Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Follow up HJT examination requested

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Follow up HJT examination requested

Unread postby shugz » November 1st, 2010, 6:00 pm

I made a post yesterday about a trojan problem I was having here: viewtopic.php?f=12&t=54192 I was able to fix the problem as far I can tell.

However I did go through many different scans using various different tools. Since I do not consider myself anything close to the experts here I would like to have one of the experienced members to please have a look at my HJT log just so I can be sure there is nothing else lingering around...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:46:19 PM, on 11/1/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Richard\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] "C:\Program Files\CyberScrub Privacy Suite\Launch.exe" "C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 7977 bytes

Thanks again for your time.
shugz
Regular Member
 
Posts: 20
Joined: May 15th, 2007, 11:44 am
Advertisement
Register to Remove

Re: Follow up HJT examination requested

Unread postby deltalima » November 3rd, 2010, 4:31 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Follow up HJT examination requested

Unread postby deltalima » November 3rd, 2010, 4:50 am

Hi shugz,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Follow up HJT examination requested

Unread postby shugz » November 3rd, 2010, 9:25 am

Thanks for your time:

Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.1.2
AVG Free 8.5
Borderlands
CCleaner
CDDRV_Installer
Commander Keen Complete Pack
CyberScrub® Privacy Suite™ 5.1
Doomsday Engine 1.9.0-beta6.9
Download Manager 2.3.6
DXG-572V
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
IrfanView (remove only)
Java(TM) 6 Update 22
KhalInstallWrapper
Logitech Harmony Remote Software 7
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nero 7 Ultra Edition
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Pando Media Booster
PDF Settings CS5
PunkBuster Services
Quake Live Mozilla Plugin
Remote Control USB Driver
Steam
SUPERAntiSpyware
System Requirements Lab
Team Fortress 2
Uniblue ProcessQuickLink 2
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.6h
WD SmartWare
Winamp
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-JMKMB-GYDW6-DBG7R
Windows Product Key Hash: M5sYS3A2+7S8NivCV5zBusDT6gA=
Windows Product ID: 89578-OEM-7304133-27708
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {60D95CED-2D04-43F8-A45D-058D1C880B21}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.080917-1612
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6001.18000

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{60D95CED-2D04-43F8-A45D-058D1C880B21}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DBG7R</PKey><PID>89578-OEM-7304133-27708</PID><PIDType>3</PIDType><SID>S-1-5-21-814749126-3938140228-794553022</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS P5N32-E SLI ACPI BIOS Revision 1302</Version><SMBIOSVersion major="2" minor="4"/><Date>20071105000000.000000+000</Date></BIOS><HWID>4E323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_COA_NSLP channel
Activation ID: f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-041-327708-02-1033-6000.0000-0382008
Installation ID: 004041327471381936426376972785676406310111299093407683
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: DBG7R
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAIAAgABAAEABAACAAAAAwABAAEA6GEi+FL8rwysO5IA7pmuFdquBnvy9OFBvmthLVbXKlKsViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC Nvidia ASUSACPI
FACP Nvidia ASUSACPI
HPET Nvidia ASUSACPI
MCFG Nvidia ASUSACPI
shugz
Regular Member
 
Posts: 20
Joined: May 15th, 2007, 11:44 am

Re: Follow up HJT examination requested

Unread postby deltalima » November 3rd, 2010, 9:33 am

Hi shugz,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Follow up HJT examination requested

Unread postby shugz » November 4th, 2010, 9:04 am

OTL Extras logfile created on: 11/3/2010 5:25:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.77 Gb Total Space | 69.56 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 4.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 930.86 Gb Total Space | 475.57 Gb Free Space | 51.09% Space Free | Partition Type: NTFS
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHUGS-DUO | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-814749126-3938140228-794553022-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe File not found
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0x00000000
"AntiVirusDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-814749126-3938140228-794553022-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C9B76B-02CA-40D0-951F-3B50D4B9114E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0A984427-3253-49CB-B352-5131911F1D27}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0F10BB5B-8EEF-4DE6-8371-EFE583403012}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10E070DA-73F2-4E39-B23B-BB2AC574C975}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11254A1C-8FE4-4592-B616-2F4FC475FBE4}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{15B5C011-8F28-425E-9F84-4BAE1EFEBC34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D3A14C2-4B36-4ECB-AA1C-B2E66BDF110B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20951594-0ABB-410F-8948-FDF098326E5F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2341BD2A-9E24-4A76-83AE-F7B25194F291}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30A00AF4-06AC-4720-A2F7-D15A42A30DB3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{316D3E8D-0273-403F-97EC-4E0A6CC7872A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3210F3D9-E43F-4FB0-B098-F771DCBFCCB0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{36ECF6C7-CEB4-42D3-82A3-DABD90D2ABC3}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3A7DEB95-0DC6-418B-B572-987E75B1F29E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46FB526D-EDD9-4E33-B70B-C7261BEB9440}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EF99A38-285E-4A33-99BF-84C709C465BA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4FD5D07D-CAD1-4C32-A9CF-246D1177CABC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{51A87082-92C1-46E2-835A-6E11469F8498}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B47C1F9-846D-46E8-BFCA-54C64832EF03}" = rport=10244 | protocol=6 | dir=out | app=system |
"{75B03BDE-0751-4732-97DB-9F063E8D4223}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A885598-97AF-4489-AE74-964C52618F99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CAC6195-1839-4DF8-B9EC-0D67330D3866}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{81594844-0675-496E-81A7-01D838AF9156}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85695DC7-07F7-494A-BF4C-5E364F4D761B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{882FBD87-8A94-43EB-8734-E04BC4A66262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90CBF72A-287F-463C-B8F0-9BB13AD87AF2}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9E85A1D5-8450-4C25-AF94-37304CDB8314}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A75889E9-3227-4A8C-A202-36419DF853D7}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B16948A9-80C7-4F8B-AC28-6838FE0F3B28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4577B27-9870-4066-B8F3-0FD2E09008DE}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{E2F3A44A-D2F9-47F1-9223-ED86E401BCF9}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{E60586CA-A1B9-44C1-AA4E-ED351E5A35BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED2A199C-047D-465C-B3B3-66DB029EE711}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFBFEA36-36DA-47BE-BA00-93780C171A0B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F6F721AA-BDC8-43DA-8D85-8AF86F3AA7DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D13714E-2EAE-4453-A976-7786B59F38A5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp5.bat |
"{13F3EF63-7494-4BDC-8CEC-BA6B25730C82}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{148254CF-B81E-456E-BD2D-FDE0566E76DD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{201B5AE3-8674-41C6-915C-6C65D51B7F59}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwn2main.exe |
