Jump to content

Search Engine Hijack/Trojan Virus


Recommended Posts

I have tried several times to clear my system of this virus and every time I think it's gone...it comes back. It has happened in both IE & Firefox. Here are logs for your review. Please let me know what I should do as my next step. I am desperate to have my computer back to normal. :unsure:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7673

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

9/8/2011 1:01:47 PM

mbam-log-2011-09-08 (13-01-47).txt

Scan type: Full scan (C:\|)

Objects scanned: 358770

Time elapsed: 1 hour(s), 15 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-09-06.03 - Jamie 09/06/2011 15:02:36.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1867 [GMT -4:00]

Running from: c:\users\Jamie\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\programdata\DisplayProfilePolicy.dll

c:\users\Jamie\AppData\Local\{3166B31F-4AE9-4E34-9002-F962DA347E52}

c:\users\Jamie\AppData\Local\{3166B31F-4AE9-4E34-9002-F962DA347E52}\chrome.manifest

c:\users\Jamie\AppData\Local\{3166B31F-4AE9-4E34-9002-F962DA347E52}\chrome\content\_cfg.js

c:\users\Jamie\AppData\Local\{3166B31F-4AE9-4E34-9002-F962DA347E52}\chrome\content\overlay.xul

c:\users\Jamie\AppData\Local\{3166B31F-4AE9-4E34-9002-F962DA347E52}\install.rdf

c:\users\Jamie\AppData\Local\Windows Server

c:\users\Jamie\AppData\Roaming\Adobe\plugs

c:\users\Jamie\AppData\Roaming\Adobe\shed

c:\users\Jamie\Desktop\Setup.exe

c:\users\Jamie\Favorites\Translator.url

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\system

c:\windows\Update.bat

.

.

((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))

.

.

2011-09-06 19:13 . 2011-09-06 19:13 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-06 19:13 . 2011-09-06 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-06 18:55 . 2011-09-06 18:55 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5308FEAB-E397-494A-A7AF-3A6F7C4768DF}\MpKsla123e8b6.sys

2011-09-06 13:11 . 2011-09-06 13:11 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5308FEAB-E397-494A-A7AF-3A6F7C4768DF}\MpKsl8f9b002c.sys

2011-09-05 21:11 . 2011-08-11 23:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5308FEAB-E397-494A-A7AF-3A6F7C4768DF}\mpengine.dll

2011-09-01 22:51 . 2011-09-03 01:33 -------- d-----w- c:\users\Jamie\riotsGamesLogs

2011-08-23 14:30 . 2011-08-11 23:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-22 15:05 . 2011-08-22 15:05 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E6B840E-5F48-4FE3-AFD3-E23045C344E5}\gapaengine.dll

2011-08-22 14:47 . 2011-08-22 14:49 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-19 13:25 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A16107F-C114-4E0A-B51C-C0958D008A7D}\mpengine.dll

2011-08-12 13:51 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 13:35 . 2011-08-11 04:31 -------- d-----w- c:\windows\chromecache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 23:52 . 2010-04-06 22:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-04-06 22:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-01 03:01 . 2011-03-24 13:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"AOLUpdate"="c:\users\Jamie\AppData\Local\AOL\AOLUpdate\AOLupdt32.exe" [2011-09-04 56832]

"Logitech-LSUpdate"="c:\users\Jamie\AppData\Local\Logitech-LS\Logitech-LSUpdate\Logitech-LSupdt32.exe" [2011-09-06 55808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-26 563984]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2010-4-10 0]

Epson all-in-one Registration.lnk - h:\common\EpsonReg\EpsonReg.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-3 113664]

BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-8-7 2342912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2008-10-17 22:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-07-26 00:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

2008-02-25 15:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

R1 MpKsld337ebe7;MpKsld337ebe7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AF03A19-4B8F-420F-AF81-9A5F1B654B5D}\MpKsld337ebe7.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2011-08-10 94880]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 vtayn;vtayn;c:\users\Jamie\AppData\Local\Temp\vtayn.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081212.001\IDSvix86.sys [2008-10-03 270384]

S1 MpKsl8f9b002c;MpKsl8f9b002c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5308FEAB-E397-494A-A7AF-3A6F7C4768DF}\MpKsl8f9b002c.sys [2011-09-06 28752]

S1 MpKsla123e8b6;MpKsla123e8b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5308FEAB-E397-494A-A7AF-3A6F7C4768DF}\MpKsla123e8b6.sys [2011-09-06 28752]

S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-07-30 185640]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

*NewlyCreated* - MPKSLA123E8B6

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000Core.job

- c:\users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 17:22]

.

2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000UA.job

- c:\users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 17:22]

.

2011-09-03 c:\windows\Tasks\Norton Security Scan for Jamie.job

- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-25 08:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=0808&m=et1161-03

uInternet Settings,ProxyServer = http=127.0.0.1:53151

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-conhost - c:\users\Jamie\AppData\Roaming\Microsoft\conhost.exe

HKCU-Run-DisplayProfilePolicy - c:\programdata\DisplayProfilePolicy.dll

HKLM-Run-eRecoveryService - (no file)

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-06 15:13

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3390993023-3469287136-1258201396-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71D44C5B-3340-2B61-1CA6-57556844BF80}*]

"dakiegkd"=hex:64,62,6a,67,64,6c,65,6a,68,68,65,63,68,69,6a,6c,67,61,63,6b,64,

62,6e,6d,63,66,62,66,6c,6d,70,6a,6c,6f,6a,69,69,66,6e,63,00,00

"ianfnnnaegkjlpbnja"=hex:6a,61,65,62,6d,70,68,67,6b,66,62,6f,61,68,67,6c,69,69,

63,66,00,00

"hahghekbkjgbekli"=hex:6a,61,65,62,6d,70,68,67,6b,66,62,6f,61,68,67,6c,69,69,

63,66,00,00

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-09-06 15:15:57

ComboFix-quarantined-files.txt 2011-09-06 19:15

.

Pre-Run: 137,444,593,664 bytes free

Post-Run: 145,641,283,584 bytes free

.

- - End Of File - - A742AE8191C947036336409BC76AD524

And just today...MSE located the following & removed them AGAIN:

TrojanDownloader:Win32/Tracur.AA

TrojanDownloader:Win32/Tracur.AB

Tracur is a reoccurring Trojan DLer that comes back each time with a different letter attached to it.

Exploit:Java/CVE-2008-5353.PG is another one that has come up several times with other Exploits.

This is also reoccurring:

09:09:58 Jamie MESSAGE Protection started successfully

09:10:03 Jamie MESSAGE IP Protection started successfully

15:20:12 Jamie IP-BLOCK 91.217.153.48 (Type: outgoing, Port: 55678, Process: firefox.exe)

16:20:09 Jamie IP-BLOCK 91.217.153.48 (Type: outgoing, Port: 55743, Process: firefox.exe)

18:56:52 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56845, Process: firefox.exe)

18:57:32 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56895, Process: firefox.exe)

19:19:43 Jamie IP-BLOCK 91.217.153.48 (Type: outgoing, Port: 57193, Process: firefox.exe)

20:13:33 Jamie MESSAGE Scheduled update executed successfully

20:13:35 Jamie MESSAGE IP Protection stopped

20:13:43 Jamie MESSAGE Database updated successfully

20:13:46 Jamie MESSAGE IP Protection started successfully

20:27:29 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 57585, Process: firefox.exe)

20:28:57 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 57715, Process: firefox.exe)

PLEASE HELP!!

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Looks like you're running 2 anti-virus programs.

