Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

007guard.com virus

Started by Robby... , Apr 29 2010 09:11 PM

  • Please log in to reply

#1
Robby...
Posted 29 April 2010 - 09:11 PM

Robby...

    New Member

  • Member
  • Pip
  • 6 posts
Hey

I have noticed when I opened my Avg Internet Security to see my network connections, that my computer is making copies of processes that are already running and are connecting to a site called "www.007guard.com" I have done multiple scans with AVG, Spy Bot and even windows defender and have found nothing.

I have followed your five steps, but when i try to do the GMER scan, a message come up saying that the system cannot find file C:\windows\system32\config\system.

I do not have any "007guard.com.exe file. I noticed that the internet is running slower but i have not had any issues with my browser redirecting me to other sites or any annoying pop ups.

The following is the MBAM Scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/04/2010 10:48:43 PM
mbam-log-2010-04-29 (22-48-43).txt

Scan type: Quick scan
Objects scanned: 119226
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The following is the OTL File:

OTL logfile created on: 29/04/2010 10:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Rob\Documents\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 176.51 Gb Total Space | 35.75 Gb Free Space | 20.25% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.90 Gb Free Space | 50.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROB-PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/29 22:50:12 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\My Documents\Downloads\OTL.exe
PRC - [2010/04/26 13:13:25 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/04/19 11:50:26 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/03/05 16:40:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 16:39:59 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/05 16:39:59 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/03/05 16:39:57 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2010/03/05 16:39:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/03/05 16:39:56 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/05 16:39:54 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/04/29 22:50:12 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\My Documents\Downloads\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/03/16 19:59:20 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/16 19:59:18 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/05 16:40:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/05 16:39:59 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/05 16:39:57 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/03/05 16:39:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/20 20:43:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/19 11:50:25 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/03/05 16:40:07 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/05 16:40:00 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
DRV:64bit: - [2010/03/05 16:39:57 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/03/05 16:39:55 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/02/24 09:03:20 | 000,067,616 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/12/20 19:17:19 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/08 23:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/13 20:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009/07/13 20:06:57 | 000,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009/07/13 20:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/07/13 20:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 20:06:52 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/16 19:59:22 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/09 02:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 16:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/02/24 03:40:04 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/02/21 11:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV - [2010/03/05 16:40:00 | 000,035,848 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys -- (AVGIDSFilterw7a)
DRV - [2010/03/05 16:39:59 | 000,132,616 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys -- (AVGIDSDriverw7a)
DRV - [2009/12/25 04:31:41 | 000,000,000 | ---D | M] [Kernel | On_Demand | Running] -- C:\Windows\ITECIR -- (itecir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/11/04 19:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...amp;ibd=5081009
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://sympatico.msn.ca/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/19 20:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/19 03:23:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/19 03:23:55 | 000,000,000 | ---D | M]

