[Inactive] [A] Hard drive clusters damaged virus

BuzzLightYear · Jan 5, 2012

OTL Log 2

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 20:40:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
[2012/01/05 14:10:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/05 11:27:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/05 10:34:31 | 004,370,492 | R--- | C] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
[2012/01/05 10:18:25 | 000,000,000 | ---D | C] -- C:\Users\UserName\Desktop\bootkit_remover
[2012/01/02 14:54:26 | 000,000,000 | ---D | C] -- C:\Users\UserName\Desktop\QT XFER
[2012/01/02 14:00:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/02 14:00:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/02 14:00:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/02 14:00:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/02 13:55:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 01:19:31 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Malwarebytes
[2012/01/02 01:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 01:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/02 01:19:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/02 01:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/02 00:17:23 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/28 15:49:34 | 000,024,416 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011/12/21 09:24:26 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Avira
[2011/12/21 09:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/21 09:23:56 | 000,139,512 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2011/12/21 09:23:56 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/21 09:23:56 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/21 09:23:56 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/21 09:23:55 | 000,113,768 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2011/12/21 09:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/21 09:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/18 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\ESN Sonar
[2011/12/15 03:02:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 03:02:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 03:02:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 03:02:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 03:02:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 03:02:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 03:02:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 03:02:22 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 03:02:22 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 03:02:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 03:02:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 22:14:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 22:14:34 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 22:14:34 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/07 15:50:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/12/07 15:50:40 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/12/07 15:50:40 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/12/07 15:50:40 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/12/07 15:50:38 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/12/07 15:50:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/12/07 15:50:37 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/12/07 15:50:37 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/12/07 15:50:37 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/12/07 15:50:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/12/07 15:50:36 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/12/07 15:50:36 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/12/07 15:50:35 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/12/07 15:50:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/12/07 15:50:34 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/12/07 15:50:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/12/07 15:50:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/12/07 15:50:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/12/07 15:50:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/12/07 15:50:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/12/07 15:50:32 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/12/07 15:50:32 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/12/07 15:50:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/12/07 15:50:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\UserName\Desktop\*.tmp files -> C:\Users\UserName\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 20:40:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
[2012/01/05 20:30:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 16:25:49 | 001,098,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/05 16:25:49 | 000,894,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/05 16:25:49 | 000,200,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/05 16:19:42 | 000,015,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 16:19:42 | 000,015,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 16:12:35 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 16:12:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 16:12:09 | 535,437,311 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 14:20:35 | 000,001,500 | ---- | M] () -- C:\Users\UserName\Desktop\firefox.exe - Shortcut.lnk
[2012/01/05 11:03:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/05 10:39:47 | 004,370,492 | R--- | M] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
[2012/01/02 14:06:17 | 944,470,189 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 00:17:37 | 000,000,677 | ---- | M] () -- C:\Users\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/01 15:08:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/01/01 15:08:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/01 14:45:22 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/12/31 13:09:20 | 000,002,052 | ---- | M] () -- C:\Users\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/24 12:26:50 | 000,000,850 | -HS- | M] () -- C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643
[2011/12/18 03:24:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011/12/18 03:24:31 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011/12/18 03:24:31 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011/12/15 14:52:40 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/15 14:52:39 | 000,139,512 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2011/12/15 14:52:39 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/15 14:52:39 | 000,113,768 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2011/12/15 14:52:39 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/15 03:25:36 | 005,292,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/07 15:50:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\UserName\Desktop\*.tmp files -> C:\Users\UserName\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 14:20:35 | 000,001,500 | ---- | C] () -- C:\Users\UserName\Desktop\firefox.exe - Shortcut.lnk
[2012/01/02 14:00:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/02 14:00:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/02 14:00:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/02 14:00:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/02 14:00:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/02 13:23:43 | 944,470,189 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/02 00:17:37 | 000,000,677 | ---- | C] () -- C:\Users\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/24 12:26:50 | 000,000,850 | -HS- | C] () -- C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643
[2011/10/25 20:26:35 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/25 20:26:32 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/24 08:23:23 | 000,214,336 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/26 23:54:37 | 000,000,132 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/04/06 23:56:26 | 000,004,096 | ---- | C] () -- C:\Users\UserName\AppData\Local\keyfile3.drm
[2011/04/05 09:10:04 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\drivers\XHASP.sys
[2011/04/01 00:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 00:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 00:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/02/19 12:43:40 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/02/14 09:51:30 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/05 06:16:08 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/09 11:10:09 | 000,018,432 | ---- | C] () -- C:\Users\UserName\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/23 04:39:21 | 000,000,132 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/26 04:11:59 | 000,007,605 | ---- | C] () -- C:\Users\UserName\AppData\Local\Resmon.ResmonCfg
[2010/03/11 00:16:43 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/03/11 00:16:43 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010/03/11 00:16:43 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010/03/11 00:16:43 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/03/11 00:16:43 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/12/11 13:07:39 | 000,000,636 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\AutoGK.ini
[2009/12/09 23:50:17 | 001,116,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/09 13:24:18 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/12/08 14:19:10 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/12/08 13:26:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/25 16:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/08 18:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/04/04 11:52:32 | 000,003,466 | ---- | C] () -- C:\Windows\SysWow64\Nethasp.ini
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/12/06 22:49:41 | 000,001,024 | -H-- | M] () -- C:\.rnd
[2011/02/14 12:23:59 | 000,000,632 | -H-- | M] () -- C:\bar.emf
[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/12/07 00:54:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/01/05 11:07:39 | 000,045,189 | ---- | M] () -- C:\ComboFix.txt
[2012/01/05 16:12:09 | 535,437,311 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 16:12:13 | 2145,574,911 | -HS- | M] () -- C:\pagefile.sys
[2012/01/05 10:32:37 | 000,083,658 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_10.29.33_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/10/27 21:01:44 | 000,000,221 | -HS- | M] () -- C:\Users\UserName\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/05 10:39:47 | 004,370,492 | R--- | M] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
[2012/01/05 20:40:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
[1 C:\Users\UserName\Desktop\*.tmp files -> C:\Users\UserName\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/10/31 12:52:40 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/10/31 12:52:40 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/07/02 09:51:18 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/07/02 09:51:18 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/10/31 12:52:40 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/13 06:20:40 | 000,000,402 | -HS- | M] () -- C:\Users\UserName\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/19 22:09:18 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1108 bytes -> C:\ProgramData\Microsoft:tBp71bIQ8QYpmOBinZ65XM15W1
@Alternate Data Stream - 1043 bytes -> C:\ProgramData\Microsoft:UzUwfg3EPxatqyCAaCL5IVu
@Alternate Data Stream - 1034 bytes -> C:\ProgramData\Microsoft:KF981xnxss4GoEYBZPEyaa