AV: Microsoft Security Essentials

AV: Norton 360

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove

Norton 360

Next::

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL log

Link to post
Share on other sites

I actually did not know I still had Norton 360 on this computer when I installed the other antivirus program......YIKES! I have uninstalled and ran OTL...here are the results:

OTL logfile created on: 9/8/2011 5:07:48 PM - Run 1

OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Jamie\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.52% Memory free

6.21 Gb Paging File | 5.20 Gb Available in Paging File | 83.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.09 Gb Total Space | 138.21 Gb Free Space | 47.97% Space Free | Partition Type: NTFS

Computer Name: GAMEPC | User Name: Jamie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jamie\Desktop\OTL.exe (OldTimer Tools)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

PRC - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (MpKslfc6a6739) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20A158DF-E83C-4955-B506-0BA9D38EE6BC}\MpKslfc6a6739.sys (Microsoft Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=0808&m=et1161-03

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53151

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {3166B31F-4AE9-4E34-9002-F962DA347E52}:1.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jamie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jamie\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jamie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jamie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/09/01 09:18:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 22:27:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 11:21:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 22:27:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 11:21:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 22:27:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 11:21:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Jamie\AppData\Roaming\Move Networks [2011/09/01 23:48:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3166B31F-4AE9-4E34-9002-F962DA347E52}: C:\Users\Jamie\AppData\Local\{3166B31F-4AE9-4E34-9002-F962DA347E52}

[2010/02/02 18:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions

[2011/09/04 14:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions

[2010/02/03 13:16:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/07 14:17:11 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com

[2010/12/07 14:17:11 | 000,001,919 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\searchplugins\bing-zugo.xml

[2011/03/24 09:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/27 12:33:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/09/01 09:18:16 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAFTB0PN.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI

[2011/09/06 22:27:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/27 09:53:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/06 15:13:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [AdobeUpdate] C:\Users\Jamie\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.exe (The Imaging Source Europe GmbH)

O4 - HKCU..\Run: [MouseProfilePolicy] C:\ProgramData\MouseProfilePolicy.dll (The Imaging Source Europe GmbH)

O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C723B582-89C9-46B3-BED0-D6447C13A797}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 16:47:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/09/08 16:46:39 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe

[2011/09/08 13:27:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jamie\Desktop\dds.scr

[2011/09/07 14:20:06 | 000,184,832 | ---- | C] (The Imaging Source Europe GmbH) -- C:\ProgramData\MouseProfilePolicy.dll

[2011/09/06 15:16:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/09/06 14:14:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/09/06 14:14:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/09/06 14:14:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/09/06 14:14:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/09/06 14:11:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/01 18:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\riotsGamesLogs

[2011/08/31 20:14:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Sun

[2011/08/30 19:28:16 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Downloads

[2011/08/22 10:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/08/10 09:35:53 | 000,000,000 | ---D | C] -- C:\Windows\chromecache

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 17:00:09 | 000,055,733 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/09/08 17:00:09 | 000,055,733 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/09/08 16:59:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/09/08 16:59:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/09/08 16:59:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/09/08 16:59:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/09/08 16:48:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000UA.job

[2011/09/08 16:47:03 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe

[2011/09/08 13:28:12 | 000,302,592 | ---- | M] () -- C:\Users\Jamie\Desktop\vsnczft1.exe

[2011/09/08 13:27:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jamie\Desktop\dds.scr

[2011/09/08 13:23:46 | 000,000,000 | ---- | M] () -- C:\Users\Jamie\defogger_reenable

[2011/09/08 13:22:58 | 000,050,477 | ---- | M] () -- C:\Users\Jamie\Desktop\Defogger.exe

[2011/09/08 09:48:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000Core.job

[2011/09/07 14:20:06 | 000,184,832 | ---- | M] (The Imaging Source Europe GmbH) -- C:\ProgramData\MouseProfilePolicy.dll

[2011/09/06 15:13:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/09/06 11:20:46 | 000,318,130 | ---- | M] () -- C:\Users\Jamie\AppData\Local\census.cache

[2011/09/06 11:18:50 | 000,208,015 | ---- | M] () -- C:\Users\Jamie\AppData\Local\ars.cache

[2011/09/06 10:58:16 | 000,000,036 | ---- | M] () -- C:\Users\Jamie\AppData\Local\housecall.guid.cache

[2011/09/04 14:06:13 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/30 13:24:08 | 000,001,440 | ---- | M] () -- C:\Windows\WinInit.Ini

[2011/08/29 14:43:15 | 000,085,504 | ---- | M] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/27 14:20:05 | 000,002,265 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/08/22 10:49:46 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/08/22 10:48:35 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/08/22 10:48:35 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/08/09 18:33:14 | 000,000,000 | ---- | M] () -- C:\Users\Jamie\Desktop\New Adobe Photoshop Image (2).psd

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/08 13:28:06 | 000,302,592 | ---- | C] () -- C:\Users\Jamie\Desktop\vsnczft1.exe

[2011/09/08 13:23:46 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\defogger_reenable

[2011/09/08 13:22:57 | 000,050,477 | ---- | C] () -- C:\Users\Jamie\Desktop\Defogger.exe

[2011/09/06 14:14:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/09/06 14:14:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/09/06 14:14:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/09/06 14:14:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/09/06 14:14:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/09/06 11:20:46 | 000,318,130 | ---- | C] () -- C:\Users\Jamie\AppData\Local\census.cache

[2011/09/06 11:18:50 | 000,208,015 | ---- | C] () -- C:\Users\Jamie\AppData\Local\ars.cache

[2011/09/06 10:58:16 | 000,000,036 | ---- | C] () -- C:\Users\Jamie\AppData\Local\housecall.guid.cache

[2011/09/04 14:06:13 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/24 11:21:31 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk

[2011/08/22 10:49:46 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/08/22 10:48:01 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/08/09 18:33:14 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\Desktop\New Adobe Photoshop Image (2).psd

[2011/08/08 00:18:28 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2011/08/06 17:47:42 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2011/08/06 17:47:42 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2011/08/06 17:47:42 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2011/08/06 17:47:42 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2011/08/06 17:47:42 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2011/08/06 17:47:42 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2011/08/06 17:47:42 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2011/08/06 17:47:42 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2011/08/06 17:47:42 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2011/08/06 17:47:42 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2011/08/06 17:47:42 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2011/08/06 17:47:42 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2011/08/06 17:47:42 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2011/08/06 17:47:42 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2011/08/06 17:47:42 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2011/08/06 17:47:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2011/08/06 17:45:07 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini

[2011/05/26 16:31:19 | 000,010,758 | -HS- | C] () -- C:\Users\Jamie\AppData\Local\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v

[2011/05/26 16:31:19 | 000,010,758 | -HS- | C] () -- C:\ProgramData\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v

[2010/12/07 14:17:00 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe

[2010/12/07 14:17:00 | 000,027,057 | ---- | C] () -- C:\Windows\unins000.dat

[2010/11/27 19:45:22 | 000,126,024 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010/08/31 14:12:24 | 000,055,733 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010/08/31 14:12:22 | 000,055,733 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010/06/25 10:31:15 | 000,000,120 | ---- | C] () -- C:\Users\Jamie\AppData\Local\Ykuxi.dat

[2010/06/25 10:31:15 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\AppData\Local\Pmotozu.bin

[2010/04/10 13:51:10 | 000,001,440 | ---- | C] () -- C:\Windows\WinInit.Ini

[2010/04/05 11:59:08 | 000,010,630 | -HS- | C] () -- C:\Users\Jamie\AppData\Local\GbW53PfLB

[2010/04/05 11:59:08 | 000,010,618 | -HS- | C] () -- C:\ProgramData\GbW53PfLB

[2010/02/02 18:15:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/02/24 21:27:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/12/10 01:47:04 | 000,000,552 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d8caps.dat