[2009/12/20 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2009/12/20 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/26 17:46:50 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\73i7rr35.default\extensions
[2010/02/27 06:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\73i7rr35.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/12/20 17:53:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\73i7rr35.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 10:49:25 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\73i7rr35.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2009/10/22 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\73i7rr35.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/04/25 15:47:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\73i7rr35.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/20 23:18:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\73i7rr35.default\extensions\[email protected]
[2010/04/02 14:33:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/18 00:23:05 | 000,392,034 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 13539 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58bf9899-42b7-11df-8f6a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58bf9899-42b7-11df-8f6a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launcher\LAUNCHER.EXE -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launcher\LAUNCHER.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/04/29 22:43:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Malwarebytes
[2010/04/29 22:43:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 22:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/29 22:43:27 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 22:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/29 22:40:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/29 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/04/25 21:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/04/22 01:17:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\Downloads
[2010/04/22 01:16:01 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Google
[2010/04/20 02:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/04/19 20:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/04/19 20:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/14 11:43:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\AVG9
[2010/04/02 14:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/02 14:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/12 15:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/03/11 03:36:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/03/10 22:38:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/03/05 16:40:07 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/02/26 14:51:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\Euro Truck Simulator
[2010/02/25 23:37:13 | 000,000,000 | ---D | C] -- C:\video_output
[2010/02/25 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2010/02/25 22:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/02/25 22:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/02/24 09:03:20 | 000,067,616 | ---- | C] (ITE Tech. Inc. ) -- C:\Windows\SysNative\drivers\itecir.sys
[2010/02/23 02:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/02/22 02:27:23 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\AUTOSHOW 2010
[2010/02/17 03:45:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Opera
[2010/02/17 03:45:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Opera
[2010/02/17 03:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera 10.50 Beta
[2010/02/16 02:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/16 02:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/02/15 22:49:33 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\ICAClient
[2010/02/15 22:49:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Citrix
[2010/01/31 13:14:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Microsoft Games
[1 C:\Users\Rob\Desktop\*.tmp files -> C:\Users\Rob\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/29 22:52:22 | 007,077,888 | -HS- | M] () -- C:\Users\Rob\NTUSER.DAT
[2010/04/29 22:44:21 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/29 22:44:21 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/29 22:36:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/29 22:36:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/29 22:36:24 | 3219,628,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/29 22:35:38 | 002,256,991 | -H-- | M] () -- C:\Users\Rob\AppData\Local\IconCache.db
[2010/04/29 21:21:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1475010651-1540872799-661774133-1000UA.job
[2010/04/29 19:37:38 | 059,393,922 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/27 01:21:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1475010651-1540872799-661774133-1000Core.job
[2010/04/26 13:27:01 | 005,730,954 | ---- | M] () -- C:\Users\Rob\Desktop\PLE 755 - Vision Statement (revised).docx
[2010/04/26 12:04:30 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/26 12:04:30 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/26 12:04:30 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/26 08:17:20 | 002,434,246 | ---- | M] () -- C:\Users\Rob\Desktop\eglintonvista.bmp
[2010/04/25 07:08:22 | 000,483,427 | ---- | M] () -- C:\Users\Rob\Desktop\2486857962_fabc5e34a5_b.jpg
[2010/04/25 06:06:46 | 000,509,343 | ---- | M] () -- C:\Users\Rob\Desktop\2624407093_58b15c49bf_b.jpg
[2010/04/25 06:04:35 | 000,297,342 | ---- | M] () -- C:\Users\Rob\Desktop\2668165410_02f9e8fdc6_b.jpg
[2010/04/25 06:02:14 | 000,433,632 | ---- | M] () -- C:\Users\Rob\Desktop\4524633963_da5158e65a_b.jpg
[2010/04/25 05:55:36 | 000,811,931 | ---- | M] () -- C:\Users\Rob\Desktop\4142555835_c986553b04_b.jpg
[2010/04/25 05:22:45 | 000,409,635 | ---- | M] () -- C:\Users\Rob\Desktop\2330074397_303c00c691_b.jpg
[2010/04/25 05:22:23 | 000,127,505 | ---- | M] () -- C:\Users\Rob\Desktop\2330074397_303c00c691.jpg
[2010/04/25 05:06:33 | 000,073,181 | ---- | M] () -- C:\Users\Rob\Desktop\917253046_aea817a9e3.jpg
[2010/04/25 05:00:47 | 000,070,145 | ---- | M] () -- C:\Users\Rob\Desktop\Roundabout point towers.jpg
[2010/04/25 04:57:31 | 000,856,190 | ---- | M] () -- C:\Users\Rob\Desktop\Roundabout.bristol.arp.jpg
[2010/04/25 04:50:33 | 000,856,190 | ---- | M] () -- C:\Users\Rob\Desktop\Roundabout.bristol.jpg
[2010/04/25 04:36:20 | 000,089,008 | ---- | M] () -- C:\Users\Rob\Desktop\Sheraton looking East.jpg
[2010/04/25 04:34:38 | 000,101,290 | ---- | M] () -- C:\Users\Rob\Desktop\sheraton looking west.jpg
[2010/04/25 04:31:21 | 000,203,004 | ---- | M] () -- C:\Users\Rob\Desktop\Sheraton.jpg
[2010/04/25 04:23:31 | 000,028,349 | ---- | M] () -- C:\Users\Rob\Desktop\Sheraton Newton Hotel.jpg
[2010/04/25 03:09:51 | 000,794,650 | ---- | M] () -- C:\Users\Rob\Desktop\PLE 755 - Vision Statement.docx
[2010/04/25 03:08:02 | 000,038,859 | ---- | M] () -- C:\Users\Rob\Desktop\Calgary.jpg
[2010/04/24 16:28:44 | 001,434,755 | ---- | M] () -- C:\Users\Rob\Desktop\bridges_info_package.pdf
[2010/04/24 15:13:03 | 000,121,483 | ---- | M] () -- C:\Users\Rob\Desktop\Lyncian Analysis Legend.jpg
[2010/04/24 15:11:30 | 000,245,312 | ---- | M] () -- C:\Users\Rob\Desktop\Lyncian Analysis Legend.pdf
[2010/04/24 14:54:03 | 001,066,462 | ---- | M] () -- C:\Users\Rob\Desktop\Lyncian Analysis Legend.ai
[2010/04/23 17:50:40 | 000,582,365 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/04/23 09:06:11 | 007,305,772 | ---- | M] () -- C:\Users\Rob\Desktop\Lecture 07-Form.pdf
[2010/04/22 22:55:55 | 000,129,339 | ---- | M] () -- C:\Users\Rob\Desktop\Lynchian Map FINAL.jpg
[2010/04/22 19:03:39 | 000,166,657 | ---- | M] () -- C:\Users\Rob\Desktop\Lynchian Map.jpg
[2010/04/22 18:35:08 | 000,158,840 | ---- | M] () -- C:\Users\Rob\Desktop\20070706_restaurant_O_900x600.jpg
[2010/04/22 18:08:45 | 000,064,104 | ---- | M] () -- C:\Users\Rob\Desktop\Outdoor_patio_dining_on_Corydon_Avenue_in_Winnipeg_Manitoba_27589.jpg
[2010/04/22 18:07:50 | 000,034,145 | ---- | M] () -- C:\Users\Rob\Desktop\Vancouver British Columbia.jpg
[2010/04/22 15:47:29 | 000,136,615 | ---- | M] () -- C:\Users\Rob\Desktop\Public Framework.jpg
[2010/04/22 15:22:24 | 001,066,889 | ---- | M] () -- C:\Users\Rob\Desktop\aag04344
[2010/04/22 15:19:11 | 000,063,765 | ---- | M] () -- C:\Users\Rob\Desktop\Lynchian map.pptx
[2010/04/21 23:03:24 | 000,089,471 | ---- | M] () -- C:\Users\Rob\Desktop\FELKCK27EDSI4PNUMHMAG_RU_T2202_XML.pdf
[2010/04/20 18:34:12 | 000,108,784 | ---- | M] () -- C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/20 18:33:18 | 002,339,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/19 11:50:25 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/18 00:23:05 | 000,392,034 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/04/14 15:04:40 | 000,441,572 | ---- | M] () -- C:\Users\Rob\Desktop\Context Map.jpg
[2010/04/14 15:04:20 | 006,114,242 | ---- | M] () -- C:\Users\Rob\Desktop\Context Map.psd
[2010/04/14 01:04:03 | 032,452,321 | ---- | M] () -- C:\Users\Rob\Desktop\backgroundfile-23229.zip
