MBAM found and removed Funweb but the problem is still there after reboot. Paid AVG runs each morning but has failed to detect anything.
AD Aware didn;t find anything. I've checked my router an firewall but can't see any changes.
Logs:
GMER: No log - says "C\windows\system32\config\system - the system cannot find the file specified" on starting the program. Then when I click Scan it says 'C\windows\system32\config\system - the process cannot access the file because it is buing used by another process' Then the scan starts and appears to run and says no system modifications have been detected.
------------------------------------
MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4096
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
13/05/2010 9:41:38 PM
mbam-log-2010-05-13 (21-41-38).txt
Scan type: Quick scan
Objects scanned: 127491
Time elapsed: 3 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
-------------------------------------------------------------------
OTL:
OTL logfile created on: 5/13/2010 9:55:48 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\MBC\Downloads\Malware Removal Tools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.16 Gb Total Space | 907.57 Gb Free Space | 64.96% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 387.61 Gb Free Space | 20.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 61.82 Mb Free Space | 61.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MBC-PC
Current User Name: MBC
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/13 21:55:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\MBC\Downloads\Malware Removal Tools\OTL.exe
PRC - [2010/04/20 09:19:09 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 22:57:56 | 000,554,640 | ---- | M] () -- C:\Program Files (x86)\TwonkyMedia\bgtrans.exe
PRC - [2010/04/01 22:57:54 | 000,214,672 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverconfig.exe
PRC - [2010/04/01 22:57:54 | 000,149,136 | ---- | M] () -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe
PRC - [2010/04/01 22:57:52 | 001,164,944 | ---- | M] () -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserver.exe
PRC - [2010/03/05 07:15:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 07:15:12 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/02/10 18:20:00 | 001,363,456 | ---- | M] (Angus Johnson) -- C:\Program Files (x86)\Internode\mum.exe
PRC - [2010/01/27 10:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/09/24 22:29:06 | 000,070,144 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe
PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
========== Modules (SafeList) ==========
MOD - [2010/05/13 21:55:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\MBC\Downloads\Malware Removal Tools\OTL.exe
MOD - [2009/07/14 11:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/03/27 20:44:05 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/09/24 08:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 11:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 11:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 11:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 11:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 11:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 11:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 11:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 11:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 11:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 11:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 11:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 11:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 11:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 11:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 11:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 11:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 11:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 11:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 11:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 11:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/05/12 19:19:27 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 19:43:28 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 22:57:54 | 000,149,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2010/03/13 04:33:04 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/05 07:15:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/24 22:29:06 | 000,070,144 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe -- (Foxtel)
SRV - [2009/07/14 13:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 13:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 06:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/11 06:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008/04/10 13:49:10 | 000,018,944 | ---- | M] (CL) [Auto | Running] -- C:\Program Files (x86)\SteamWatch\SteamWatch.exe -- (SteamWatch)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/04/20 09:19:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/03/05 07:15:16 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/05 07:15:13 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/03/05 07:15:13 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/02/05 01:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/11 20:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/24 09:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 16:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 11:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 11:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 11:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 11:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 11:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 11:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 11:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 11:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 11:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/14 10:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 10:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 10:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 10:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 10:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 10:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 10:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 10:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 10:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 10:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/14 10:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 10:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 10:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 10:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 10:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 10:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 09:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 09:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 09:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 09:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 09:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 09:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 09:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 09:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 09:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/14 09:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/11 06:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2010/05/06 20:14:57 | 000,222,160 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/27 09:55:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/14 11:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/11 07:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/11 07:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 6D 2F 19 79 3E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/20 12:18:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/24 16:00:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/26 07:00:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/04/30 19:24:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010/04/30 19:24:44 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Mozilla\Extensions
[2010/04/30 19:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MBC\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/31 07:34:59 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Mozilla\Firefox\Profiles\zukge6or.default\extensions
[2010/04/20 12:18:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/20 12:18:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/12 19:17:26 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 19:17:26 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 19:17:26 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 19:17:26 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [InternodeUsage] C:\Program Files (x86)\Internode\mum.exe (Angus Johnson)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Playlist - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: TwonkyBeam to - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Playlist - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: TwonkyBeam to - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: TwonkyBeam - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3f3f6ece-af99-11de-a8b7-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{3f3f6ece-af99-11de-a8b7-00241d1e0a2f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{43ffb729-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb729-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb789-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb789-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb79d-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb79d-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7a1-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7a1-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7c0-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7c0-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7c4-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7c4-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7e4-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7e4-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7e9-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7e9-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7f5-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7f5-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7f9-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7f9-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{96c0b913-3d65-11df-ac6c-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{96c0b913-3d65-11df-ac6c-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{96c0b917-3d65-11df-ac6c-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{96c0b917-3d65-11df-ac6c-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{caec0a83-3d68-11df-8574-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{caec0a83-3d68-11df-8574-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{caec0a86-3d68-11df-8574-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{caec0a86-3d68-11df-8574-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d8d0cd1c-3d29-11df-a8bd-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{d8d0cd1c-3d29-11df-a8bd-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{f624c2eb-393e-11df-bf20-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{f624c2eb-393e-11df-bf20-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{f624c2f0-393e-11df-bf20-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{f624c2f0-393e-11df-bf20-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 13:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/05/13 21:36:59 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Malwarebytes
[2010/05/13 21:36:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/13 21:36:53 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/13 21:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/13 21:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/13 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/13 21:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/12 19:20:14 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/12 19:17:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/06 20:16:18 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\TrueCrypt
[2010/05/06 20:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010/05/06 20:14:57 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010/05/06 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt
[2010/05/06 20:02:05 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/03 15:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TwonkyMedia
[2010/05/02 18:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacketVideo
[2010/05/02 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\MBC\Documents\twonkymedia-server-uploaded-data
[2010/05/02 18:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TwonkyMedia
[2010/05/01 13:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/01 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/01 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/01 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/01 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/30 21:32:25 | 000,000,000 | ---D | C] -- C:\Users\MBC\Documents\downloads
[2010/04/30 21:25:51 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\sabnzbd
[2010/04/30 21:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SABnzbd
[2010/04/30 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Thunderbird
[2010/04/30 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\Thunderbird
[2010/04/30 19:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/04/25 16:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/25 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/04/24 16:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/24 16:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/23 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\DA_CharGenMorphCompiler