< End of report >

BuzzLightYear · Jan 5, 2012

Extras Log 1

OTL Extras logfile created on: 1/5/2012 8:42:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\UserName\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.08% Memory free
11.99 Gb Paging File | 9.92 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 197.30 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 258.73 Gb Free Space | 55.55% Space Free | Partition Type: NTFS

Computer Name: UserName-DT | User Name: UserName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9DE00BF7-71F9-461B-9CEA-55CC6AE3F94C}" = SonicWALL Global VPN Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{C40D6727-57FE-4671-B51A-69B0F21F44B5}" = Microsoft SQL Server Management Studio Express
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15C6A704-5583-4D59-B614-A8A722509391}" = BlackBerry Smartphone Simulators 4.6.0.150 (9000)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54F5F572-BEEF-4FDA-9957-2E86C77C9B3D}" = NGRAIN Viewer 4.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E994A95-9388-4D10-8E68-54B8CBF894D3}" = Microsoft Application Error Reporting
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
"{60650813-6416-4322-B6A5-F834C2693258}" = NGRAIN Viewer 4.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6908A0A2-2B7C-403E-AC8C-79C3D6BA2E3D}" = Microsoft SQL Server 2008 R2 Report Builder 3.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880A78D0-2714-456E-96B9-990190A85AD3}_is1" = Macrobject Word-2-CHM 2009.3.114.2408
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FDCD97E-9289-4ACC-B2D6-8BF3843865A3}" = iCamSource
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"avi.NET 2.7.0.0" = avi.NET 2.7.0.0
"Avira AntiVir Desktop" = Avira Internet Security 2012
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESN Sonar-0.70.4" = ESN Sonar
"Fences" = Fences
"FVSDK_8_2_1" = FaceVACS-SDK 8.2.1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"SystemRequirementsLab" = System Requirements Lab
"VirtualLab 7 Client_is1" = VirtualLab Client 6.0.4
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.8
"VLMC" = VideoLAN Movie Creator
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

BuzzLightYear · Jan 5, 2012

Extras Log 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2012 1:31:41 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_8.0-ipp_crtdll_g\libueye-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:42 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\libbiospi-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:43 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\libfrsdk-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:43 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\liboutput-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:43 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\libueye-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:44 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_8.0-ipp_crtdll_g\libbiospi-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:44 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_8.0-ipp_crtdll_g\libfrsdk-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:44 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_9.0-ipp_crtdll_g\libbiospi-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:45 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_9.0-ipp_crtdll_g\libfrsdk-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:31:45 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_9.0-ipp_crtdll_g\liboutput-8.2.1d.dll.Manifest".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=273); Win32 GetLastError
returned 0E
Process: DefaultDomain
Object Name: Media Center Guide

Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=230); Win32 GetLastError
returned 0E
Process: DefaultDomain
Object Name: Media Center Guide

Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.TimerRecord failed (LogId=28); Win32 GetLastError
returned 0E
Process: DefaultDomain
Object Name: Media Center Guide

Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=58); Win32 GetLastError
returned 0E
Process: DefaultDomain
Object Name: Media Center Guide

Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=30); Win32 GetLastError
returned 0E
Process: DefaultDomain
Object Name: Media Center Guide

Error - 2/21/2011 4:05:27 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
Description = 3:05:26 AM - Error connecting to the internet. 3:05:26 AM - Unable
to contact server..

Error - 2/21/2011 5:06:08 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
Description = 4:06:07 AM - Error connecting to the internet. 4:06:07 AM - Unable
to contact server..

Error - 2/21/2011 6:06:50 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
Description = 5:06:50 AM - Error connecting to the internet. 5:06:50 AM - Unable
to contact server..

Error - 2/21/2011 7:07:32 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
Description = 6:07:32 AM - Error connecting to the internet. 6:07:32 AM - Unable
to contact server..

Error - 2/26/2011 4:41:55 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
Description = 3:41:54 AM - Error connecting to the internet. 3:41:54 AM - Unable
to contact server..

[ OSession Events ]
Error - 4/14/2010 10:55:57 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/14/2010 10:59:13 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/14/2010 10:59:56 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/14/2010 11:00:03 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/14/2010 3:11:44 PM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/15/2010 11:35:41 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5103
seconds with 360 seconds of active time. This session ended with a crash.

Error - 4/20/2010 11:20:26 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5323
seconds with 2700 seconds of active time. This session ended with a crash.

Error - 4/27/2010 10:16:32 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5460
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 7/29/2010 5:35:03 PM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 243874
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 6/9/2011 1:25:33 PM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 102771
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/5/2012 2:15:11 PM | Computer Name = UserName-DT | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR7.

Error - 1/5/2012 2:15:12 PM | Computer Name = UserName-DT | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR7.

Error - 1/5/2012 2:15:48 PM | Computer Name = UserName-DT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Maxtor [1TB].

Error - 1/5/2012 2:21:03 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7000
Description = The SQL Server FullText Search (MSSQLSERVER) service failed to start
due to the following error: %%2

Error - 1/5/2012 2:21:04 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7003
Description = The Net.Msmq Listener Adapter service depends the following service:
msmq. This service might not be installed.

Error - 1/5/2012 3:50:58 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7000
Description = The SQL Server FullText Search (MSSQLSERVER) service failed to start
due to the following error: %%2

Error - 1/5/2012 3:50:58 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7003
Description = The Net.Msmq Listener Adapter service depends the following service:
msmq. This service might not be installed.

Error - 1/5/2012 5:12:26 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7000
Description = The SQL Server FullText Search (MSSQLSERVER) service failed to start
due to the following error: %%2

Error - 1/5/2012 5:12:27 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7003
Description = The Net.Msmq Listener Adapter service depends the following service:
msmq. This service might not be installed.

Error - 1/5/2012 9:40:08 PM | Computer Name = UserName-DT | Source = bowser | ID = 8003
Description =

< End of report >

Broni · Jan 5, 2012

I can't proceed.
You didn't say:

How is computer doing?

BuzzLightYear · Jan 5, 2012

My apologies, got caught up in chopping logs!

Seems better. MUCH better. MalWareBytes is no longer blocking outgoing (unknown) traffic and I've run a few stability checks and all seems to be well. I've noticed that a good amount of my files (including system) have been R/O or hidden. I manually restored most of them however I still seem to have missed something as all of my program folders are empty, though the exe's are able to be launched via CMD prompt and/or through the Program Files menus.