[2010/04/14 00:42:53 | 001,785,466 | ---- | M] () -- C:\Users\Rob\Desktop\PublicFramework.psd
[2010/04/13 20:11:32 | 000,072,696 | R--- | M] () -- C:\Users\Rob\Desktop\PublicFramework.jpg
[2010/04/13 20:05:29 | 007,222,489 | ---- | M] () -- C:\Users\Rob\Desktop\Lecture 11-Branding.pdf
[2010/04/13 20:01:58 | 008,523,701 | ---- | M] () -- C:\Users\Rob\Desktop\Lecture 05-Open Space.pdf
[2010/04/13 18:48:10 | 000,540,153 | ---- | M] () -- C:\Users\Rob\Desktop\Lynchian Map.pdf
[2010/04/13 18:42:02 | 000,640,366 | ---- | M] () -- C:\Users\Rob\Desktop\Location map.psd
[2010/04/13 18:41:47 | 000,067,525 | ---- | M] () -- C:\Users\Rob\Desktop\Location map.jpg
[2010/04/13 15:50:29 | 000,026,063 | ---- | M] () -- C:\Users\Rob\Desktop\Location map better.gif
[2010/03/30 23:17:55 | 008,162,184 | ---- | M] () -- C:\Users\Rob\Desktop\CPT FINAL PHOTOS.zip
[2010/03/30 22:29:36 | 027,162,916 | ---- | M] () -- C:\Users\Rob\Desktop\CPT PHOTOS FILES.rar
[2010/03/30 22:25:56 | 008,160,754 | ---- | M] () -- C:\Users\Rob\Desktop\CPT FINAL PHOTOS.rar
[2010/03/30 21:29:45 | 009,899,611 | ---- | M] () -- C:\Users\Rob\Desktop\Distillery District.skb
[2010/03/26 16:27:48 | 000,315,855 | ---- | M] () -- C:\Users\Rob\Desktop\53K-22.dwg
[2010/03/26 02:51:05 | 001,026,222 | ---- | M] () -- C:\Users\Rob\Desktop\TTCsubwayRTmap-2015.psd
[2010/03/25 01:35:44 | 000,061,128 | ---- | M] () -- C:\Users\Rob\Desktop\srt part 1.jpg
[2010/03/25 01:35:43 | 000,077,897 | ---- | M] () -- C:\Users\Rob\Desktop\srt part 2.jpg
[2010/03/12 13:57:48 | 000,221,535 | ---- | M] () -- C:\Users\Rob\Desktop\OFFICE PARK.skp
[2010/03/05 16:40:07 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/03/05 16:40:07 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/05 16:40:00 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSwa.sys
[2010/03/05 16:39:57 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/03/05 16:39:55 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/02/27 17:42:50 | 000,056,175 | ---- | M] () -- C:\Users\Rob\Desktop\Single Detached House.skp
[2010/02/27 05:37:39 | 000,055,840 | ---- | M] () -- C:\Users\Rob\Desktop\Single Detached House.skb
[2010/02/26 14:06:43 | 000,078,538 | ---- | M] () -- C:\Users\Rob\Desktop\googleeee.skp
[2010/02/24 09:03:20 | 000,067,616 | ---- | M] (ITE Tech. Inc. ) -- C:\Windows\SysNative\drivers\itecir.sys
[2010/02/23 00:29:52 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010/02/16 02:43:07 | 000,378,537 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100418-002305.backup
[2010/02/07 15:47:13 | 000,783,807 | ---- | M] () -- C:\Users\Rob\Desktop\abandoned.png
[2010/02/03 22:26:48 | 000,011,707 | ---- | M] () -- C:\Users\Rob\Desktop\SIM CITY CODES.docx
[1 C:\Users\Rob\Desktop\*.tmp files -> C:\Users\Rob\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 12:00:49 | 002,434,246 | ---- | C] () -- C:\Users\Rob\Desktop\eglintonvista.bmp
[2010/04/25 07:08:22 | 000,483,427 | ---- | C] () -- C:\Users\Rob\Desktop\2486857962_fabc5e34a5_b.jpg
[2010/04/25 06:06:45 | 000,509,343 | ---- | C] () -- C:\Users\Rob\Desktop\2624407093_58b15c49bf_b.jpg
[2010/04/25 06:04:35 | 000,297,342 | ---- | C] () -- C:\Users\Rob\Desktop\2668165410_02f9e8fdc6_b.jpg
[2010/04/25 06:02:14 | 000,433,632 | ---- | C] () -- C:\Users\Rob\Desktop\4524633963_da5158e65a_b.jpg
[2010/04/25 05:55:36 | 000,811,931 | ---- | C] () -- C:\Users\Rob\Desktop\4142555835_c986553b04_b.jpg
[2010/04/25 05:22:45 | 000,409,635 | ---- | C] () -- C:\Users\Rob\Desktop\2330074397_303c00c691_b.jpg
[2010/04/25 05:22:23 | 000,127,505 | ---- | C] () -- C:\Users\Rob\Desktop\2330074397_303c00c691.jpg
[2010/04/25 05:03:40 | 000,073,181 | ---- | C] () -- C:\Users\Rob\Desktop\917253046_aea817a9e3.jpg
[2010/04/25 05:00:47 | 000,070,145 | ---- | C] () -- C:\Users\Rob\Desktop\Roundabout point towers.jpg
[2010/04/25 04:57:31 | 000,856,190 | ---- | C] () -- C:\Users\Rob\Desktop\Roundabout.bristol.arp.jpg
[2010/04/25 04:50:32 | 000,856,190 | ---- | C] () -- C:\Users\Rob\Desktop\Roundabout.bristol.jpg
[2010/04/25 04:36:20 | 000,089,008 | ---- | C] () -- C:\Users\Rob\Desktop\Sheraton looking East.jpg
[2010/04/25 04:34:38 | 000,101,290 | ---- | C] () -- C:\Users\Rob\Desktop\sheraton looking west.jpg
[2010/04/25 04:31:21 | 000,203,004 | ---- | C] () -- C:\Users\Rob\Desktop\Sheraton.jpg
[2010/04/25 04:23:31 | 000,028,349 | ---- | C] () -- C:\Users\Rob\Desktop\Sheraton Newton Hotel.jpg
[2010/04/25 03:08:02 | 000,038,859 | ---- | C] () -- C:\Users\Rob\Desktop\Calgary.jpg
[2010/04/24 16:28:44 | 001,434,755 | ---- | C] () -- C:\Users\Rob\Desktop\bridges_info_package.pdf
[2010/04/23 09:06:11 | 007,305,772 | ---- | C] () -- C:\Users\Rob\Desktop\Lecture 07-Form.pdf
[2010/04/22 22:55:52 | 000,129,339 | ---- | C] () -- C:\Users\Rob\Desktop\Lynchian Map FINAL.jpg
[2010/04/22 18:35:08 | 000,158,840 | ---- | C] () -- C:\Users\Rob\Desktop\20070706_restaurant_O_900x600.jpg
[2010/04/22 18:08:45 | 000,064,104 | ---- | C] () -- C:\Users\Rob\Desktop\Outdoor_patio_dining_on_Corydon_Avenue_in_Winnipeg_Manitoba_27589.jpg
[2010/04/22 15:28:14 | 000,121,483 | ---- | C] () -- C:\Users\Rob\Desktop\Lyncian Analysis Legend.jpg
[2010/04/22 15:04:06 | 000,245,312 | ---- | C] () -- C:\Users\Rob\Desktop\Lyncian Analysis Legend.pdf
[2010/04/22 15:00:52 | 001,066,889 | ---- | C] () -- C:\Users\Rob\Desktop\aag04344
[2010/04/22 15:00:52 | 001,066,462 | ---- | C] () -- C:\Users\Rob\Desktop\Lyncian Analysis Legend.ai
[2010/04/22 01:16:05 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1475010651-1540872799-661774133-1000UA.job
[2010/04/22 01:16:04 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1475010651-1540872799-661774133-1000Core.job
[2010/04/21 23:03:24 | 000,089,471 | ---- | C] () -- C:\Users\Rob\Desktop\FELKCK27EDSI4PNUMHMAG_RU_T2202_XML.pdf
[2010/04/14 01:03:20 | 032,452,321 | ---- | C] () -- C:\Users\Rob\Desktop\backgroundfile-23229.zip
[2010/04/14 00:42:51 | 001,785,466 | ---- | C] () -- C:\Users\Rob\Desktop\PublicFramework.psd
[2010/04/14 00:26:11 | 000,136,615 | ---- | C] () -- C:\Users\Rob\Desktop\Public Framework.jpg
[2010/04/13 20:11:36 | 000,072,696 | R--- | C] () -- C:\Users\Rob\Desktop\PublicFramework.jpg
[2010/04/13 20:05:29 | 007,222,489 | ---- | C] () -- C:\Users\Rob\Desktop\Lecture 11-Branding.pdf
[2010/04/13 20:01:55 | 008,523,701 | ---- | C] () -- C:\Users\Rob\Desktop\Lecture 05-Open Space.pdf
[2010/04/13 19:53:14 | 000,063,765 | ---- | C] () -- C:\Users\Rob\Desktop\Lynchian map.pptx
[2010/04/13 19:10:13 | 000,166,657 | ---- | C] () -- C:\Users\Rob\Desktop\Lynchian Map.jpg
[2010/04/13 18:48:10 | 000,540,153 | ---- | C] () -- C:\Users\Rob\Desktop\Lynchian Map.pdf
[2010/04/13 18:39:18 | 006,114,242 | ---- | C] () -- C:\Users\Rob\Desktop\Context Map.psd
[2010/04/13 16:17:30 | 000,640,366 | ---- | C] () -- C:\Users\Rob\Desktop\Location map.psd
[2010/04/13 16:17:03 | 000,441,572 | ---- | C] () -- C:\Users\Rob\Desktop\Context Map.jpg
[2010/04/13 15:53:35 | 000,067,525 | ---- | C] () -- C:\Users\Rob\Desktop\Location map.jpg
[2010/04/13 15:50:29 | 000,026,063 | ---- | C] () -- C:\Users\Rob\Desktop\Location map better.gif
[2010/03/26 16:27:47 | 000,315,855 | ---- | C] () -- C:\Users\Rob\Desktop\53K-22.dwg
[2010/03/26 01:06:23 | 001,026,222 | ---- | C] () -- C:\Users\Rob\Desktop\TTCsubwayRTmap-2015.psd
[2010/03/25 16:05:29 | 009,899,611 | ---- | C] () -- C:\Users\Rob\Desktop\Distillery District.skb
[2010/03/25 15:38:58 | 000,618,122 | ---- | C] () -- C:\Users\Rob\Desktop\51G-22.dwg
[2010/03/25 13:40:33 | 006,763,217 | ---- | C] () -- C:\Users\Rob\Desktop\cityhallgondola.skb
[2010/03/25 12:57:22 | 006,734,076 | ---- | C] () -- C:\Users\Rob\Desktop\cityhallgondola.skp
[2010/03/25 01:35:31 | 000,061,128 | ---- | C] () -- C:\Users\Rob\Desktop\srt part 1.jpg
[2010/03/25 01:35:24 | 000,077,897 | ---- | C] () -- C:\Users\Rob\Desktop\srt part 2.jpg
[2010/02/26 14:06:43 | 000,078,538 | ---- | C] () -- C:\Users\Rob\Desktop\googleeee.skp
[2010/02/23 00:29:52 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010/02/07 15:47:13 | 000,783,807 | ---- | C] () -- C:\Users\Rob\Desktop\abandoned.png
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010/04/14 11:43:52 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AVG9
[2010/02/25 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2010/02/15 22:57:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ICAClient
[2010/04/29 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\LimeWire
[2010/02/17 03:45:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Opera
[2009/02/21 05:01:14 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
[2010/04/18 00:08:48 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/14 00:04:43 | 000,087,247 | ---- | M] () -- C:\aaw7boot (1).log
[2009/12/20 16:55:09 | 000,091,727 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/20 20:12:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/10/09 11:08:16 | 000,003,598 | RH-- | M] () -- C:\dell.sdr
[2010/04/29 22:36:24 | 3219,628,032 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/12 21:15:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/12 21:15:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/29 22:36:27 | 4292,837,376 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >

Here is the Extras file from the OTL scan:

OTL Extras logfile created on: 29/04/2010 10:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Rob\Documents\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 176.51 Gb Total Space | 35.75 Gb Free Space | 20.25% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.90 Gb Free Space | 50.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROB-PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = QuickSet
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"1A5A977E511ED61600002E176F048ED6FCBD8560" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6)
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Microsoft Security Essentials" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98AD61BF-A229-411A-8723-B5E7F72D725C}" = Opera 10.52
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MS Access 97 SP2" = MS Access 97 SP2
"PowerISO" = PowerISO
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/04/2010 1:59:07 AM | Computer Name = Rob-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 22/04/2010 1:38:27 AM | Computer Name = Rob-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 23/04/2010 7:13:16 PM | Computer Name = Rob-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 24/04/2010 1:41:16 PM | Computer Name = Rob-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 25/04/2010 1:28:05 AM | Computer Name = Rob-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrsysinfodirect.p5x, version: 0.0.0.0,
time stamp: 0x4911e39f Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb3b Exception code: 0xc000000d Fault offset: 0x00098189 Faulting
process id: 0x1378 Faulting application start time: 0x01cae43812004607 Faulting application
path: C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcdrsysinfodirect.p5x
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 5289f8bc-502b-11df-acbb-c8beb92909c7

Error - 25/04/2010 6:24:45 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4bae4ffc Faulting module name: NPSWF32.dll, version: 10.0.45.2, time stamp: 0x4b5f91c2
Exception
code: 0xc0000005 Fault offset: 0x001d42b6 Faulting process id: 0x1710 Faulting application
start time: 0x01cae4c5e7dba6c0 Faulting application path: C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Windows\system32\Macromed\Flash\NPSWF32.dll Report Id: 59483c54-50b9-11df-9dfd-a1780792b4c3

Error - 26/04/2010 10:21:05 AM | Computer Name = Rob-PC | Source = Google Update | ID = 20
Description =

Error - 26/04/2010 12:21:05 PM | Computer Name = Rob-PC | Source = Google Update | ID = 20
Description =

Error - 26/04/2010 1:04:41 PM | Computer Name = Rob-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 26/04/2010 1:21:05 PM | Computer Name = Rob-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 25/04/2010 3:17:42 PM | Computer Name = Rob-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 25/04/2010 3:17:42 PM | Computer Name = Rob-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 25/04/2010 3:18:07 PM | Computer Name = Rob-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 25/04/2010 3:56:23 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7034
Description = The AVG9IDSAgent service terminated unexpectedly. It has done this
1 time(s).

Error - 25/04/2010 3:59:49 PM | Computer Name = Rob-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 25/04/2010 3:59:49 PM | Computer Name = Rob-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 25/04/2010 7:17:49 PM | Computer Name = Rob-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/04/2010 1:25:53 AM | Computer Name = Rob-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 26/04/2010 1:25:53 AM | Computer Name = Rob-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/04/2010 1:26:21 AM | Computer Name = Rob-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >

Any help is much appreciated :) Thanks in advance

Edited by Robby..., 29 April 2010 - 11:07 PM.

  • 0

Advertisements

#2
RKinner
Posted 03 May 2010 - 10:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
You are missing an entry in your hosts file.

Open C:\Windows\SysNative\drivers\etc\hosts with notepad and just above the line that says

127.0.0.1 www.007guard.com

add

127.0.0.1 localhost

then Save and exit. If it gives you a hard time you can run OTL by right clicking and selecting Run As Administrator then paste in the following:

:Commands
[RESETHOSTS]

Then click on the Run Fix. This should reset your hosts file to the default.