[2010/04/17 06:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/17 06:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/08 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\Conceiva
[2010/04/03 18:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/01 17:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Huawei technologies
[2010/04/01 17:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/03/27 20:44:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/27 20:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/03/27 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optus Wireless Broadband
[2010/03/19 19:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/03/13 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/03/13 14:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/03/13 14:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2010/03/13 14:01:36 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\Downloaded Installations
[2010/03/13 14:01:31 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/03/12 18:33:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/09 17:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/03/05 07:15:16 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/04 17:56:21 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Leadertech
[2010/02/21 14:23:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/02/17 22:02:54 | 000,000,000 | ---D | C] -- C:\Windows\SQLTools9_KB970892_ENU
[2010/02/17 22:02:04 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010/02/16 18:37:07 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Dragon Age Toolset
[2010/02/16 17:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/02/16 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/02/16 17:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAODB
[2010/02/15 08:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/02/14 22:25:03 | 000,000,000 | ---D | C] -- C:\Users\MBC\Desktop\7-Zip
[2010/02/14 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\MBC\Documents\DAModder
========== Files - Modified Within 90 Days ==========
[2010/05/13 21:58:19 | 002,621,440 | -HS- | M] () -- C:\Users\MBC\ntuser.dat
[2010/05/13 21:50:26 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 21:50:26 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 21:43:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 21:43:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 21:43:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/13 21:43:06 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/13 21:41:50 | 010,477,958 | -H-- | M] () -- C:\Users\MBC\AppData\Local\IconCache.db
[2010/05/13 21:36:56 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 21:33:31 | 000,000,936 | ---- | M] () -- C:\Users\MBC\Desktop\NTREGOPT.lnk
[2010/05/13 21:33:31 | 000,000,917 | ---- | M] () -- C:\Users\MBC\Desktop\ERUNT.lnk
[2010/05/13 21:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 21:01:42 | 000,271,360 | ---- | M] () -- C:\Users\MBC\Documents\INBOX.pst
[2010/05/13 20:50:01 | 000,000,000 | ---- | M] () -- C:\Users\MBC\AppData\Local\prvlcl.dat
[2010/05/13 20:38:42 | 059,932,514 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/13 20:10:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/13 20:10:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/05/12 20:22:15 | 000,007,675 | ---- | M] () -- C:\Users\MBC\AppData\Local\Resmon.ResmonCfg
[2010/05/12 19:20:13 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/12 19:20:06 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/12 19:17:16 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 18:49:54 | 000,779,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/11 18:49:54 | 000,665,914 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/11 18:49:54 | 000,125,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/09 07:18:28 | 000,170,436 | ---- | M] () -- C:\Users\MBC\Desktop\mothersdaycd1.jpg
[2010/05/06 20:14:57 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010/05/03 15:19:09 | 000,001,133 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyMedia Tray Control.lnk
[2010/05/02 18:18:49 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\TwonkyMedia Manager.lnk
[2010/05/02 18:18:06 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv5
[2010/05/02 13:35:23 | 000,162,816 | ---- | M] () -- C:\Users\MBC\Documents\Laura's party.doc
[2010/05/02 06:59:21 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2010/05/01 13:02:11 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 21:25:43 | 000,001,003 | ---- | M] () -- C:\Users\MBC\Desktop\SABnzbd.lnk
[2010/04/30 19:24:38 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/29 22:27:19 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 22:27:19 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 22:27:19 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TM.blf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/24 16:00:40 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/22 19:37:50 | 000,360,308 | ---- | M] () -- C:\Users\MBC\Desktop\billion7404-set-up-guide-update-feb09.pdf
[2010/04/20 12:45:01 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:45:01 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TM.blf
[2010/04/20 12:45:00 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:16:55 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TM.blf
[2010/04/20 11:05:31 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/20 09:19:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/17 13:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/17 13:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/17 13:22:50 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TM.blf
[2010/04/08 19:32:39 | 000,001,794 | ---- | M] () -- C:\Users\MBC\Desktop\Mezzmo.lnk
[2010/04/08 14:26:30 | 000,025,088 | ---- | M] () -- C:\Users\MBC\Documents\fan fict.doc
[2010/04/06 16:34:42 | 000,004,096 | -H-- | M] () -- C:\Users\MBC\AppData\Local\keyfile3.drm
[2010/04/03 17:42:19 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/04/01 17:53:13 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Connect.lnk
[2010/03/27 20:16:22 | 000,284,832 | ---- | M] () -- C:\Users\MBC\Documents\bookmarks.html
[2010/03/19 10:53:26 | 000,001,885 | ---- | M] () -- C:\Users\MBC\Desktop\Dragon Age Origins - Awakening.lnk
[2010/03/18 19:17:11 | 000,001,510 | ---- | M] () -- C:\Users\MBC\Desktop\SteamWatchTray - Shortcut.lnk
[2010/03/14 14:27:09 | 000,001,648 | ---- | M] () -- C:\Users\MBC\Desktop\RealTemp - Shortcut.lnk
[2010/03/12 18:39:05 | 000,000,499 | ---- | M] () -- C:\Windows\win.ini
[2010/03/12 18:33:43 | 264,453,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/05 07:15:16 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/03/05 07:15:16 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/05 07:15:13 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/03/05 07:15:13 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/02/17 22:02:27 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/13 15:39:12 | 000,001,351 | ---- | M] () -- C:\Users\MBC\Desktop\Sticky Notes.lnk
========== Files Created - No Company Name ==========
[2010/05/13 21:36:56 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 21:33:31 | 000,000,936 | ---- | C] () -- C:\Users\MBC\Desktop\NTREGOPT.lnk
[2010/05/13 21:33:31 | 000,000,917 | ---- | C] () -- C:\Users\MBC\Desktop\ERUNT.lnk
[2010/05/12 19:17:16 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/12 19:15:17 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/09 07:18:52 | 000,170,436 | ---- | C] () -- C:\Users\MBC\Desktop\mothersdaycd1.jpg
[2010/05/03 15:19:09 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyMedia Tray Control.lnk
[2010/05/02 18:18:49 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\TwonkyMedia Manager.lnk
[2010/05/02 18:18:06 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv5
[2010/05/02 13:35:23 | 000,162,816 | ---- | C] () -- C:\Users\MBC\Documents\Laura's party.doc
[2010/05/01 13:02:11 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 21:25:43 | 000,001,003 | ---- | C] () -- C:\Users\MBC\Desktop\SABnzbd.lnk
[2010/04/30 19:24:38 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/29 06:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 06:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 06:19:46 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TM.blf
[2010/04/25 16:59:47 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 16:59:46 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:00:40 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/22 19:37:50 | 000,360,308 | ---- | C] () -- C:\Users\MBC\Desktop\billion7404-set-up-guide-update-feb09.pdf
[2010/04/20 12:20:48 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:20:48 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:20:48 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TM.blf
[2010/04/20 12:08:50 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:08:49 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:08:49 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TM.blf
[2010/04/18 15:49:20 | 736,210,942 | ---- | C] () -- C:\Users\MBC\Desktop\Cars.avi
[2010/04/17 06:45:50 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/17 06:45:50 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/17 06:45:50 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TM.blf
[2010/04/08 19:32:39 | 000,001,794 | ---- | C] () -- C:\Users\MBC\Desktop\Mezzmo.lnk
[2010/04/08 18:40:41 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2010/04/08 14:21:00 | 000,025,088 | ---- | C] () -- C:\Users\MBC\Documents\fan fict.doc
[2010/04/06 16:34:42 | 000,004,096 | -H-- | C] () -- C:\Users\MBC\AppData\Local\keyfile3.drm
[2010/04/03 17:42:19 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/04/01 17:53:13 | 000,002,241 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Connect.lnk
[2010/03/27 20:16:22 | 000,284,832 | ---- | C] () -- C:\Users\MBC\Documents\bookmarks.html
[2010/03/19 10:53:26 | 000,001,885 | ---- | C] () -- C:\Users\MBC\Desktop\Dragon Age Origins - Awakening.lnk
[2010/03/18 19:17:11 | 000,001,510 | ---- | C] () -- C:\Users\MBC\Desktop\SteamWatchTray - Shortcut.lnk
[2010/03/14 14:27:09 | 000,001,648 | ---- | C] () -- C:\Users\MBC\Desktop\RealTemp - Shortcut.lnk
[2010/03/12 18:33:43 | 264,453,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/09 17:59:10 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/02 18:08:01 | 000,000,000 | ---- | C] () -- C:\Users\MBC\AppData\Local\prvlcl.dat
[2010/02/16 17:06:54 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/13 15:39:12 | 000,001,351 | ---- | C] () -- C:\Users\MBC\Desktop\Sticky Notes.lnk
[2009/09/26 21:24:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2009/11/22 22:27:21 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\AVG9
[2010/02/16 18:37:07 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Dragon Age Toolset
[2010/03/23 14:00:34 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Internode
[2010/03/04 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Leadertech
[2009/11/22 21:32:38 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\PMS
[2010/04/30 19:24:43 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Thunderbird
[2010/05/06 20:18:57 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\TrueCrypt
[2010/04/25 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\uTorrent
[2010/03/27 06:17:12 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/05/13 21:43:05 | 000,000,892 | ---- | M] () -- C:\aaw7boot.log
[2010/05/13 21:43:06 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/13 21:43:06 | 2145,705,983 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 11:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 11:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
[2010/05/06 20:14:57 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWOW64\drivers\truecrypt.sys
< End of report >
Extras:
OTL Extras logfile created on: 5/13/2010 9:55:48 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\MBC\Downloads\Malware Removal Tools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.16 Gb Total Space | 907.57 Gb Free Space | 64.96% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 387.61 Gb Free Space | 20.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 61.82 Mb Free Space | 61.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MBC-PC
Current User Name: MBC
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416019FF}" = Java 6 Update 19 (64-bit)
"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{591362D4-590B-457E-9BA3-F4D9508B88BA}" = MobileMe Control Panel
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{208232B9-98B0-40CD-96B5-1362534D3830}" = Cashflow Manager 7.1.0.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6FC943-504B-46DB-A53A-132EDFF4899D}" = Foxtel Download Manager 4.1.500.11
"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation
"{672017AB-BD22-FEED-D058-BC761279EF3D}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AAEC5C-BA64-4655-A7B7-67874574530B}" = e-tax 2009
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F62F54-9CF5-480A-9BB4-2087B90A7A6B}_is1" = SteamWatch
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista
"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static
"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New
"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG 9.0
"Common-Use Signing Interface" = Common-Use Signing Interface
"ERUNT_is1" = ERUNT 1.1j
"FOXTEL Download Player" = FOXTEL Download Player
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 8.1a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Picasa 3" = Picasa 3
"SABnzbd" = SABnzbd (remove only)
"Steam App 17450" = Dragon Age: Origins
"Steam App 17460" = Mass Effect
"Steam App 47730" = Dragon Age: Origins - Awakening
"TrueCrypt" = TrueCrypt
"TwonkyBeam" = TwonkyBeam
"TwonkyMedia Manager" = TwonkyMedia Manager
"TwonkyMediaTwonkyMedia" = TwonkyMedia
"VLC media player" = VLC media player 1.0.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Thanks in advance.