[2008/12/07 22:09:07 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/12/07 06:20:29 | 000,085,504 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/04 19:34:48 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2008/11/10 07:02:56 | 000,009,080 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat

[2008/10/18 19:09:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2008/10/18 19:09:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/08/29 20:58:44 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2008/08/07 17:55:16 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2007/07/18 21:42:42 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini

[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/15 17:07:26 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\.minecraft

[2011/05/10 15:52:27 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\AEDE3D1F73E7DC3C903F22B2C4B148D4

[2010/06/14 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\AVG9

[2011/08/07 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Epson

[2010/06/17 10:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Facebook

[2010/01/06 20:57:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\FileZilla

[2010/04/08 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\FlashGet

[2011/08/06 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Leadertech

[2011/05/22 19:54:12 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LolClient

[2011/09/08 17:09:18 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mumble

[2010/12/07 14:13:39 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\OverDrive

[2010/06/25 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\qyrlihnad

[2010/08/25 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Snapfish

[2009/08/06 20:48:32 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\TeamViewer

[2009/05/30 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\uTorrent

[2011/09/08 16:58:24 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2008/01/20 22:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr

[2008/08/07 18:34:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2011/09/06 15:15:57 | 000,013,863 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2006/12/07 14:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll

[2009/01/21 19:04:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/11/01 21:44:13 | 000,000,368 | -H-- | M] () -- C:\IPH.PH

[2008/08/07 18:16:48 | 000,000,165 | ---- | M] () -- C:\Labelprint.log

[2010/07/11 10:34:38 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2009/01/21 19:04:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/09/08 16:59:30 | 3533,451,264 | -HS- | M] () -- C:\pagefile.sys

[2008/08/07 18:17:05 | 000,000,163 | ---- | M] () -- C:\power2go.log

[2008/08/07 18:05:02 | 000,000,441 | ---- | M] () -- C:\RHDSetup.log

[2010/07/06 11:28:24 | 000,106,496 | -H-- | M] () -- C:\SZKGFS.dat

< %systemroot%\Fonts\*.com >

[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2008/12/02 22:57:09 | 000,000,286 | -HS- | M] () -- C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2011/09/08 13:22:58 | 000,050,477 | ---- | M] () -- C:\Users\Jamie\Desktop\Defogger.exe

[2011/07/15 17:05:54 | 000,270,142 | ---- | M] () -- C:\Users\Jamie\Desktop\Minecraft.exe

[2011/09/08 16:47:03 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe

[2011/09/08 13:28:12 | 000,302,592 | ---- | M] () -- C:\Users\Jamie\Desktop\vsnczft1.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2008/10/18 19:01:50 | 000,000,402 | -HS- | M] () -- C:\Users\Jamie\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

[2010/04/06 10:41:41 | 000,010,618 | -HS- | M] () -- C:\ProgramData\GbW53PfLB

[2011/09/07 14:20:06 | 000,184,832 | ---- | M] (The Imaging Source Europe GmbH) -- C:\ProgramData\MouseProfilePolicy.dll

[2011/09/08 17:00:09 | 000,055,733 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/05/26 16:33:16 | 000,010,758 | -HS- | M] () -- C:\ProgramData\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-19 13:26:00

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 9/8/2011 5:07:48 PM - Run 1

OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Jamie\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.52% Memory free

6.21 Gb Paging File | 5.20 Gb Available in Paging File | 83.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.09 Gb Total Space | 138.21 Gb Free Space | 47.97% Space Free | Partition Type: NTFS

Computer Name: GAMEPC | User Name: Jamie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = ComFile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{5FB63741-9FFB-4064-B8BA-797B65C9F5F3}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

"{A554B95F-8E73-471A-9C97-E20BBA712D1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D8C683B8-0FAE-44BA-B444-82FF564609D4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{077A1E07-B0BF-4731-80FC-F63F928E0D79}" = protocol=17 | dir=in | app=c:\users\jamie\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{07E93EA7-3A84-4C1F-9363-72045D85BD22}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"{12D84FAC-A0D5-4A7C-91CD-43DB45D91A99}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{29050714-69F8-4C54-950A-C4276001CD4E}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{2F745A0B-D060-455A-85FD-0DF262A697B4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{305170B8-A0B4-4938-9B00-93FCFA190E4E}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{31B5D71B-8691-417A-8C0A-10AA2DF139FD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{3533112F-2621-4327-8FB5-E04578059BCB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{3B1F8F40-C6E1-4D4A-AF7A-05B7908EF682}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{3B8F8D66-7874-485B-96B1-BAB4C4D4F37F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{43EFBB7E-2D07-4C64-81C4-CCBC4105E9C5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\condition zero\hl.exe |

"{497D440F-604E-4E4E-B662-BD18808229E4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{49FC4F89-731F-41A9-AC3A-98F75DE864FE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{4B426856-4F46-452E-97A3-DA8E4D7BFF68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{4E7155D9-C078-43A9-8A4C-4B3E1B4F5327}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{55A05E2A-03FB-450E-8D73-B843B951EC84}" = protocol=6 | dir=in | app=c:\users\jamie\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{602039E0-994C-47FC-9E94-F2A615AC0270}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{60409946-9245-4517-8F0C-D10A19557CF3}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |

"{6222753F-F637-42DE-970C-D7A1620104EF}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{720B6765-3FD5-4D2E-B598-B77BF7FBDADF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{74E0926C-E040-4587-AA22-64C7C0617D45}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7A4B1AD7-7806-4F8D-8135-667C9C697BE0}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{7CECE055-2D3A-4E4C-ADEA-F981097FF7D5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{84179607-0C69-48C3-9156-90222C8ECE86}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8D213CEC-7FC6-4694-BA60-F05896297BDE}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |

"{9E1866EF-DA9A-4A5F-81ED-7C21CEDB75D1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\counter-strike\hl.exe |

"{A1603BB4-1E7C-4E0F-B6F0-B395497A1F7A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\counter-strike\hl.exe |

"{A1BA350A-F091-47DA-8252-BA8484991F8E}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |

"{A508EA36-A05B-4DAE-8500-6326C4306911}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{ADD6FA7A-3D20-4A80-B7E9-18CD096E3792}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{B59CA311-2756-4C2D-B5F3-2962033FBFAB}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{B9F61703-9BF7-4718-95D5-950111DA798C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{BAA67916-6349-4C44-953B-9435FE10CE00}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\condition zero\hl.exe |

"{C0636201-AECC-4FA6-A22A-B6806A428F02}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"{DD1E3AC1-4BC2-437B-BDC4-28A033265FDE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{DF118E47-4FD2-4DB7-9E99-4CB58547FD66}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{E141A245-64AC-436B-A04F-43B5B75830E6}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |

"{E5DB768F-DC32-400E-B3C2-7ACBB7C81FB3}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{F678E612-DBC0-405E-B322-9DCA7A961B66}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FC2B3F7E-5599-48EE-B14C-DF99EE0F788B}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"TCP Query User{04A91309-A74C-4565-B5AC-EE9EAA5D9577}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |

"TCP Query User{1E264F05-4972-47B5-9E91-B6163546887E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{41BD938F-4795-43B4-A146-9A699584A716}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"TCP Query User{5730C81E-CDE3-490F-BCA9-11220D9AF7A7}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"TCP Query User{60F74525-86D0-4D95-9681-34CCCC61A6DD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{6DE0CD10-0CBA-446F-9E83-1DD323D2CB41}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"TCP Query User{AB9EEB73-4E7B-447A-8431-7743EE258463}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"TCP Query User{E021CC0A-7E23-4182-BDEB-A4D89F07A175}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{177D25AB-8F4B-4919-A871-A03C0BA4D0F1}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"UDP Query User{3A545517-0FAB-4C46-8620-5430DA41D5FA}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"UDP Query User{3C204C54-56F2-4E46-B129-DA4B11A70799}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{6D6A74EC-4E08-4075-AD53-DC96361000A2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{7EF6F09E-52AA-4D2E-A9E7-D95CED20EE1C}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

"UDP Query User{8BB72533-356C-42BD-BCE6-B5A813AA49D3}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"UDP Query User{B4FF40F3-6D08-4292-A422-1D15212F17CE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{B7F7F187-7EAD-4DCF-8300-2B01C17A416A}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 21

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Quick Web Player

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{79E914E8-0264-37B4-825D-FC79A793BAEE}" = ATI Catalyst Install Manager

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare

"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"7-Zip" = 7-Zip 4.57

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"AstrumNival Allods" = Allods Online 1.1.02.58

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP

"DivX Setup.divx.com" = DivX Setup

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"EPSON WorkForce 630 Series" = EPSON WorkForce 630 Series Printer Uninstall

"Fraps" = Fraps (remove only)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Picasa 3" = Picasa 3

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"QcDrv" = Logitech® Camera Driver

"Steam App 100" = Condition Zero Deleted Scenes

"Steam App 80" = Condition Zero

"Veetle TV" = Veetle TV 0.9.18

"WildTangent emachines Master Uninstall" = eMachines Games

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"Facebook Plug-In" = Facebook Plug-In

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/8/2011 1:11:19 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/8/2011 1:11:19 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/8/2011 1:11:19 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/8/2011 1:11:19 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/8/2011 1:11:20 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/8/2011 1:11:20 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/8/2011 1:32:02 PM | Computer Name = GamePC | Source = WinMgmt | ID = 10

Description =

Error - 9/8/2011 1:45:10 PM | Computer Name = GamePC | Source = Perflib | ID = 1010

Description =

Error - 9/8/2011 4:59:51 PM | Computer Name = GamePC | Source = WinMgmt | ID = 10

Description =

Error - 9/8/2011 5:06:31 PM | Computer Name = GamePC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.27.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Problem Reports and Solutions control panel. Process

ID: a44 Start Time: 01cc6e6a54c3a906 Termination Time: 0

[ System Events ]

Error - 9/8/2011 9:14:07 AM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/8/2011 9:14:23 AM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

Error - 9/8/2011 9:14:35 AM | Computer Name = GamePC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 9/8/2011 1:31:46 PM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/8/2011 1:32:02 PM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

Error - 9/8/2011 1:32:14 PM | Computer Name = GamePC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 9/8/2011 1:56:39 PM | Computer Name = GamePC | Source = nvstor32 | ID = 262149

Description = A parity error was detected on \Device\RaidPort0.

Error - 9/8/2011 2:33:58 PM | Computer Name = GamePC | Source = nvstor32 | ID = 262149

Description = A parity error was detected on \Device\RaidPort0.

Error - 9/8/2011 4:59:36 PM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/8/2011 4:59:51 PM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

< End of report >

Link to post
Share on other sites

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Save this as fixme.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and describe how your computer behaves at the moment.

Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    C:\Users\Jamie\AppData\Local\GbW53PfLB
    [2010/04/05 11:59:08 | 000,010,618 | -HS- | C] () -- C:\ProgramData\GbW53PfLB
    C:\Users\Jamie\AppData\Local\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v
    C:\ProgramData\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v
    C:\Users\Jamie\AppData\Roaming\AEDE3D1F73E7DC3C903F22B2C4B148D4
    C:\ProgramData\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53151
    [2010/12/07 14:17:11 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com
    [2010/12/07 14:17:11 | 000,001,919 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\searchplugins\bing-zugo.xml

    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

My google searches are still being redirected. Otherwise the machine seems to be running well.

As soon as I tried to google something, I got redirected and MLB says:

09:03:17 Jamie MESSAGE Protection started successfully

09:03:23 Jamie MESSAGE IP Protection started successfully

09:29:36 Jamie MESSAGE Protection started successfully

09:29:41 Jamie MESSAGE IP Protection started successfully

10:05:15 Jamie MESSAGE Protection started successfully

10:05:21 Jamie MESSAGE IP Protection started successfully

10:08:07 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49307, Process: firefox.exe)

Here is the log from OTL:

All processes killed

========== OTL ==========

C:\ProgramData\GbW53PfLB moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com\defaults\preferences folder moved successfully.

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com\defaults folder moved successfully.

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com\components folder moved successfully.

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com\chrome\skin folder moved successfully.

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com\chrome\content folder moved successfully.

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com\chrome folder moved successfully.

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\searchtoolbar@zugo.com folder moved successfully.

C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\searchplugins\bing-zugo.xml moved successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest

User: Jamie

->Flash cache emptied: 1919127 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Jamie

->Temp folder emptied: 145553 bytes

->Temporary Internet Files folder emptied: 3162988255 bytes

->Java cache emptied: 228275 bytes

->FireFox cache emptied: 45324532 bytes

->Apple Safari cache emptied: 12730368 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1296082905 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 13096 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,308.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09092011_095916

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

ComboFix 11-09-06.03 - Jamie 09/09/2011 11:26:27.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2047 [GMT -4:00]

Running from: c:\users\Jamie\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\MouseProfilePolicy.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))

.

.

2011-09-09 15:33 . 2011-09-09 15:33 -------- d-----w- c:\users\Jamie\AppData\Local\temp

2011-09-09 15:33 . 2011-09-09 15:33 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-09 15:33 . 2011-09-09 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-09 14:02 . 2011-09-09 14:02 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92E4B139-99B2-4DD1-9938-3F1C26B405E7}\MpKsla5c7c232.sys

2011-09-09 13:59 . 2011-09-09 13:59 -------- d-----w- C:\_OTL

2011-09-09 13:38 . 2011-08-11 23:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92E4B139-99B2-4DD1-9938-3F1C26B405E7}\mpengine.dll

2011-09-08 13:26 . 2011-08-22 15:05 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 13:25 . 2011-08-22 15:05 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1E4D6D1-9865-4581-977F-8CFF25421707}\gapaengine.dll

2011-09-01 22:51 . 2011-09-03 01:33 -------- d-----w- c:\users\Jamie\riotsGamesLogs

2011-08-23 14:30 . 2011-08-11 23:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-22 14:47 . 2011-08-22 14:49 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-19 13:25 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A16107F-C114-4E0A-B51C-C0958D008A7D}\mpengine.dll

2011-08-12 13:51 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 23:52 . 2010-04-06 22:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-04-06 22:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-07 02:27 . 2011-03-24 13:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"AdobeUpdate"="c:\users\Jamie\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.exe" [2011-09-07 159232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-26 563984]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2010-4-10 0]

Epson all-in-one Registration.lnk - h:\common\EpsonReg\EpsonReg.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-3 113664]

BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-8-7 2342912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-07-26 00:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

R1 MpKsld337ebe7;MpKsld337ebe7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AF03A19-4B8F-420F-AF81-9A5F1B654B5D}\MpKsld337ebe7.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2011-08-10 94880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 vtayn;vtayn;c:\users\Jamie\AppData\Local\Temp\vtayn.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]

S1 MpKsla5c7c232;MpKsla5c7c232;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92E4B139-99B2-4DD1-9938-3F1C26B405E7}\MpKsla5c7c232.sys [2011-09-09 28752]

S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLA5C7C232

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000Core.job

- c:\users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 17:22]

.