I don't see any signs of an infection but it would not hurt to run a few scans just to make sure:

http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish

(Eset will take several hours to complete)

BitDefender's is faster:

http://www.bitdefend...nline/free.html

Ron
  • 0

#3
Robby...
Posted 04 May 2010 - 04:59 PM

Robby...

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I am not able to find that folder within my computer, and when i tried to do the OTL scan, it says its fixed but than the read me file says there was an error, but when i did a scan it did not find any threats but 007guard is still copying processes and than connecting to 007guard.com :)

What could be the reasoning behind why i cannot find this folder within my computer?
  • 0

#4
RKinner
Posted 04 May 2010 - 09:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I expect you can't see the file because it's a hidden system file.

Enable Show Hidden Files and Folders


If using Windows Vista or Windows 7:

* Close all programs so that you are at your desktop.
* Open the Control Panel menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer.
* Now your computer is configured to show all hidden files.


[Online tutorial covering the above: http://www.bleepingc...tutorial62.html]

It's possible that OTL can't reset the hosts file on 64 bit systems. Most of our tools don't work at all on 64 bit systems.

I'm positive that the missing localhost entry is the problem.

Ron
  • 0

#5
Robby...
Posted 05 May 2010 - 12:20 AM

Robby...

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks So much, much appreciated!!!

There are still some issues lol, i cannot find the SysNative folder, i ended up finding the host folder within the system32 folder which is within the windows folder.

The other issue is that i cannot save the changes because it says i do not have permission, does this mean that i will have to run windows explorer as an administrator?

The final question i have is could i/should i remove the 007guard.com entires?
  • 0

#6
RKinner
Posted 05 May 2010 - 12:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I don't have a 64bit to play with. \windows\system32\drivers\etc\hosts is where most 32bit machines put the hosts file. Not sure why 64bit is calling it SysNative if that is where they put it but that's where OTL said it was.

I was able to make a change to hosts and save it on my 32bit vista. First I made the change in notepad then I clicked on Save. It said I wasn't authorized and did I want to save it in My Documents. I said no and it went back to the Save screen showing nothing in the etc folder. I changed the Save As Type: to All Files and Hosts showed up. I rightclicked on Hosts and selected Properties then Security then Edit and Add and typed in my user name, did Check Name and OK. Then checked the Full Control for my name and OK. Then I was able to save the file (It said the file exists do I want to overwrite it.)

If you can get localhost in there there is no need to delete 007guard.com.

Ron
  • 0

#7
Robby...
Posted 05 May 2010 - 04:15 PM

Robby...

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did everything you told me but now it says that the file is a "read only" file. What can i do now lol? I even gave full access to users since this is my own personal pc and it still did not help, how do i get the file to not be a read only file?
  • 0

#8
Robby...
Posted 05 May 2010 - 04:19 PM

Robby...

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
alright i seem to have fixed this myself lmao i found out through the 'properties' menu that there was a check mark beside 'read only' now is there a chance that i opened my computer to more threats by providing all users with full control? im sorry about all the questions lol, im just new to this :)
  • 0

#9
RKinner
Posted 05 May 2010 - 07:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I think you can just go back and check read only once you have made the change. So is the 007guard stuff gone now?

Ron
  • 0

#10
Robby...
Posted 09 May 2010 - 05:42 PM

Robby...

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey Ron

Sorry for the late response, after a few days of checking my network connections, my computer is not connecting to 007guard anymore. Thanks alot for your help, much appreciated :)


If there is anything you would like me to post just let me know :)
  • 0

#11
RKinner
Posted 09 May 2010 - 06:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Since it wasn't really a malware issue I think you're done.

You can uninstall or delete any tools we had you download and their logs.

To hide hidden files again:

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.



Make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP