Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think I have a virus/adware or something.

Started by AzzaAaron , Apr 21 2010 07:43 AM

  • Please log in to reply

#1
AzzaAaron
Posted 21 April 2010 - 07:43 AM

AzzaAaron

    Member

  • Member
  • PipPip
  • 19 posts
Ok so for the past 2 days ive been having very unusal pings of 300-450ms which is normal 30-50. I ran resource monitor and noticed firefox's address was 007guard.com, if you go to that site, you will notice its bad, I use WOT so it blocked access to this site, I google this site and there were reports of it being adware etc. So I think this is the problem to my unaverage ping times. Also I would just like a general checkup on this system please.

Here is a screenshot of the firefox address: Posted Image

Ok so I checked out the Guide for making a thread.

I ran TFC and rebooted.

I ran ERUNT.

I did a quick scan of Malwarebytes note that it found nothing and here is the log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4014

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/04/2010 11:30:30 PM
mbam-log-2010-04-21 (23-30-30).txt

Scan type: Quick scan
Objects scanned: 107950
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have a anti virus installed, AVG paid version 9.0.

I ram GMER and got this problem which made it not possible to run GMER so I had to skip this step... Refer to screenshot:

Posted Image

Finally I ran OTL and here is the logs:

OTL logfile created on: 21/04/2010 11:32:51 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Aaron\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 23.07 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
Drive D: | 416.92 Gb Total Space | 302.51 Gb Free Space | 72.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AARON-PC
Current User Name: Aaron
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/20 15:08:28 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Firefox\firefox.exe
PRC - [2010/04/20 11:22:22 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/04/19 13:12:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
PRC - [2010/03/13 08:38:30 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/05 15:36:19 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 15:36:17 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/03/05 15:36:17 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/05 15:36:16 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/04 17:31:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\bin\jusched.exe
PRC - [2009/11/04 17:31:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\bin\java.exe
PRC - [2009/11/04 17:31:10 | 000,022,816 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\bin\jp2launcher.exe
PRC - [2009/08/29 16:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/06/30 09:50:42 | 001,811,728 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 13:12:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
MOD - [2009/07/14 11:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/20 13:26:39 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/14 11:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 11:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 11:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 11:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 11:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 11:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 11:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 11:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 11:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 11:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 11:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 11:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 11:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 11:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 11:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 11:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 11:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 11:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 11:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 11:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 11:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/03/13 08:38:30 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/05 15:36:19 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/05 15:36:17 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/12 17:46:11 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 13:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 13:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 06:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/11 06:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 71 5C 97 43 CB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/20 20:16:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Firefox\components [2010/04/20 15:08:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Firefox\plugins [2010/04/20 17:56:46 | 000,000,000 | ---D | M]

[2009/12/18 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2009/12/18 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/21 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\as2999w5.default\extensions
[2010/04/13 22:55:03 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\as2999w5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/11/05 20:35:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\as2999w5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 06:32:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\as2999w5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/13 22:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\as2999w5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/27 19:30:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\as2999w5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

O1 HOSTS File: ([2010/04/21 22:36:44 | 000,392,792 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13563 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/07/20 20:50:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/21 22:33:52 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/21 22:33:52 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0b564748-452e-11df-97fa-00248c4e349f}\Shell - "" = AutoRun
O33 - MountPoints2\{0b564748-452e-11df-97fa-00248c4e349f}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 13:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/21 23:29:59 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2010/04/21 23:22:30 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes
[2010/04/21 23:22:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/21 23:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/21 23:22:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/21 23:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/21 23:21:28 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Aaron\Desktop\mbam-setup.exe
[2010/04/21 23:20:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/21 23:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/04/21 23:15:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Aaron\Desktop\erunt_setup.exe
[2010/04/21 23:05:41 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\TFC.exe
[2010/04/21 22:33:52 | 000,000,000 | RHSD | C] -- C:\desktop.ini
[2010/04/21 22:33:52 | 000,000,000 | RHSD | C] -- C:\comment.htt
[2010/04/21 22:33:52 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/21 22:33:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\RegRun2
[2010/04/21 22:33:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/04/21 22:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2010/04/20 18:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010/04/20 18:18:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\ConvertXToDVD
[2010/04/20 18:15:41 | 000,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/04/20 18:15:41 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Aaron\AppData\Roaming\pcouffin.sys
[2010/04/20 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Vso
[2010/04/20 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\PcSetup
[2010/04/20 18:15:38 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2010/04/20 18:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/04/20 16:24:40 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\NeroDigital™
[2010/04/20 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\Nero
[2010/04/20 13:26:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/20 13:26:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/20 11:35:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/20 11:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/04/14 18:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2010/04/14 17:52:39 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\Nero Home
[2010/04/14 17:52:29 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Nero
[2010/04/14 17:38:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Nero
[2010/04/14 17:34:54 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Ahead
[2010/04/14 17:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/04/14 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/04/14 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/04/11 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Western Digital