2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000UA.job

- c:\users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 17:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=0808&m=et1161-03

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-MouseProfilePolicy - c:\programdata\MouseProfilePolicy.dll

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-osCheck - c:\program files\Norton 360\osCheck.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-09 11:33

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3390993023-3469287136-1258201396-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71D44C5B-3340-2B61-1CA6-57556844BF80}*]

"dakiegkd"=hex:64,62,6a,67,64,6c,65,6a,68,68,65,63,68,69,6a,6c,67,61,63,6b,64,

62,6e,6d,63,66,62,66,6c,6d,70,6a,6c,6f,6a,69,69,66,6e,63,00,00

"ianfnnnaegkjlpbnja"=hex:6a,61,65,62,6d,70,68,67,6b,66,62,6f,61,68,67,6c,69,69,

63,66,00,00

"hahghekbkjgbekli"=hex:6a,61,65,62,6d,70,68,67,6b,66,62,6f,61,68,67,6c,69,69,

63,66,00,00

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-09-09 11:35:02

ComboFix-quarantined-files.txt 2011-09-09 15:35

ComboFix2.txt 2011-09-06 19:15

.

Pre-Run: 154,732,453,888 bytes free

Post-Run: 154,709,327,872 bytes free

.

- - End Of File - - D0BE39F7F25326A9525B309168CB5E80

Link to post
Share on other sites

Done.

So far, my google searches have been clear. However, upon my first search Malwarebytes logged the following (16:45 entry):

09:03:17 Jamie MESSAGE Protection started successfully

09:03:23 Jamie MESSAGE IP Protection started successfully

09:29:36 Jamie MESSAGE Protection started successfully

09:29:41 Jamie MESSAGE IP Protection started successfully

10:05:15 Jamie MESSAGE Protection started successfully

10:05:21 Jamie MESSAGE IP Protection started successfully

10:08:07 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49307, Process: firefox.exe)

10:16:32 Jamie IP-BLOCK 208.64.126.193 (Type: outgoing, Port: 49519, Process: firefox.exe)

10:16:40 Jamie IP-BLOCK 208.64.126.193 (Type: outgoing, Port: 49521, Process: firefox.exe)

10:16:48 Jamie IP-BLOCK 208.64.126.193 (Type: outgoing, Port: 49523, Process: firefox.exe)

10:16:56 Jamie IP-BLOCK 208.64.126.193 (Type: outgoing, Port: 49554, Process: firefox.exe)

10:17:52 Jamie IP-BLOCK 208.64.126.193 (Type: outgoing, Port: 49576, Process: iexplore.exe)

10:18:48 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49656, Process: iexplore.exe)

10:20:41 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49772, Process: firefox.exe)

10:23:53 Jamie IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50633, Process: firefox.exe)

10:26:25 Jamie IP-BLOCK 208.64.126.193 (Type: outgoing, Port: 50824, Process: firefox.exe)

11:20:31 Jamie IP-BLOCK 91.217.153.48 (Type: outgoing, Port: 53196, Process: firefox.exe)

11:24:24 Jamie MESSAGE IP Protection stopped

16:39:28 Jamie MESSAGE Protection started successfully

16:39:33 Jamie MESSAGE IP Protection started successfully

16:45:58 Jamie IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49533, Process: firefox.exe)

Will this start the vicious cycle all over again??

Link to post
Share on other sites

Is this your ISP provider?

67.29.139.153

NetRange: 67.24.0.0 - 67.31.255.255

CIDR: 67.24.0.0/13

OriginAS:

NetName: LC-ORG-ARIN-BLK3

NetHandle: NET-67-24-0-0-1

Parent: NET-67-0-0-0-0

NetType: Direct Allocation

Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

RegDate: 2001-11-07

Updated: 2002-08-08

Ref: http://whois.arin.net/rest/net/NET-67-24-0-0-1

OrgName: Level 3 Communications, Inc.

OrgId: LVLT

Address: 1025 Eldorado Blvd.

City: Broomfield

StateProv: CO

208.64.126.193

NetRange: 208.64.120.0 - 208.64.127.255

CIDR: 208.64.120.0/21

OriginAS: AS32421

NetName: NET-208-64-120-0-1

NetHandle: NET-208-64-120-0-1

Parent: NET-208-0-0-0-0

NetType: Direct Allocation

RegDate: 2005-12-22

Updated: 2009-11-11

Ref: http://whois.arin.net/rest/net/NET-208-64-120-0-1

OrgName: Black Lotus Communications

OrgId: BLC-92

Address: 515 S. Flower St., 36th Floor

City: Los Angeles

StateProv: CA

91.217.153.48

That one goes to

Ukraine Pp Alexey Klimenko

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\Users\Jamie\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll a variant of Win32/Kryptik.SSB trojan cleaned by deleting (after the next restart) - quarantined

C:\Users\Jamie\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.exe a variant of Win32/Kryptik.SSB trojan cleaned by deleting - quarantined

C:\Users\Jamie\AppData\Local\temp\NOD15C0.tmp a variant of Win32/Kryptik.SSB trojan cleaned by deleting - quarantined

C:\Users\Jamie\AppData\Roaming\AEDE3D1F73E7DC3C903F22B2C4B148D4\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\Users\Jamie\AppData\Roaming\AEDE3D1F73E7DC3C903F22B2C4B148D4\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\Users\Jamie\Downloads\setup(2).exe Win32/Toolbar.Zugo application deleted - quarantined

That is not my provider's ISP. I live in GA. My provider is in GA.

Im still receiving IP blocks from MWB, such as the following (before the scan):

00:05:15 Jamie IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 53419, Process: firefox.exe)

00:05:55 Jamie IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 53425, Process: firefox.exe)

00:06:19 Jamie IP-BLOCK 93.174.93.220 (Type: outgoing, Port: 53427, Process: firefox.exe)

01:17:26 Jamie IP-BLOCK 94.100.18.194 (Type: outgoing, Port: 53954, Process: firefox.exe)

12:24:24 Jamie MESSAGE Protection started successfully

12:24:30 Jamie MESSAGE IP Protection started successfully

17:07:48 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52321, Process: firefox.exe)

17:07:49 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52322, Process: firefox.exe)

17:07:49 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52325, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52385, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52412, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52413, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52420, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52421, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52422, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52423, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52424, Process: firefox.exe)

17:07:57 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52425, Process: firefox.exe)

17:08:13 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52455, Process: firefox.exe)

17:08:13 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52456, Process: firefox.exe)

17:08:13 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52457, Process: firefox.exe)

17:08:13 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52458, Process: firefox.exe)

17:08:13 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52459, Process: firefox.exe)

17:08:13 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52460, Process: firefox.exe)

17:08:13 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52461, Process: firefox.exe)

17:08:21 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52511, Process: firefox.exe)

17:08:22 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52513, Process: firefox.exe)

17:08:22 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52514, Process: firefox.exe)

17:08:22 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52518, Process: firefox.exe)

17:08:22 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52526, Process: firefox.exe)

17:08:22 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52534, Process: firefox.exe)

17:08:30 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52617, Process: firefox.exe)

17:08:30 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52618, Process: firefox.exe)

17:08:30 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52619, Process: firefox.exe)

17:08:30 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52620, Process: firefox.exe)

17:08:30 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52621, Process: firefox.exe)

17:08:30 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52622, Process: firefox.exe)

17:08:30 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52623, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52658, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52659, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52660, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52661, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52662, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52663, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52664, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52698, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52699, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52700, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52701, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52702, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52703, Process: firefox.exe)

17:08:38 Jamie IP-BLOCK 208.64.126.194 (Type: outgoing, Port: 52704, Process: firefox.exe)

Link to post
Share on other sites

Let’s try to reset the router to its default configuration.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Link to post
Share on other sites

Well, my google searches are back to being hijacked, I guess. Now, they are all going to http://searchory.com/search?q=

Im not sure what else to do...or why it's not being prevented.

09:27:33 Jamie MESSAGE Protection started successfully

09:27:38 Jamie MESSAGE IP Protection started successfully

09:47:02 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 49989, Process: firefox.exe)

10:35:18 Jamie IP-BLOCK 91.217.153.48 (Type: outgoing, Port: 51357, Process: firefox.exe)

10:57:22 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52242, Process: firefox.exe)

10:57:54 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52251, Process: firefox.exe)

10:58:10 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52259, Process: firefox.exe)

10:58:18 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52263, Process: firefox.exe)

10:58:34 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52267, Process: firefox.exe)

10:59:23 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52317, Process: firefox.exe)

11:01:15 Jamie IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52452, Process: firefox.exe)

I cant search google for anything now without being sent to that & my page coming up saying 'Problem Loading Page - The Connection was reset etc etc'

Link to post
Share on other sites

Please run a new OTL scan.

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL log

Link to post
Share on other sites

After the OTL scan you might just as well do a new Combofix scan

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

OTL logfile created on: 9/14/2011 8:33:18 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Jamie\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.65% Memory free

6.22 Gb Paging File | 5.12 Gb Available in Paging File | 82.31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.09 Gb Total Space | 145.76 Gb Free Space | 50.59% Space Free | Partition Type: NTFS

Computer Name: GAMEPC | User Name: Jamie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jamie\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

PRC - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Windows\System32\msjetoledb40.dll ()

MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()

========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (MpKsldaa55343) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7CEF45DA-8E3E-4A0E-B393-415431D22E71}\MpKsldaa55343.sys (Microsoft Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=0808&m=et1161-03

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {3166B31F-4AE9-4E34-9002-F962DA347E52}:1.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jamie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jamie\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jamie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jamie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/09/01 09:18:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 14:39:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 11:21:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 14:39:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 11:21:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 14:39:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 11:21:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Jamie\AppData\Roaming\Move Networks [2011/09/13 23:57:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3166B31F-4AE9-4E34-9002-F962DA347E52}: C:\Users\Jamie\AppData\Local\{3166B31F-4AE9-4E34-9002-F962DA347E52}

[2010/02/02 18:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions

[2011/09/09 09:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions

[2010/02/03 13:16:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\aaftb0pn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/09/12 14:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/27 12:33:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/09/01 09:18:16 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAFTB0PN.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI

[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/09 11:33:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C723B582-89C9-46B3-BED0-D6447C13A797}: DhcpNameServer = 97.64.209.36 97.64.168.13

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 08:31:29 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe

[2011/09/09 19:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/09/09 19:54:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jamie\Desktop\esetsmartinstaller_enu.exe

[2011/09/09 16:37:01 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/09/09 11:35:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/09/09 11:35:04 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\temp

[2011/09/06 14:14:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/09/01 18:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\riotsGamesLogs

[2011/08/31 20:14:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Sun

[2011/08/30 19:28:16 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Downloads

[2011/08/22 10:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

========== Files - Modified Within 30 Days ==========

[2011/09/14 08:31:33 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe

[2011/09/14 08:15:15 | 000,055,733 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/09/14 08:15:14 | 000,055,733 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/09/14 08:10:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/09/14 08:09:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/09/14 08:09:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/09/14 08:09:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/09/14 00:48:34 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000UA.job

[2011/09/13 09:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3390993023-3469287136-1258201396-1000Core.job

[2011/09/12 14:39:25 | 000,000,832 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/09/12 14:39:25 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/09/09 19:54:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jamie\Desktop\esetsmartinstaller_enu.exe

[2011/09/09 16:37:08 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/09/09 12:16:35 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2011/09/09 11:33:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/09/09 11:22:52 | 000,000,542 | ---- | M] () -- C:\Users\Jamie\Desktop\ComboFix - Shortcut.lnk

[2011/09/09 09:24:50 | 000,000,108 | ---- | M] () -- C:\Users\Jamie\Desktop\fixme.reg

[2011/09/08 13:28:12 | 000,302,592 | ---- | M] () -- C:\Users\Jamie\Desktop\vsnczft1.exe

[2011/09/08 13:23:46 | 000,000,000 | ---- | M] () -- C:\Users\Jamie\defogger_reenable

[2011/09/06 11:20:46 | 000,318,130 | ---- | M] () -- C:\Users\Jamie\AppData\Local\census.cache

[2011/09/06 11:18:50 | 000,208,015 | ---- | M] () -- C:\Users\Jamie\AppData\Local\ars.cache

[2011/09/06 10:58:16 | 000,000,036 | ---- | M] () -- C:\Users\Jamie\AppData\Local\housecall.guid.cache

[2011/09/04 14:06:13 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/30 13:24:08 | 000,001,440 | ---- | M] () -- C:\Windows\WinInit.Ini

[2011/08/29 14:43:15 | 000,085,504 | ---- | M] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/27 14:20:05 | 000,002,265 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/08/22 10:49:46 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/08/22 10:48:35 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/08/22 10:48:35 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/09/12 14:39:25 | 000,000,832 | ---- | C] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/09/12 14:39:25 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/09/12 14:39:25 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/09/09 11:22:52 | 000,000,542 | ---- | C] () -- C:\Users\Jamie\Desktop\ComboFix - Shortcut.lnk

[2011/09/09 09:24:50 | 000,000,108 | ---- | C] () -- C:\Users\Jamie\Desktop\fixme.reg

[2011/09/08 13:28:06 | 000,302,592 | ---- | C] () -- C:\Users\Jamie\Desktop\vsnczft1.exe

[2011/09/08 13:23:46 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\defogger_reenable

[2011/09/06 11:20:46 | 000,318,130 | ---- | C] () -- C:\Users\Jamie\AppData\Local\census.cache

[2011/09/06 11:18:50 | 000,208,015 | ---- | C] () -- C:\Users\Jamie\AppData\Local\ars.cache

[2011/09/06 10:58:16 | 000,000,036 | ---- | C] () -- C:\Users\Jamie\AppData\Local\housecall.guid.cache

[2011/09/04 14:06:13 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/24 11:21:31 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk

[2011/08/22 10:49:46 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/08/22 10:48:01 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/08/08 00:18:28 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2011/08/06 17:47:42 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2011/08/06 17:47:42 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2011/08/06 17:47:42 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2011/08/06 17:47:42 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2011/08/06 17:47:42 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2011/08/06 17:47:42 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2011/08/06 17:47:42 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2011/08/06 17:47:42 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2011/08/06 17:47:42 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2011/08/06 17:47:42 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2011/08/06 17:47:42 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2011/08/06 17:47:42 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2011/08/06 17:47:42 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2011/08/06 17:47:42 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2011/08/06 17:47:42 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2011/08/06 17:47:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2011/08/06 17:45:07 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini

[2011/05/26 16:31:19 | 000,010,758 | -HS- | C] () -- C:\Users\Jamie\AppData\Local\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v

[2011/05/26 16:31:19 | 000,010,758 | -HS- | C] () -- C:\ProgramData\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v

[2010/12/07 14:17:00 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe

[2010/12/07 14:17:00 | 000,027,057 | ---- | C] () -- C:\Windows\unins000.dat

[2010/11/27 19:45:22 | 000,126,024 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010/08/31 14:12:24 | 000,055,733 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010/08/31 14:12:22 | 000,055,733 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010/06/25 10:31:15 | 000,000,120 | ---- | C] () -- C:\Users\Jamie\AppData\Local\Ykuxi.dat

[2010/06/25 10:31:15 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\AppData\Local\Pmotozu.bin

[2010/04/10 13:51:10 | 000,001,440 | ---- | C] () -- C:\Windows\WinInit.Ini

[2010/04/05 11:59:08 | 000,010,630 | -HS- | C] () -- C:\Users\Jamie\AppData\Local\GbW53PfLB

[2010/02/02 18:15:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/02/24 21:27:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/12/10 01:47:04 | 000,000,552 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d8caps.dat

[2008/12/07 22:09:07 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/12/07 06:20:29 | 000,085,504 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/04 19:34:48 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2008/11/10 07:02:56 | 000,009,080 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat

[2008/10/18 19:09:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2008/10/18 19:09:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/08/29 20:58:44 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2008/08/07 17:55:16 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2007/07/18 21:42:42 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini

[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/15 17:07:26 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\.minecraft

[2011/09/11 17:10:26 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\AEDE3D1F73E7DC3C903F22B2C4B148D4

[2010/06/14 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\AVG9

[2011/08/07 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Epson

[2010/06/17 10:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Facebook

[2010/01/06 20:57:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\FileZilla

[2010/04/08 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\FlashGet

[2011/08/06 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Leadertech

[2011/05/22 19:54:12 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LolClient

[2011/09/14 00:51:51 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mumble

[2010/12/07 14:13:39 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\OverDrive

[2010/06/25 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\qyrlihnad

[2010/08/25 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Snapfish

[2009/08/06 20:48:32 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\TeamViewer

[2009/05/30 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\uTorrent

[2011/09/14 00:52:32 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2008/01/20 22:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr

[2008/08/07 18:34:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2006/12/07 14:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll

[2009/01/21 19:04:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/11/01 21:44:13 | 000,000,368 | -H-- | M] () -- C:\IPH.PH

[2008/08/07 18:16:48 | 000,000,165 | ---- | M] () -- C:\Labelprint.log

[2010/07/11 10:34:38 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2009/01/21 19:04:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/09/14 08:09:46 | 3533,451,264 | -HS- | M] () -- C:\pagefile.sys

[2008/08/07 18:17:05 | 000,000,163 | ---- | M] () -- C:\power2go.log

[2008/08/07 18:05:02 | 000,000,441 | ---- | M] () -- C:\RHDSetup.log

[2010/07/06 11:28:24 | 000,106,496 | -H-- | M] () -- C:\SZKGFS.dat

< %systemroot%\Fonts\*.com >

[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2008/12/02 22:57:09 | 000,000,286 | -HS- | M] () -- C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2011/09/09 09:17:50 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jamie\Desktop\ATF_Cleaner.exe

[2011/09/09 19:54:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jamie\Desktop\esetsmartinstaller_enu.exe

[2011/07/15 17:05:54 | 000,270,142 | ---- | M] () -- C:\Users\Jamie\Desktop\Minecraft.exe

[2011/09/14 08:31:33 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe

[2011/09/08 13:28:12 | 000,302,592 | ---- | M] () -- C:\Users\Jamie\Desktop\vsnczft1.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2008/10/18 19:01:50 | 000,000,402 | -HS- | M] () -- C:\Users\Jamie\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

[2011/09/14 08:15:14 | 000,055,733 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/05/26 16:33:16 | 000,010,758 | -HS- | M] () -- C:\ProgramData\s2ssimnso8caa62175k0gx51i8y3t6ly2l2t073mi3m3v

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-19 13:26:00

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 9/14/2011 8:33:18 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Jamie\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.65% Memory free

6.22 Gb Paging File | 5.12 Gb Available in Paging File | 82.31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.09 Gb Total Space | 145.76 Gb Free Space | 50.59% Space Free | Partition Type: NTFS

Computer Name: GAMEPC | User Name: Jamie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = ComFile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{5FB63741-9FFB-4064-B8BA-797B65C9F5F3}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

"{A554B95F-8E73-471A-9C97-E20BBA712D1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D8C683B8-0FAE-44BA-B444-82FF564609D4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{077A1E07-B0BF-4731-80FC-F63F928E0D79}" = protocol=17 | dir=in | app=c:\users\jamie\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{07E93EA7-3A84-4C1F-9363-72045D85BD22}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"{12D84FAC-A0D5-4A7C-91CD-43DB45D91A99}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{29050714-69F8-4C54-950A-C4276001CD4E}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{2F745A0B-D060-455A-85FD-0DF262A697B4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{305170B8-A0B4-4938-9B00-93FCFA190E4E}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{31B5D71B-8691-417A-8C0A-10AA2DF139FD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{3533112F-2621-4327-8FB5-E04578059BCB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{3B1F8F40-C6E1-4D4A-AF7A-05B7908EF682}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{3B8F8D66-7874-485B-96B1-BAB4C4D4F37F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{43EFBB7E-2D07-4C64-81C4-CCBC4105E9C5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\condition zero\hl.exe |

"{497D440F-604E-4E4E-B662-BD18808229E4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{49FC4F89-731F-41A9-AC3A-98F75DE864FE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{4B426856-4F46-452E-97A3-DA8E4D7BFF68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{4E7155D9-C078-43A9-8A4C-4B3E1B4F5327}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{55A05E2A-03FB-450E-8D73-B843B951EC84}" = protocol=6 | dir=in | app=c:\users\jamie\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{602039E0-994C-47FC-9E94-F2A615AC0270}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{60409946-9245-4517-8F0C-D10A19557CF3}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |

"{6222753F-F637-42DE-970C-D7A1620104EF}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{720B6765-3FD5-4D2E-B598-B77BF7FBDADF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{74E0926C-E040-4587-AA22-64C7C0617D45}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7A4B1AD7-7806-4F8D-8135-667C9C697BE0}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{7CECE055-2D3A-4E4C-ADEA-F981097FF7D5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{84179607-0C69-48C3-9156-90222C8ECE86}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8D213CEC-7FC6-4694-BA60-F05896297BDE}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |

"{9E1866EF-DA9A-4A5F-81ED-7C21CEDB75D1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\counter-strike\hl.exe |

"{A1603BB4-1E7C-4E0F-B6F0-B395497A1F7A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\counter-strike\hl.exe |

"{A1BA350A-F091-47DA-8252-BA8484991F8E}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |

"{A508EA36-A05B-4DAE-8500-6326C4306911}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{ADD6FA7A-3D20-4A80-B7E9-18CD096E3792}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{B59CA311-2756-4C2D-B5F3-2962033FBFAB}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{B9F61703-9BF7-4718-95D5-950111DA798C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{BAA67916-6349-4C44-953B-9435FE10CE00}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\memoirsofme\condition zero\hl.exe |

"{C0636201-AECC-4FA6-A22A-B6806A428F02}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"{DD1E3AC1-4BC2-437B-BDC4-28A033265FDE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{DF118E47-4FD2-4DB7-9E99-4CB58547FD66}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{E141A245-64AC-436B-A04F-43B5B75830E6}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |

"{E5DB768F-DC32-400E-B3C2-7ACBB7C81FB3}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{F678E612-DBC0-405E-B322-9DCA7A961B66}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FC2B3F7E-5599-48EE-B14C-DF99EE0F788B}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"TCP Query User{04A91309-A74C-4565-B5AC-EE9EAA5D9577}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |

"TCP Query User{1E264F05-4972-47B5-9E91-B6163546887E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{41BD938F-4795-43B4-A146-9A699584A716}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"TCP Query User{5730C81E-CDE3-490F-BCA9-11220D9AF7A7}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"TCP Query User{60F74525-86D0-4D95-9681-34CCCC61A6DD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{6DE0CD10-0CBA-446F-9E83-1DD323D2CB41}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"TCP Query User{AB9EEB73-4E7B-447A-8431-7743EE258463}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"TCP Query User{E021CC0A-7E23-4182-BDEB-A4D89F07A175}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{177D25AB-8F4B-4919-A871-A03C0BA4D0F1}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

"UDP Query User{3A545517-0FAB-4C46-8620-5430DA41D5FA}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |

"UDP Query User{3C204C54-56F2-4E46-B129-DA4B11A70799}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{6D6A74EC-4E08-4075-AD53-DC96361000A2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{7EF6F09E-52AA-4D2E-A9E7-D95CED20EE1C}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

"UDP Query User{8BB72533-356C-42BD-BCE6-B5A813AA49D3}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"UDP Query User{B4FF40F3-6D08-4292-A422-1D15212F17CE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{B7F7F187-7EAD-4DCF-8300-2B01C17A416A}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 21

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Quick Web Player

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{79E914E8-0264-37B4-825D-FC79A793BAEE}" = ATI Catalyst Install Manager

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare

"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"7-Zip" = 7-Zip 4.57

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"AstrumNival Allods" = Allods Online 1.1.02.58

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP

"DivX Setup.divx.com" = DivX Setup

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"EPSON WorkForce 630 Series" = EPSON WorkForce 630 Series Printer Uninstall

"ESET Online Scanner" = ESET Online Scanner v3

"Fraps" = Fraps (remove only)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"QcDrv" = Logitech® Camera Driver

"Steam App 100" = Condition Zero Deleted Scenes

"Steam App 80" = Condition Zero

"Veetle TV" = Veetle TV 0.9.18

"WildTangent emachines Master Uninstall" = eMachines Games

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"Facebook Plug-In" = Facebook Plug-In

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/13/2011 5:16:05 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:06 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:06 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:07 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:07 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:07 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:07 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:08 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/13/2011 5:16:08 PM | Computer Name = GamePC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 8:10:05 AM | Computer Name = GamePC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 9/10/2011 11:51:57 AM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/10/2011 11:52:11 AM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

Error - 9/11/2011 11:35:38 AM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/11/2011 11:35:52 AM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

Error - 9/12/2011 9:25:15 AM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/12/2011 9:25:28 AM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

Error - 9/13/2011 9:00:48 AM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/13/2011 9:01:01 AM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

Error - 9/14/2011 8:09:52 AM | Computer Name = GamePC | Source = HTTP | ID = 15016

Description =

Error - 9/14/2011 8:10:05 AM | Computer Name = GamePC | Source = Service Control Manager | ID = 7026

Description =

< End of report >

Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\Users\Jamie\Desktop\vsnczft1.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

I think I forgot to copy/paste my Combofix log from the run after OTL...and now I cant find the log to paste.

At your request, I scanned the file on my desktop. It was a GMER stealth/malware hunter from www.gmer.net.

Virus Total

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

vsnczft1.exe

Submission date:

2011-09-14 19:41:50 (UTC)

Current status:

finished

Result:

4/ 43 (9.3%)

VT Community

goodware

Safety score: 100.0%

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.09.14.00 2011.09.14 -

AntiVir 7.11.14.204 2011.09.14 -

Antiy-AVL 2.0.3.7 2011.09.14 Trojan/win32.agent.gen

Avast 4.8.1351.0 2011.09.14 -

Avast5 5.0.677.0 2011.09.14 -

AVG 10.0.0.1190 2011.09.14 -

BitDefender 7.2 2011.09.14 -

ByteHero 1.0.0.1 2011.09.13 -

CAT-QuickHeal 11.00 2011.09.14 (Suspicious) - DNAScan

ClamAV 0.97.0.0 2011.09.14 -

Commtouch 5.3.2.6 2011.09.14 -

Comodo 10112 2011.09.14 -

DrWeb 5.0.2.03300 2011.09.14 -

Emsisoft 5.1.0.11 2011.09.14 -

eSafe 7.0.17.0 2011.09.14 -

eTrust-Vet 36.1.8560 2011.09.14 -

F-Prot 4.6.2.117 2011.09.14 -

F-Secure 9.0.16440.0 2011.09.14 -

Fortinet 4.3.370.0 2011.09.14 -

GData 22 2011.09.14 -

Ikarus T3.1.1.107.0 2011.09.14 -

Jiangmin 13.0.900 2011.09.14 Trojan/JmGenGeneric.aic

K7AntiVirus 9.113.5133 2011.09.14 -

Kaspersky 9.0.0.837 2011.09.14 -

McAfee 5.400.0.1158 2011.09.14 -

McAfee-GW-Edition 2010.1D 2011.09.14 -

Microsoft 1.7604 2011.09.14 -

NOD32 6464 2011.09.14 -

Norman 6.07.11 2011.09.14 -

nProtect 2011-09-14.01 2011.09.14 -

Panda 10.0.3.5 2011.09.14 -

PCTools 8.0.0.5 2011.09.14 -

Prevx 3.0 2011.09.14 -

Rising 23.74.03.03 2011.09.09 Suspicious

Sophos 4.69.0 2011.09.14 -

SUPERAntiSpyware 4.40.0.1006 2011.09.14 -

Symantec 20111.2.0.82 2011.09.14 -

TheHacker 6.7.0.1.296 2011.09.14 -

TrendMicro 9.500.0.1008 2011.09.14 -

TrendMicro-HouseCall 9.500.0.1008 2011.09.14 -

VIPRE 10475 2011.09.14 -

ViRobot 2011.9.14.4668 2011.09.14 -

VirusBuster 14.0.212.0 2011.09.14 -

Additional information

MD5 : ff72056739c31e4cc920fbdff4f9a8e5

SHA1 : bca23ce5d074b45038076bcd19e5beea2d55fbef

SHA256: ce723717c56b2231ea7843f5408225b07a997b466584d38d278db5e7cf2c2eb0

ssdeep: 6144:DyAbEezLGANgl17GDWGUbG2ncTsyVuiKPlJxibr:jb7zScc7o2G2cwyQ1Wb

File size : 302592 bytes

First seen: 2011-07-19 14:51:29

Last seen : 2011-09-14 19:41:50

TrID:

Win32 EXE PECompact compressed (generic) (34.9%)

UPX compressed Win32 Executable (25.7%)

Win32 EXE Yoda's Crypter (22.3%)

Win32 Executable Generic (7.1%)

Win32 Dynamic Link Library (generic) (6.3%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: 1, 0, 15, 15641

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

packers (F-Prot): UPX

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0xB8360

timedatestamp....: 0x4E21F2B1 (Sat Jul 16 20:21:05 2011)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

UPX0, 0x1000, 0x6F000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

UPX1, 0x70000, 0x49000, 0x48600, 7.93, 3af8f41c1f1f4d65f9570e2907b7a264

.rsrc, 0xB9000, 0x2000, 0x1400, 3.42, 17ef10a2ad97a06348443c129baed323

[[ 1 import(s) ]]

KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 299008

EntryPoint: 0xb8360

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 296 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 1, 0, 15, 15641

FileVersionNumber: 1.0.15.15641

ImageVersion: 0.0

InitializedDataSize: 8192

LanguageCode: Polish

LinkerVersion: 9.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.0

ObjectFileType: Dynamic link library

PEType: PE32

ProductVersionNumber: 1.0.15.15641

Subsystem: Windows GUI

SubsystemVersion: 5.0

TimeStamp: 2011:07:16 22:21:05+02:00

UninitializedDataSize: 454656

F-Secure DeepGuard:Suspicious:W32/Malware!Gemini

I will send this file to the recycle bin...

I am installing google chrome right now & uninstalling firefox...I wanted to see if this would help, too. Let me know what else I can do.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.