All in all, system stability is MUCH improved. I will most assuredly be making a donation via your PP link and sending TechSpot a "much appreciated" letter on your behalf, as I'd have been lost in the sauce without your help, I can't say thank-you enough Broni!

Broni · Jan 5, 2012

Good

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: xpect-software.com ([xpectsoftwarellc] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/12/24 12:26:50 | 000,000,850 | -HS- | M] () -- C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643
@Alternate Data Stream - 1108 bytes -> C:\ProgramData\Microsoft:tBp71bIQ8QYpmOBinZ65XM15W1
@Alternate Data Stream - 1043 bytes -> C:\ProgramData\Microsoft:UzUwfg3EPxatqyCAaCL5IVu
@Alternate Data Stream - 1034 bytes -> C:\ProgramData\Microsoft:KF981xnxss4GoEYBZPEyaa

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

BuzzLightYear · Jan 5, 2012

OTL Log 2

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all video with BitComet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home\ deleted successfully.
Invalid CLSID key: *.home
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.apac\ deleted successfully.
Invalid CLSID key: *.home.apac
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.emea\ deleted successfully.
Invalid CLSID key: *.home.emea
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.noam\ deleted successfully.
Invalid CLSID key: *.home.noam
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint\ deleted successfully.
Invalid CLSID key: *.sharepoint
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.apac\ deleted successfully.
Invalid CLSID key: *.sharepoint.apac
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.emea\ deleted successfully.
Invalid CLSID key: *.sharepoint.emea
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.noam\ deleted successfully.
Invalid CLSID key: *.sharepoint.noam
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****\****\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643 not found.
ADS C:\ProgramData\Microsoft:tBp71bIQ8QYpmOBinZ65XM15W1 deleted successfully.
ADS C:\ProgramData\Microsoft:UzUwfg3EPxatqyCAaCL5IVu deleted successfully.
ADS C:\ProgramData\Microsoft:KF981xnxss4GoEYBZPEyaa deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 202776 bytes
->FireFox cache emptied: 127677976 bytes
->Flash cache emptied: 54387 bytes

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: UserName
->Temp folder emptied: 268357 bytes
->Temporary Internet Files folder emptied: 195310477 bytes
->Java cache emptied: 41735669 bytes
->FireFox cache emptied: 54540654 bytes
->Flash cache emptied: 1982809 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-UserName-DT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx2-UserName-DT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Pina
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.UserName-DT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1704518 bytes
%systemroot%\System32 .tmp files removed: 1095010 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8413274 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67883 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 413.00 mb

[EMPTYFLASH]

BuzzLightYear · Jan 5, 2012

Security Check Log

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````

Broni · Jan 5, 2012

Looks good.
Go on....

BuzzLightYear · Jan 5, 2012

Ran TFC (didn't see a report, but system rebooted) and running ESET now. Looks like it'll take awhile; 23 mins in @ 10%.

Thanks again Broni.

Broni · Jan 5, 2012

Sure thing
"Toy Story", one of my favorite movies. Seen all three of them

BuzzLightYear · Jan 6, 2012

Nice, me too. The last one was the best imho!

If there is anything I can do to repay you, PLEASE let me know. I can't tell you enough how much I appreciate you walking me through this. I figured I was losing all my data and reformatting... instead I was able to setup a separate scan-station and transfer it all safely, thanks to you.

Broni · Jan 6, 2012

If there is anything I can do to repay you

You just did:

I can't tell you enough how much I appreciate you walking me through this

Broni · Jan 11, 2012

What happened to Eset scan?

Broni · Jan 18, 2012

Still with me?

TechSpot

[Inactive] [A] Hard drive clusters damaged virus

BuzzLightYear Newcomer, in training

BuzzLightYear Newcomer, in training

BuzzLightYear Newcomer, in training

Broni Malware Annihilator

BuzzLightYear Newcomer, in training

Broni Malware Annihilator

BuzzLightYear Newcomer, in training

BuzzLightYear Newcomer, in training

Broni Malware Annihilator

BuzzLightYear Newcomer, in training

Broni Malware Annihilator

BuzzLightYear Newcomer, in training

Broni Malware Annihilator

Broni Malware Annihilator

Broni Malware Annihilator