"{22B53AD1-E19B-49C0-B5C2-6C43FB55E8D5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{259F4FD6-38AD-42B3-8035-2E8BCF678760}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp4.bat |
"{273AADDD-D9B3-4817-B80A-2DB47E223FBA}" = protocol=6 | dir=out | app=system |
"{27F2A500-ED69-4C9E-B995-0EBE9741D0E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B20FEA2-2836-4F32-8A6E-8C4037E6DA69}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp4.bat |
"{34D6EA95-6A9D-430A-980C-AEAE1C05A873}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40B6D366-8B46-49F8-8FA0-8CBFA97F9083}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4150437F-59C6-42FD-AF33-8705BFD282BC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{41D807B7-8F41-4914-9415-849F4FF37BCD}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{47505A7D-8472-4EB8-94EB-2E7852869C0C}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwn2server.exe |
"{4F7D34A3-F39C-4409-9358-E70C2772168A}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwupdate.exe |
"{51513E13-FF2C-4F5C-97E3-207063F3D3AA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5D2CBC8A-DA96-4E69-8EA4-1632F64E4363}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5EA0BCD1-E89D-45ED-951B-E288412C355E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5EEAB07F-AA70-4A4E-B579-4A7F97A4AEC4}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwn2server.exe |
"{62CB9516-A6CB-4E7D-B006-A6856D10C0C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp3.bat |
"{63F92550-0F39-4EBC-92FE-FF6B55ECA56C}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwn2main_amdxp.exe |
"{67240470-EDAB-4A27-A323-E65899238FAE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6B821841-76D2-4D9A-993C-2FBFD03D668F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7403CA35-120E-47E4-ADC3-3E5CB2E02611}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 1.bat |
"{7E23D584-C77A-48E1-8BE7-5D5DEEB0F61C}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{7E89F4E4-9065-4852-8A7A-A64A1681B3B8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7F249244-EC45-4773-AD9E-395E5DA0A11D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{7F61EC40-4902-4AE8-8B5A-B9D52F72C84C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{816441AE-D118-4ECB-A339-E07D7C48EEBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82ACA149-1F01-4F0B-8BC1-0D3ABB69D9C4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp3.bat |
"{8328A9AE-92AE-4AD5-83B3-DFF4654FC603}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{852F38D8-6E68-4590-9259-C4FD2F1AE352}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 1.bat |
"{8CE6B5EB-9F57-4DBE-8544-6E97C6996EAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{9396E62D-33D7-464D-880C-1BA85ECA77AA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 2.bat |
"{9A6AAA95-6AE5-4BDC-AD7E-B7E677BCC516}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A2AA4790-D76E-4D19-8569-377EB8504E04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6A1312E-F942-415D-8145-40BE7D027337}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A9DC901F-C8DC-4116-A526-26FF753E5A02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\keen 2.bat |
"{A9E1C81B-6B00-4DC4-93E9-6E2EF412FD2E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AB2C3B22-B294-4796-A24A-F628B7C477C6}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{AC422FBE-15C6-4109-A692-4B72084C9DE8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{ADB073E6-75CF-48EC-B447-76A2E4D0E7CE}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AFD2D299-FCAF-4572-A996-8AE53D75C379}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B0000FE4-4E80-4495-ABD2-1117A0E2BAA5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B3CE2569-3F80-4262-9468-AAE3CFDCDB24}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B549E3BA-7CEE-4492-A968-7CCE24A43778}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{B876D685-55EF-4AE1-B164-84929C723033}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwupdate.exe |
"{C309CC2F-0ECD-435C-93AB-EA87329170D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C48A33CD-3BF3-4807-8537-E039E0E3C4EC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CA19764B-3A22-42CC-BF6A-2B9FDF40F830}" = protocol=6 | dir=in | app=c:\games\neverwinter nights 2\nwn2main_amdxp.exe |
"{D50B6021-0CEC-41C7-96F3-E06304CC76D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D642C747-8E37-4AE8-931F-62D9102ABE56}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D8CAA3A5-A695-4C85-A9D2-AE4B11422D69}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{DB5924D7-56C0-47E8-B617-E0C294F2B751}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E55FBB7F-F05E-402C-B0B4-2BB0B633863F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{E6928605-0FB7-46EB-96AE-E8AD6E52A88C}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{EA5A4C42-A436-45EB-AABB-6B21682031A2}" = protocol=17 | dir=in | app=c:\games\neverwinter nights 2\nwn2main.exe |
"{EE1FF4C5-5D8F-4E14-BB25-D0F57DA1E4A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\commander keen\testapp5.bat |
"{F3652C71-7CFC-4369-A153-50A8F59DD1E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{F54081D2-2A73-44C6-96EB-6F019D418036}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F803EB95-6DAE-415E-827F-113524588FE3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F89918F6-5CAA-49A3-83C9-625EF722E21D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FDAE7E90-B522-4ACD-8E76-2E8A6B54EEBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{15DE6EB2-C818-4644-A802-24B6D4DCF20A}C:\program files\steam\steamapps\common\quake 3 arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\quake 3 arena\quake3.exe |
"TCP Query User{1E3BF29B-0CC5-4A80-A114-D3BF9DE2CD06}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{21E410F1-7983-45B8-B041-AECE5BF48E4B}C:\games\warsow\warsow_x86.exe" = protocol=6 | dir=in | app=c:\games\warsow\warsow_x86.exe |
"TCP Query User{238039E7-F637-48DA-B708-E20EB49AF0C4}C:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe |
"TCP Query User{2DB6BA2C-C656-4697-9553-5B3FC4C31C91}C:\games\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\games\quake iii arena\quake3.exe |
"TCP Query User{2FA6593E-07F4-42C3-83B1-09B4FA328BF7}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{4336DC7D-C3C7-405E-9050-7A4C627F12C7}C:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe |
"TCP Query User{502F2AC8-E683-40B3-9957-1A22A114E9CF}C:\games\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\games\quake 4\quake4.exe |
"TCP Query User{69C8962E-018E-424F-951E-35BB9B158A62}C:\downloads\nexuiz-24\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\downloads\nexuiz-24\nexuiz\nexuiz.exe |
"TCP Query User{71D2812C-0FE2-4C91-B107-A547AFAA5AE5}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{72C4DB4F-6FA4-4270-8747-570D7EF068C4}C:\program files\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\program files\qtracker\qtracker.exe |
"TCP Query User{82A75D6E-AED6-4F22-8530-DA43F076AE01}C:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe |
"TCP Query User{843EE37E-D6A7-453C-A2E2-202A4546129E}C:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe |
"TCP Query User{86FF1440-FB57-4165-B5C0-A3E7C07482D6}C:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\games\warcraft iii\war3.exe |
"TCP Query User{A3861A53-BFC2-4893-BF5E-4E8E6A0C5BD6}C:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe |
"TCP Query User{A71BD383-5D28-44AA-BBAF-B8118090FF9F}C:\program files\keyclone\keyclone.exe" = protocol=6 | dir=in | app=c:\program files\keyclone\keyclone.exe |
"TCP Query User{A7E8B667-21E7-42BA-AC69-C3DE7061410C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ACCC35F0-B101-4B1C-9707-DF5ED966EB2B}C:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe |
"TCP Query User{B84AC1D3-7E55-499D-8C48-A7395EC88C35}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{BAC1BCBE-08C6-40DD-BD53-46EDFA4A8749}C:\games\nquake\ezquake-gl.exe" = protocol=6 | dir=in | app=c:\games\nquake\ezquake-gl.exe |
"TCP Query User{C360BB0A-651D-41AB-9A65-F0F9EA680757}C:\games\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\games\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{C4FF8933-3D27-43C3-BA7F-EE0B7DBD1A69}C:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe |
"TCP Query User{CC20714A-C50F-496C-A7CC-2F7EF6F83848}C:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\game.exe |
"TCP Query User{CF614B89-D774-4747-B16B-C1AA0FDC3394}C:\games\quake iii arena\cnq3.exe" = protocol=6 | dir=in | app=c:\games\quake iii arena\cnq3.exe |
"TCP Query User{EEC87E42-B3BB-4C71-90F7-8D3F5F374D34}C:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe |
"TCP Query User{F21FDA0E-B443-471A-9B07-4E5CAB527951}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{05D2573F-9C10-4928-9B5F-A7E98B43A5D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0619A77A-F0F6-4DDA-8A5B-481DBFE63A69}C:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress classic\hl.exe |
"UDP Query User{067AE1BB-577E-41DE-ACB6-32743F9F7623}C:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike\hl.exe |
"UDP Query User{19305EE6-0C51-4E34-8258-E5C35A3E4EAE}C:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\game.exe |
"UDP Query User{278195C5-AB97-4471-B8EC-313F9DC39B5D}C:\games\warsow\warsow_x86.exe" = protocol=17 | dir=in | app=c:\games\warsow\warsow_x86.exe |
"UDP Query User{291A49E6-D07F-49FF-8338-97C25AA5CA6C}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{363FE1FB-EB7D-4CB6-BEFC-BBF2829EBA5E}C:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\half-life 2 deathmatch\hl2.exe |
"UDP Query User{4DBAB4FE-CAB8-49E9-A4A3-E42997012002}C:\downloads\nexuiz-24\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\downloads\nexuiz-24\nexuiz\nexuiz.exe |
"UDP Query User{5BFA4E0F-0FC7-4E20-9F13-2139F5E3FE47}C:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat source\hl2.exe |
"UDP Query User{6345F3A4-2C39-4D69-A4ED-54D396A32B22}C:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\day of defeat\hl.exe |
"UDP Query User{67534652-F894-45D2-A966-4DBBD522A944}C:\program files\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\program files\qtracker\qtracker.exe |
"UDP Query User{6B4BADF5-6959-4D70-B76A-7EF722346A24}C:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\team fortress 2\hl2.exe |
"UDP Query User{6DD3E16E-49D8-4B55-A4FB-DF481FF0166C}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{7E72E9B9-9B7D-4369-ACD7-259E258E4E1D}C:\program files\keyclone\keyclone.exe" = protocol=17 | dir=in | app=c:\program files\keyclone\keyclone.exe |
"UDP Query User{857E440D-A158-442B-9653-7DB58DB3E0A3}C:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\games\warcraft iii\war3.exe |
"UDP Query User{8F271A5C-ADBF-4977-924A-5D70CC7B90E9}C:\games\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\games\quake iii arena\quake3.exe |
"UDP Query User{9354AFAD-21E1-4CD1-811B-14CB20E7A76F}C:\games\nquake\ezquake-gl.exe" = protocol=17 | dir=in | app=c:\games\nquake\ezquake-gl.exe |
"UDP Query User{93EC74D9-E60A-45B8-9307-6AC7DFB70447}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{B5FD0890-6E65-400D-965F-6215297BF4B2}C:\games\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\games\quake 4\quake4.exe |
"UDP Query User{BD2522DB-F41F-4EAA-BEF2-168E96315D3E}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C161216B-DC61-46D9-B1C9-48C7C2072331}C:\program files\steam\steamapps\common\quake 3 arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\quake 3 arena\quake3.exe |
"UDP Query User{CF2E34FE-8A74-4E98-880A-01F5A88B0B76}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E785AE64-113D-4849-B2A2-67C070869813}C:\games\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\games\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{EF2BB6ED-2C2D-4191-B4D9-F541F21C809C}C:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\deathmatch classic\hl.exe |
"UDP Query User{FA5B93DA-416B-4837-9DA8-6CC4CFA3F41A}C:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mudshark70\counter-strike source\hl2.exe |
"UDP Query User{FD03F085-1B8A-4C79-89D1-BC58CBEE1A2A}C:\games\quake iii arena\cnq3.exe" = protocol=17 | dir=in | app=c:\games\quake iii arena\cnq3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C516E56-0B4B-4BDE-88A2-035B4D170A26}" = DXG-572V
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D44A38DD-6F9A-4F12-ADA9-4C79BC71ECD0}" = WD SmartWare
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CyberScrub® Privacy Suite™ 5.1_is1" = CyberScrub® Privacy Suite™ 5.1
"Doomsday Engine_is1" = Doomsday Engine 1.9.0-beta6.9
"Download Manager" = Download Manager 2.3.6
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PunkBusterSvc" = PunkBuster Services
"Steam App 440" = Team Fortress 2
"Steam App 8980" = Borderlands
"Steam App 9180" = Commander Keen Complete Pack
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-814749126-3938140228-794553022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2010 6:07:38 PM | Computer Name = Shugs-Duo | Source = EventSystem | ID = 4609
Description =