========== Files - Modified Within 14 Days ==========

[2010/04/21 23:33:29 | 014,155,776 | -HS- | M] () -- C:\Users\Aaron\NTUSER.DAT
[2010/04/21 23:30:28 | 000,007,598 | ---- | M] () -- C:\Users\Aaron\AppData\Local\Resmon.ResmonCfg
[2010/04/21 23:22:28 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/21 23:21:05 | 000,017,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 23:21:05 | 000,017,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 23:20:27 | 000,000,924 | ---- | M] () -- C:\Users\Aaron\Desktop\NTREGOPT.lnk
[2010/04/21 23:20:27 | 000,000,905 | ---- | M] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2010/04/21 23:15:13 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Aaron\Desktop\erunt_setup.exe
[2010/04/21 23:13:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/21 23:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/21 23:13:48 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/21 23:12:45 | 001,835,383 | -H-- | M] () -- C:\Users\Aaron\AppData\Local\IconCache.db
[2010/04/21 22:36:44 | 000,392,792 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/04/21 22:33:51 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/04/21 22:33:51 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/04/21 22:33:51 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/21 21:34:06 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/04/21 21:34:06 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/21 20:27:29 | 059,109,052 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/04/21 18:58:47 | 000,001,057 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\vso_ts_preview.xml
[2010/04/20 18:15:41 | 000,099,384 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\inst.exe
[2010/04/20 18:15:41 | 000,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/04/20 18:15:41 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Aaron\AppData\Roaming\pcouffin.sys
[2010/04/20 18:15:41 | 000,007,859 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\pcouffin.cat
[2010/04/20 18:15:41 | 000,001,167 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\pcouffin.inf
[2010/04/20 14:14:49 | 000,001,885 | ---- | M] () -- C:\Users\Aaron\Desktop\CCleaner.lnk
[2010/04/20 13:36:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/04/20 11:22:22 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/19 13:12:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2010/04/17 06:26:30 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/04/17 06:26:30 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/04/14 17:52:29 | 000,001,024 | ---- | M] () -- C:\Users\Aaron\.rnd
[2010/04/14 17:52:27 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2010/04/14 17:34:36 | 000,002,733 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2010/04/13 19:48:38 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/04/13 19:48:38 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/13 19:47:19 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/13 19:47:19 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/13 19:47:19 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2010/04/21 23:30:39 | 000,293,376 | ---- | C] () -- C:\Users\Aaron\Desktop\gmer.exe
[2010/04/21 23:29:21 | 000,284,915 | ---- | C] () -- C:\Users\Aaron\Desktop\gmer.zip
[2010/04/21 23:22:28 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/21 23:20:27 | 000,000,924 | ---- | C] () -- C:\Users\Aaron\Desktop\NTREGOPT.lnk
[2010/04/21 23:20:27 | 000,000,905 | ---- | C] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2010/04/21 22:33:51 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/04/21 22:33:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/04/21 22:33:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/04/21 22:33:18 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2010/04/20 18:16:32 | 000,001,057 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\vso_ts_preview.xml
[2010/04/20 18:16:11 | 000,000,034 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\pcouffin.log
[2010/04/20 18:15:41 | 000,099,384 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\inst.exe
[2010/04/20 18:15:41 | 000,007,859 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\pcouffin.cat
[2010/04/20 18:15:41 | 000,001,167 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\pcouffin.inf
[2010/04/20 13:35:01 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/17 06:26:30 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/04/17 06:26:30 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/04/14 17:34:36 | 000,002,733 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2010/04/14 17:34:10 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/04/14 17:34:04 | 000,001,024 | ---- | C] () -- C:\Users\Aaron\.rnd
[2010/01/20 12:00:17 | 000,000,218 | ---- | C] () -- C:\Users\Aaron\.recently-used.xbel
[2010/01/09 20:32:46 | 000,001,462 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009/12/24 21:44:04 | 000,000,760 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\setup_ldm.iss
[2009/12/02 02:16:54 | 000,000,069 | ---- | C] () -- C:\Users\Aaron\jagex_runescape_preferences2.dat
[2009/12/02 02:16:01 | 000,000,041 | ---- | C] () -- C:\Users\Aaron\jagex_runescape_preferences.dat
[2009/11/25 16:05:18 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2009/11/18 18:30:27 | 000,003,584 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 20:30:28 | 000,007,598 | ---- | C] () -- C:\Users\Aaron\AppData\Local\Resmon.ResmonCfg
[2009/11/12 16:41:09 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\cogslan.dll
[2009/11/03 19:39:48 | 014,155,776 | -HS- | C] () -- C:\Users\Aaron\NTUSER.DAT
[2009/11/03 19:39:48 | 000,524,288 | -HS- | C] () -- C:\Users\Aaron\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/11/03 19:39:48 | 000,524,288 | -HS- | C] () -- C:\Users\Aaron\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/11/03 19:39:48 | 000,262,144 | -HS- | C] () -- C:\Users\Aaron\ntuser.dat.LOG1
[2009/11/03 19:39:48 | 000,065,536 | -HS- | C] () -- C:\Users\Aaron\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/11/03 19:39:48 | 000,000,020 | -HS- | C] () -- C:\Users\Aaron\ntuser.ini
[2009/11/03 19:39:48 | 000,000,000 | -HS- | C] () -- C:\Users\Aaron\ntuser.dat.LOG2
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/04/08 11:16:43 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Atari
[2009/11/03 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Auslogics
[2010/04/21 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\BitTorrent
[2009/11/06 18:15:26 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Echo Software
[2010/03/27 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\FileZilla
[2010/03/26 20:39:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\flightgear.org
[2010/01/20 11:55:20 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\gtk-2.0
[2009/12/24 21:44:09 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Leadertech
[2010/03/29 15:00:55 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire
[2010/02/15 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mount&Blade
[2010/01/20 11:51:03 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Participatory Culture Foundation
[2010/01/07 05:09:17 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\runic games
[2009/11/14 02:59:07 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\TeamViewer
[2010/01/20 01:04:07 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\TS3Client
[2010/04/21 18:58:47 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Vso
[2010/03/03 16:13:34 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Xilisoft Corporation
[2010/01/31 17:12:10 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 11:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 11:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 11:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 11:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 11:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 11:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 11:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 11:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 11:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 11:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 11:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/29 16:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >

OTL Extras logfile created on: 21/04/2010 11:32:51 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Aaron\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 23.07 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
Drive D: | 416.92 Gb Total Space | 302.51 Gb Free Space | 72.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AARON-PC
Current User Name: Aaron
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D01D10FC-9454-4C51-9A31-34F9FC1EFFCF}" = Logitech G35
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20535ABD-7D5E-472E-9077-6AF48480DD82}" = ASUS GameOSD Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}" = Nero 8 Essentials
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.2
"GameArena The Arena" = GameArena The Arena
"Guild Wars" = Guild Wars
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LimeWire" = LimeWire 5.5.7
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PRO" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"Runic Games Torchlight" = Torchlight
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17570" = Pirates, Vikings, and Knights II
"Steam App 240" = Counter-Strike: Source
"Steam App 24860" = Battlefield 2
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 410" = Portal: The First Slice
"Steam App 440" = Team Fortress 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/03/2010 7:10:02 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 26/03/2010 7:10:06 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "d:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "d:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 26/03/2010 9:10:02 PM | Computer Name = Aaron-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 26/03/2010 10:09:08 PM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 26/03/2010 10:09:12 PM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "d:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "d:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 27/03/2010 6:44:11 AM | Computer Name = Aaron-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 27/03/2010 10:30:41 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 27/03/2010 10:30:45 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "d:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "d:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 28/03/2010 1:24:38 AM | Computer Name = Aaron-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 28/03/2010 8:26:47 PM | Computer Name = Aaron-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 4/03/2010 1:33:48 AM | Computer Name = Aaron-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/03/2010 7:54:43 AM | Computer Name = Aaron-PC | Source = bowser | ID = 8003
Description =

Error - 10/03/2010 4:10:53 AM | Computer Name = Aaron-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/03/2010 2:32:31 AM | Computer Name = Aaron-PC | Source = Application Popup | ID = 877
Description = There was error [DATABASE OPEN FAILED] processing the driver database.

Error - 11/03/2010 3:32:09 AM | Computer Name = Aaron-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/03/2010 3:32:09 AM | Computer Name = Aaron-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/03/2010 3:32:10 AM | Computer Name = Aaron-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/03/2010 3:32:10 AM | Computer Name = Aaron-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/03/2010 4:13:58 AM | Computer Name = Aaron-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/03/2010 6:44:02 AM | Computer Name = Aaron-PC | Source = bowser | ID = 8003
Description =


< End of report >

Thanks for reading and I look forward to working with you.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP