 0x01cb7950c6ec7eeb.
Error - 10/31/2010 7:14:34 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10/31/2010 7:30:24 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/2/2010 6:51:11 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/2/2010 9:29:15 PM | Computer Name = Shugs-Duo | Source = Application Error | ID = 1000
Description = Faulting application Ventrilo.exe, version 3.0.1.0, time stamp 0x473f5606,
faulting module Ventrilo.exe, version 3.0.1.0, time stamp 0x473f5606, exception
code 0xc0000005, fault offset 0x00087867, process id 0x1298, application start time
0x01cb7ae0c95cc9b2.
[ System Events ]
Error - 10/31/2010 8:05:10 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =
Error - 10/31/2010 8:05:10 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =
Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =
Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =
Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =
Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =
Error - 11/2/2010 6:48:30 PM | Computer Name = Shugs-Duo | Source = HTTP | ID = 15016
Description =
Error - 11/2/2010 6:48:49 PM | Computer Name = Shugs-Duo | Source = Service Control Manager | ID = 7000
Description =
Error - 11/2/2010 6:48:49 PM | Computer Name = Shugs-Duo | Source = Service Control Manager | ID = 7023
Description =
Error - 11/2/2010 6:48:49 PM | Computer Name = Shugs-Duo | Source = Service Control Manager | ID = 7026
Description =
< End of report >
OTL logfile created on: 11/3/2010 5:25:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.77 Gb Total Space | 69.56 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 4.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 930.86 Gb Total Space | 475.57 Gb Free Space | 51.09% Space Free | Partition Type: NTFS
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SHUGS-DUO | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Richard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Richard\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\VentSrv\ventrilo_srv.exe ()
PRC - C:\Program Files\VentSrv\ventrilo_svc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
========== Modules (SafeList) ========== MOD - C:\Users\Richard\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
========== Win32 Services (SafeList) ========== SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe File not found
SRV - (FastUserSwitchingCompatibility) -- C:\Windows\System32\FastUv32.dll File not found
SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (Ventrilo) -- C:\Program Files\VentSrv\ventrilo_svc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ivusb) -- C:\Windows\System32\DRIVERS\ivusb.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-814749126-3938140228-794553022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-814749126-3938140228-794553022-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.shacknews.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems:
battlefieldheroespatcher@ea.com:4.0.17.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 10:57:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 18:05:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 18:05:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/29 20:26:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/08/27 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2010/08/27 19:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/02 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\25fdo6ir.default\extensions
[2010/10/29 15:37:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\25fdo6ir.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/25 19:43:30 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\25fdo6ir.default\extensions\battlefieldheroespatcher@ea.com
[2010/11/02 17:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 16:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/17 09:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/10/31 17:52:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\Launch.exe ()
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-814749126-3938140228-794553022-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.217.126.81 207.217.77.82
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 15:00:27 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/11/03 17:23:59 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2010/11/03 08:24:59 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/11/03 08:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/31 17:52:39 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\SmitfraudFix
[2010/10/31 17:36:16 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/10/31 17:08:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/31 17:08:05 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\temp
[2010/10/31 17:03:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/31 16:30:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/31 16:30:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/31 16:30:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/31 16:30:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/31 16:29:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/31 16:23:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/31 16:22:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/31 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/31 15:06:28 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
[2010/10/31 15:06:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/31 15:06:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/31 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/31 15:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/31 13:36:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/31 13:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/31 13:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/31 10:03:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\WinPatrol
[2010/10/31 10:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/10/31 03:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/10/30 23:00:09 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/30 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Aimersoft Video Converter
[2010/10/30 20:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2010/10/29 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Hothead Games
[2010/10/26 18:25:25 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\NVIDIA
[2010/10/17 09:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/17 09:46:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/17 09:46:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/17 09:46:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/14 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Namco
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/11/03 17:24:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2010/11/03 16:57:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814749126-3938140228-794553022-1000UA.job
[2010/11/03 15:48:25 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 15:48:25 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 09:02:25 | 067,141,321 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/11/03 08:14:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/11/02 23:57:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814749126-3938140228-794553022-1000Core.job
[2010/11/02 17:54:52 | 000,633,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/02 17:54:52 | 000,117,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/02 17:48:41 | 000,056,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/02 17:48:40 | 000,056,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/02 17:48:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/02 17:48:27 | 3488,133,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/31 18:06:44 | 003,896,823 | ---- | M] () -- C:\Users\Richard\Desktop\zzz.exe
[2010/10/31 17:53:03 | 000,002,846 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/10/31 17:53:03 | 000,000,691 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\GetValue.vbs
[2010/10/31 17:53:03 | 000,000,035 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\SetValue.bat
[2010/10/31 17:52:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/31 17:50:35 | 001,872,472 | ---- | M] () -- C:\Users\Richard\Desktop\SmitfraudFix.exe
[2010/10/31 17:39:56 | 000,189,030 | ---- | M] () -- C:\MGlogs.zip
[2010/10/31 15:44:35 | 000,010,572 | ---- | M] () -- C:\Windows\UEDIT32.INI
[2010/10/31 15:34:44 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/31 15:06:24 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/31 13:33:58 | 002,400,464 | ---- | M] () -- C:\MGtools.exe
[2010/10/31 10:34:25 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/25 07:51:15 | 003,607,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/10/31 18:06:22 | 003,896,823 | ---- | C] () -- C:\Users\Richard\Desktop\zzz.exe
[2010/10/31 17:59:57 | 3488,133,120 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/31 17:53:03 | 000,002,846 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/10/31 17:53:03 | 000,000,691 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\GetValue.vbs
[2010/10/31 17:53:03 | 000,000,035 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\SetValue.bat
[2010/10/31 17:50:20 | 001,872,472 | ---- | C] () -- C:\Users\Richard\Desktop\SmitfraudFix.exe
[2010/10/31 17:36:17 | 000,189,030 | ---- | C] () -- C:\MGlogs.zip
[2010/10/31 16:30:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/31 16:30:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/31 16:30:04 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/31 16:30:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/31 16:30:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/31 15:34:44 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/31 15:06:24 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/31 13:33:53 | 002,400,464 | ---- | C] () -- C:\MGtools.exe
[2010/10/25 07:50:50 | 003,607,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/14 19:33:53 | 000,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2009/11/21 14:34:22 | 000,056,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/21 14:34:22 | 000,056,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/25 09:36:47 | 000,000,095 | ---- | C] () -- C:\Users\Richard\AppData\Local\fusioncache.dat
[2008/12/23 13:41:35 | 000,000,069 | ---- | C] () -- C:\Windows\drD3D.ini
[2008/12/02 18:59:55 | 000,010,572 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2008/12/01 23:41:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/09/06 16:19:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/04/06 12:56:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/03/01 20:49:55 | 000,000,031 | ---- | C] () -- C:\Windows\Q3CDKey.ini
[2008/02/22 18:28:03 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/02/22 18:28:03 | 000,139,152 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\PnkBstrK.sys
[2008/02/22 18:27:30 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2008/02/22 17:36:21 | 000,000,525 | ---- | C] () -- C:\Windows\QIII.INI
[2008/02/09 21:04:00 | 000,050,688 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/07 20:44:04 | 000,000,680 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2004/08/13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
========== Alternate Data Streams ========== @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:B4AF47A7
< End of report >
GMER 1.0.15.15477 -
http://www.gmer.netRootkit scan 2010-11-04 08:04:39
Windows 6.0.6001 Service Pack 1
Running: z1c9sslf.exe; Driver: C:\Users\Richard\AppData\Local\Temp\kglyipod.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x90617620]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 854 81EF8E18 4 Bytes [20, 76, 61, 90] {AND [ESI+0x61], DH; NOP }
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1588] kernel32.dll!SetUnhandledExceptionFilter 76D56E2D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [733D98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7339D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7338F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73391E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7338E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7339D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7339012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73390095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [733871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7341D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [733B75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7338DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7338668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [733866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73397BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73397599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [733CB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----