Error - 10/31/2010 6:15:46 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/31/2010 6:52:10 PM | Computer Name = Shugs-Duo | Source = EventSystem | ID = 4609
Description =

Error - 10/31/2010 6:57:29 PM | Computer Name = Shugs-Duo | Source = EventSystem | ID = 4609
Description =

Error - 10/31/2010 7:02:40 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/31/2010 7:10:15 PM | Computer Name = Shugs-Duo | Source = Application Error | ID = 1000
Description = Faulting application WinPatrolEx.exe, version 19.1.2010.1, time stamp
0x4ccb4e3e, faulting module WinPatrolEx.exe, version 19.1.2010.1, time stamp 0x4ccb4e3e,
exception code 0xc0000005, fault offset 0x0002cb28, process id 0x1398, application
start time 0x01cb7950c6ec7eeb.

Error - 10/31/2010 7:14:34 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/31/2010 7:30:24 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/2/2010 6:51:11 PM | Computer Name = Shugs-Duo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/2/2010 9:29:15 PM | Computer Name = Shugs-Duo | Source = Application Error | ID = 1000
Description = Faulting application Ventrilo.exe, version 3.0.1.0, time stamp 0x473f5606,
faulting module Ventrilo.exe, version 3.0.1.0, time stamp 0x473f5606, exception
code 0xc0000005, fault offset 0x00087867, process id 0x1298, application start time
0x01cb7ae0c95cc9b2.

[ System Events ]
Error - 10/31/2010 8:05:10 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =

Error - 10/31/2010 8:05:10 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =

Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =

Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =

Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =

Error - 10/31/2010 8:05:11 PM | Computer Name = Shugs-Duo | Source = DCOM | ID = 10016
Description =

Error - 11/2/2010 6:48:30 PM | Computer Name = Shugs-Duo | Source = HTTP | ID = 15016
Description =

Error - 11/2/2010 6:48:49 PM | Computer Name = Shugs-Duo | Source = Service Control Manager | ID = 7000
Description =

Error - 11/2/2010 6:48:49 PM | Computer Name = Shugs-Duo | Source = Service Control Manager | ID = 7023
Description =

Error - 11/2/2010 6:48:49 PM | Computer Name = Shugs-Duo | Source = Service Control Manager | ID = 7026
Description =


< End of report >



OTL logfile created on: 11/3/2010 5:25:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.77 Gb Total Space | 69.56 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 4.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 930.86 Gb Total Space | 475.57 Gb Free Space | 51.09% Space Free | Partition Type: NTFS
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHUGS-DUO | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Richard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Richard\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\VentSrv\ventrilo_srv.exe ()
PRC - C:\Program Files\VentSrv\ventrilo_svc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Users\Richard\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe File not found
SRV - (FastUserSwitchingCompatibility) -- C:\Windows\System32\FastUv32.dll File not found
SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (Ventrilo) -- C:\Program Files\VentSrv\ventrilo_svc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ivusb) -- C:\Windows\System32\DRIVERS\ivusb.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-814749126-3938140228-794553022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-814749126-3938140228-794553022-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.shacknews.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.17.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 10:57:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 18:05:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 18:05:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/29 20:26:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/08/27 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2010/08/27 19:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/02 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\25fdo6ir.default\extensions
[2010/10/29 15:37:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\25fdo6ir.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/25 19:43:30 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\25fdo6ir.default\extensions\battlefieldheroespatcher@ea.com
[2010/11/02 17:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 16:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/17 09:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/31 17:52:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\Launch.exe ()
O4 - HKU\S-1-5-21-814749126-3938140228-794553022-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-814749126-3938140228-794553022-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.217.126.81 207.217.77.82
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 15:00:27 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 17:23:59 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2010/11/03 08:24:59 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/11/03 08:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/31 17:52:39 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\SmitfraudFix
[2010/10/31 17:36:16 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/10/31 17:08:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/31 17:08:05 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\temp
[2010/10/31 17:03:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/31 16:30:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/31 16:30:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/31 16:30:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/31 16:30:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/31 16:29:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/31 16:23:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/31 16:22:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/31 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/31 15:06:28 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
[2010/10/31 15:06:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/31 15:06:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/31 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/31 15:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/31 13:36:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/31 13:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/31 13:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/31 10:03:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\WinPatrol
[2010/10/31 10:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/10/31 03:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/10/30 23:00:09 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/30 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Aimersoft Video Converter
[2010/10/30 20:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2010/10/29 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Hothead Games
[2010/10/26 18:25:25 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\NVIDIA
[2010/10/17 09:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/17 09:46:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/17 09:46:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/17 09:46:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/14 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Namco
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/03 17:24:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2010/11/03 16:57:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814749126-3938140228-794553022-1000UA.job
[2010/11/03 15:48:25 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 15:48:25 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 09:02:25 | 067,141,321 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/11/03 08:14:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/11/02 23:57:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814749126-3938140228-794553022-1000Core.job
[2010/11/02 17:54:52 | 000,633,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/02 17:54:52 | 000,117,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/02 17:48:41 | 000,056,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/02 17:48:40 | 000,056,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/02 17:48:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/02 17:48:27 | 3488,133,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/31 18:06:44 | 003,896,823 | ---- | M] () -- C:\Users\Richard\Desktop\zzz.exe
[2010/10/31 17:53:03 | 000,002,846 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/10/31 17:53:03 | 000,000,691 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\GetValue.vbs
[2010/10/31 17:53:03 | 000,000,035 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\SetValue.bat
[2010/10/31 17:52:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/31 17:50:35 | 001,872,472 | ---- | M] () -- C:\Users\Richard\Desktop\SmitfraudFix.exe
[2010/10/31 17:39:56 | 000,189,030 | ---- | M] () -- C:\MGlogs.zip
[2010/10/31 15:44:35 | 000,010,572 | ---- | M] () -- C:\Windows\UEDIT32.INI
[2010/10/31 15:34:44 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/31 15:06:24 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/31 13:33:58 | 002,400,464 | ---- | M] () -- C:\MGtools.exe
[2010/10/31 10:34:25 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/25 07:51:15 | 003,607,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/31 18:06:22 | 003,896,823 | ---- | C] () -- C:\Users\Richard\Desktop\zzz.exe
[2010/10/31 17:59:57 | 3488,133,120 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/31 17:53:03 | 000,002,846 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/10/31 17:53:03 | 000,000,691 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\GetValue.vbs
[2010/10/31 17:53:03 | 000,000,035 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\SetValue.bat
[2010/10/31 17:50:20 | 001,872,472 | ---- | C] () -- C:\Users\Richard\Desktop\SmitfraudFix.exe
[2010/10/31 17:36:17 | 000,189,030 | ---- | C] () -- C:\MGlogs.zip
[2010/10/31 16:30:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/31 16:30:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/31 16:30:04 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/31 16:30:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/31 16:30:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/31 15:34:44 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/31 15:06:24 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/31 13:33:53 | 002,400,464 | ---- | C] () -- C:\MGtools.exe
[2010/10/25 07:50:50 | 003,607,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/14 19:33:53 | 000,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2009/11/21 14:34:22 | 000,056,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/21 14:34:22 | 000,056,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/25 09:36:47 | 000,000,095 | ---- | C] () -- C:\Users\Richard\AppData\Local\fusioncache.dat
[2008/12/23 13:41:35 | 000,000,069 | ---- | C] () -- C:\Windows\drD3D.ini
[2008/12/02 18:59:55 | 000,010,572 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2008/12/01 23:41:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/09/06 16:19:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/04/06 12:56:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/03/01 20:49:55 | 000,000,031 | ---- | C] () -- C:\Windows\Q3CDKey.ini
[2008/02/22 18:28:03 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/02/22 18:28:03 | 000,139,152 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\PnkBstrK.sys
[2008/02/22 18:27:30 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2008/02/22 17:36:21 | 000,000,525 | ---- | C] () -- C:\Windows\QIII.INI
[2008/02/09 21:04:00 | 000,050,688 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/07 20:44:04 | 000,000,680 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2004/08/13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:B4AF47A7

< End of report >



GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-04 08:04:39
Windows 6.0.6001 Service Pack 1
Running: z1c9sslf.exe; Driver: C:\Users\Richard\AppData\Local\Temp\kglyipod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x90617620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 854 81EF8E18 4 Bytes [20, 76, 61, 90] {AND [ESI+0x61], DH; NOP }

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1588] kernel32.dll!SetUnhandledExceptionFilter 76D56E2D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [733D98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7339D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7338F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73391E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7338E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7339D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7339012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73390095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [733871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7341D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [733B75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7338DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7338668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [733866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73397BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73397599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [733CB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
shugz
Regular Member
 
Posts: 20
Joined: May 15th, 2007, 11:44 am

Re: Follow up HJT examination requested

Unread postby deltalima » November 4th, 2010, 9:25 am

Hi shugz,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Now run a quick scan with Malwarebytes and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Follow up HJT examination requested

Unread postby shugz » November 5th, 2010, 9:22 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, November 5, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, November 04, 2010 14:55:09
Records in database: 4212653
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 158089
Threats found: 2
Infected objects found: 1
Suspicious objects found: 3
Scan duration: 05:13:23


File name / Threat / Threats count
C:\Users\Richard\AppData\Roaming\Thunderbird\Profiles\gfd0temc.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\65891f0d-3932b903 Infected: Trojan-Downloader.Java.OpenConnection.bw 1

Selected area has been scanned.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5009

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11/5/2010 8:10:16 AM
mbam-log-2010-11-05 (08-10-16).txt

Scan type: Quick scan
Objects scanned: 153785
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
shugz
Regular Member
 
Posts: 20
Joined: May 15th, 2007, 11:44 am

Re: Follow up HJT examination requested

Unread postby deltalima » November 5th, 2010, 3:20 pm

Hi shugz,

Threats found: 2


The item in the Java cache can be removed as follows.

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

The other item will be more difficult to find, it is held within an email attachment in the Thunderbird inbox for a user named gfd0temc. I can't identify the particular email.

Please check though your emails to see if there are any emails with attachments and delete any attachments that you do not recognise and cannot trust.

Once this is done then please empty deleted items and then compact the mail file.

Next run another Kaspersky scan. This may need to be done several times until the infected email can be eliminated.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Follow up HJT examination requested

Unread postby shugz » November 7th, 2010, 8:48 pm

I deleted all email items from Thunderbird and compacted the folders. Ran another Kaspersky online virus scan per the instructions you gave me previously.

Kaspersky found no infections or threats so there was no report to paste in this reply. I also ran the TFC scan as well.
shugz
Regular Member
 
Posts: 20
Joined: May 15th, 2007, 11:44 am

Re: Follow up HJT examination requested

Unread postby deltalima » November 8th, 2010, 5:09 am

Hi shugz,

After a thorough check your logs appear to be clean.

Here are some steps you can take to help keep it that way.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Make sure you update Windows Vista to SP2 and Internet Explorer to version 8[/color
[color=blue]Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Follow up HJT examination requested

Unread postby shugz » November 8th, 2010, 7:21 pm

Thanks so much for all of your time and assistance deltalima. You are a great asset to the Malware Removal.com team and I appreciate all that you guys do!

I will follow your advice diligently!


Thanks again
shugz
Regular Member
 
Posts: 20
Joined: May 15th, 2007, 11:44 am

Re: Follow up HJT examination requested

Unread postby deltalima » November 9th, 2010, 4:25 am

You're welcome!

Glad we could help.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Follow up HJT examination requested

Unread postby muppy03 » November 9th, 2010, 4:30 am

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 387 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware