Solved Problems when booting up [Rootkit]

I uninstalled the program 'Virgin Media Wireless Manager' and let Windows configure my wireless network before I read your post. It works! I can only assume that the program itself had somehow become corrupted. I will re-install it later if necessary. I have re-run both commands and will post the logs below. I am still having problems with the computer freezing on reboot though, but something I noticed yesterday was that a game disc was left in the tray and it rebooted quite easily. Without it, or with the Windows CD, I'm having problems. I have also re-installed Avast Anti-Virus now.
Anyway, here are the logs...

Pinging google.com [74.125.230.113] with 32 bytes of data:



Reply from 74.125.230.113: bytes=32 time=19ms TTL=53

Reply from 74.125.230.113: bytes=32 time=24ms TTL=53

Reply from 74.125.230.113: bytes=32 time=19ms TTL=53

Reply from 74.125.230.113: bytes=32 time=35ms TTL=53



Ping statistics for 74.125.230.113:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 35ms, Average = 24ms
==================================================================



Windows IP Configuration



Host Name . . . . . . . . . . . . : irongiant

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-19-DB-29-81-97



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

Physical Address. . . . . . . . . : 00-11-3B-17-C5-D7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 13 February 2011 10:10:52

Lease Expires . . . . . . . . . . : 14 February 2011 10:10:52

 

Another thought, could the rebooting problems, given that the date in CMOS resets to 01/01/2006, be related to the CMOS battery?

 

OTL Log in 2 parts as it is too long....


OTL logfile created on: 13/02/2011 19:17:49 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Stuart Brodie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 82.86 Gb Free Space | 35.58% Space Free | Partition Type: NTFS
Drive D: | 76.69 Gb Total Space | 19.97 Gb Free Space | 26.04% Space Free | Partition Type: NTFS
Drive E: | 542.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: IRONGIANT | User Name: Stuart Brodie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 19:16:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart Brodie\Desktop\OTL.exe
PRC - [2011/01/13 08:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 08:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/22 16:41:38 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/28 13:09:36 | 000,794,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/02/16 06:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 19:16:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart Brodie\Desktop\OTL.exe
MOD - [2011/01/13 08:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/12/22 16:44:31 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/13 08:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (AFGSp50)
DRV - [2011/01/13 08:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 08:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 08:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 08:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 08:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 08:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/08 03:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/12/27 14:47:56 | 000,012,928 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys -- (RapportIaso)
DRV - [2010/12/03 19:07:23 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/10/03 22:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/04/12 08:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/31 05:58:48 | 000,342,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/20 20:27:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/07/10 01:56:00 | 004,449,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/01 14:28:38 | 000,095,488 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/10/18 09:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/10/17 12:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/02/02 09:33:18 | 000,026,752 | ---- | M] (IC Plus Corp. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 05:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-117609710-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
IE - HKU\S-1-5-21-1935655697-117609710-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/22 16:44:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 12:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/11 12:39:54 | 000,000,000 | ---D | M]

[2010/02/07 16:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Extensions
[2011/01/01 14:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\extensions
[2010/05/07 10:41:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 08:30:38 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/12/11 08:30:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\extensions\engine@conduit.com
[2010/02/21 11:36:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\extensions\firefox@tvunetworks.com
[2010/09/16 17:12:47 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\extensions\textlinks@playsushi.com
[2010/05/26 14:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\searchplugins\askcom.xml
[2011/01/01 14:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 10:44:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2002/03/15 12:53:24 | 000,679,936 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/02/12 17:17:19 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1935655697-117609710-725345543-1004..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-1935655697-117609710-725345543-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet SP907GK Wireless Network Utility.lnk = C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-117609710-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265459512921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1265463721312 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stuart Brodie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stuart Brodie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/04 21:48:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/06/14 02:55:32 | 000,000,000 | R--D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [1999/06/13 19:56:36 | 000,061,440 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/05/30 19:08:48 | 000,011,478 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [1999/05/03 16:12:46 | 000,000,073 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308550258917376)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 19:16:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stuart Brodie\Desktop\OTL.exe
[2011/02/13 16:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bullfrog
[2011/02/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bullfrog
[2011/02/13 10:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/02/13 10:16:07 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/13 10:16:07 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/13 10:16:05 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/13 10:16:04 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/13 10:16:03 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/13 10:16:03 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/13 10:16:02 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/13 10:15:39 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/13 10:15:38 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/12 19:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/02/12 17:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/02/08 16:09:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/07 22:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/07 20:04:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/07 20:00:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/07 20:00:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/07 20:00:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/07 20:00:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/07 19:59:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/07 19:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/06 14:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Application Data\Malwarebytes
[2011/02/06 14:48:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/06 14:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/06 14:48:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/06 14:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/06 14:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Desktop\Removal
[2011/02/06 09:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/31 19:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Application Data\Kalypso Media
[2011/01/31 19:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Start Menu\Programs\House MD
[2011/01/31 09:15:57 | 000,382,552 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Stuart Brodie\Desktop\Norton.exe
[2011/01/31 09:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Start Menu\Programs\Project Rescue Africa
[2011/01/31 09:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Start Menu\Programs\Mahjong Memoirs
[2011/01/31 09:01:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Mahjong Memoirs
[2011/01/31 08:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Local Settings\Application Data\uTorrentBar
[2011/01/30 18:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Application Data\Dekovir
[2011/01/30 17:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Application Data\Green Clover Games
[2011/01/30 17:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2011/01/24 19:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart Brodie\Desktop\Documents
[2011/01/18 15:32:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/01/18 15:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/13 19:17:46 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-117609710-725345543-1004.job
[2011/02/13 19:17:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-117609710-725345543-1004.job
[2011/02/13 19:16:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart Brodie\Desktop\OTL.exe
[2011/02/13 18:40:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/13 13:40:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/13 10:50:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/13 10:42:09 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/13 10:16:04 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/13 01:54:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/12 19:31:36 | 000,000,462 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Application Data\SamsungLiveUpdateConfig.ini
[2011/02/12 19:23:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/12 19:23:11 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/12 19:11:15 | 007,348,224 | ---- | M] () -- C:\WINDOWS\sectest.db
[2011/02/12 17:46:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/12 17:46:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/12 17:20:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/12 17:17:19 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/11 22:58:02 | 000,527,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/11 22:58:02 | 000,096,148 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/07 20:04:47 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2011/02/06 15:26:02 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\svwlyil.sys
[2011/02/06 10:08:41 | 000,069,662 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Desktop\PageDefrag.zip
[2011/02/06 10:07:36 | 001,309,050 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Desktop\DuplicateCleaner_setup.exe
[2011/02/06 09:35:17 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2011/02/01 09:55:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/31 19:13:12 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Desktop\House MD.lnk
[2011/01/31 13:35:09 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 09:16:07 | 000,382,552 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Stuart Brodie\Desktop\Norton.exe
[2011/01/27 19:17:45 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/27 19:17:45 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/18 15:33:58 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/13 10:50:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/12 19:09:21 | 007,348,224 | ---- | C] () -- C:\WINDOWS\sectest.db
[2011/02/12 17:00:48 | 000,007,486 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\reset.log
[2011/02/11 22:57:58 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/02/11 22:57:58 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/02/11 22:57:58 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/02/11 22:57:58 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/02/11 22:57:58 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/02/11 22:57:58 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/02/11 22:57:57 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/02/11 22:57:57 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/02/11 22:57:57 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/02/11 22:57:57 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/02/11 22:57:57 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/02/11 22:57:57 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/02/11 22:57:57 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/02/11 22:57:57 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011/02/11 22:57:57 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/02/11 22:57:57 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/02/11 22:57:57 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/02/07 23:02:35 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/07 20:04:47 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2011/02/07 20:04:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/07 20:00:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/07 20:00:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/07 20:00:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/07 20:00:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/07 20:00:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/06 15:26:02 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\svwlyil.sys
[2011/02/06 10:08:39 | 000,069,662 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Desktop\PageDefrag.zip
[2011/02/06 10:07:22 | 001,309,050 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Desktop\DuplicateCleaner_setup.exe
[2011/01/31 19:13:12 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Desktop\House MD.lnk
[2011/01/23 08:56:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-117609710-725345543-1004.job
[2011/01/18 15:33:05 | 000,003,630 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/12/05 08:47:43 | 000,002,552 | ---- | C] () -- C:\WINDOWS\Wavemix.ini
[2010/12/05 08:47:42 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Powertcp.ini
[2010/12/02 22:06:35 | 000,472,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/02 09:56:29 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Application Data\setup.log
[2010/06/02 09:56:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Application Data\setup_ldm.iss
[2010/05/11 15:06:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Application Data\downloads.m3u
[2010/05/05 14:18:39 | 000,347,472 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Local Settings\Application Data\MB.SAV
[2010/05/03 18:13:36 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Application Data\PnkBstrK.sys
[2010/05/03 18:13:36 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/21 15:55:11 | 000,020,102 | ---- | C] () -- C:\Program Files\Readme.txt
[2010/03/21 15:55:11 | 000,010,960 | ---- | C] () -- C:\Program Files\EULA.txt
[2010/03/20 20:27:08 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/20 13:31:32 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Application Data\default.rss
[2010/02/27 14:33:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Local Settings\Application Data\rx_image32.Cache
[2010/02/14 12:47:44 | 000,000,100 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/02/08 18:51:20 | 000,000,334 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/02/08 13:22:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/07 16:16:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/07 16:16:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/07 16:16:50 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/07 16:16:50 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/07 16:16:49 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/02/07 16:16:46 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/07 15:20:27 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 09:26:14 | 000,000,462 | ---- | C] () -- C:\Documents and Settings\Stuart Brodie\Application Data\SamsungLiveUpdateConfig.ini
[2010/02/07 08:03:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/04 22:06:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/02/04 21:57:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2010/02/04 21:53:54 | 000,002,653 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/02/04 21:53:53 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/02/04 21:41:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/28 16:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/12/02 15:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
[2010/09/08 15:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/02/13 10:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/16 18:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/02/27 14:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2010/03/20 20:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/06/11 17:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2010/12/06 07:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/04/06 15:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/05 19:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/01/30 17:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2010/06/07 19:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Harley-Davidson_ Race to the Rally Saves
[2010/06/03 15:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/02/08 13:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/12/05 09:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/12/04 08:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/04/15 20:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2010/08/02 07:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/08/02 07:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010/02/27 13:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2011/02/08 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/04/17 14:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/02/11 18:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/02/26 21:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QB9
[2010/02/27 14:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/02/11 23:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2010/05/20 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2010/06/14 05:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/05/07 10:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/02/27 14:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/27 13:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/03/07 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinAVI
[2010/07/13 05:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2010/07/04 12:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\AMozilla
[2010/02/07 15:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\AnvSoft
[2010/05/16 19:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Ashampoo
[2010/05/22 20:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\AviDvdBurner
[2010/08/27 10:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Big Fish Games
[2010/02/07 09:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/20 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\DAEMON Tools Pro
[2010/03/13 11:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\DarkParablesBriarRose_BFG
[2011/01/30 18:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Dekovir
[2010/05/28 20:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\ERS G-Studio
[2010/04/30 05:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Freeze Tag
[2010/09/05 19:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Gamers Digital
[2010/06/22 11:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Games
[2010/02/16 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\GamesCafe
[2010/04/02 19:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Gearbox Software
[2010/10/09 07:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\GOL_byHasbro
[2011/01/30 17:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Green Clover Games
[2010/03/09 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\iMaxGen
[2010/04/15 20:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\JournalistJourney
[2011/01/31 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Kalypso Media
[2010/03/19 21:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Ladia Group
[2010/06/02 09:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Leadertech
[2010/12/05 09:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Ludia
[2010/07/04 17:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Magic Academy 2
[2010/04/11 09:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Magic3
[2010/11/18 09:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\MahJong Suite
[2010/04/11 10:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\mif2000's Hamlet
[2010/04/15 20:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Namco
[2010/05/31 16:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\PeaZip
[2011/02/08 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\PlayFirst
[2010/02/11 18:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\PoBros
[2010/02/26 21:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\QB9
[2010/05/10 17:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Registry Mechanic
[2010/11/18 21:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Sahmon Games
[2010/04/17 06:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Scholastic
[2010/04/01 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Settlement. Colossus
[2010/02/27 13:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Simple Star
[2010/06/04 16:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\SpinTop Games
[2010/03/27 06:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\SquareLogic
[2010/08/22 12:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Thinstall
[2010/08/22 19:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\TOMI2.THE GATES OF FATE
[2010/04/08 18:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Top Evidence
[2010/06/14 05:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Trusteer
[2010/05/16 19:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Uniblue
[2010/08/08 12:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\ValuSoft
[2010/02/05 21:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Virtual City
[2010/07/24 21:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Vogat Interactive
[2010/09/18 15:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\vShare
[2010/12/13 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Wildfire
[2010/03/07 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\WinAVI
[2010/02/06 16:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Windows Desktop Search
[2010/02/08 08:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart Brodie\Application Data\Windows Search
[2011/02/13 01:54:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

 

Part 2...
========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/02/13 15:37:18 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2010/02/04 21:48:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/02/06 09:35:17 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2011/02/07 20:04:47 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2010/02/09 19:02:47 | 000,006,127 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/01/01 00:12:38 | 000,028,908 | ---- | M] () -- C:\ComboFix.txt
[2010/02/04 21:48:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/02/12 19:13:47 | 000,000,015 | ---- | M] () -- C:\DAF-interface-resetlog.txt
[2010/02/04 21:48:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/13 10:42:01 | 000,001,364 | ---- | M] () -- C:\ipconfig_all.txt
[2010/03/21 15:43:28 | 005,207,213 | ---- | M] () -- C:\mcdbp.log
[2003/03/18 21:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2010/02/04 21:48:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/06 12:49:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/06 14:04:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/12 19:23:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/03/01 18:08:04 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/02/12 17:46:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 08:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/02/08 19:24:19 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Stuart Brodie\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/02/04 21:39:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/04 21:39:50 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/04 21:39:50 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/02/06 14:10:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/02/12 18:47:46 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Stuart Brodie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/02/04 21:51:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/02/06 10:07:36 | 001,309,050 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Desktop\DuplicateCleaner_setup.exe
[2011/01/31 09:16:07 | 000,382,552 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Stuart Brodie\Desktop\Norton.exe
[2011/02/13 19:16:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart Brodie\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/12 18:47:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Stuart Brodie\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/02/13 19:17:45 | 000,540,672 | ---- | M] () -- C:\Documents and Settings\Stuart Brodie\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/03/31 12:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/03/31 12:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/03/31 12:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/03/31 12:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 18:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CA7BED1
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VK9V89VMRV5V4REABYEKLPH9E48E2R0T5PL34DBWFLM3TLVVVVVVVVVVJVK
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370EF5E8
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP31BE97C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0

< End of report >

 

Extras Log...
OTL Extras logfile created on: 13/02/2011 19:17:49 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Stuart Brodie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 82.86 Gb Free Space | 35.58% Space Free | Partition Type: NTFS
Drive D: | 76.69 Gb Total Space | 19.97 Gb Free Space | 26.04% Space Free | Partition Type: NTFS
Drive E: | 542.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: IRONGIANT | User Name: Stuart Brodie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{045A0141-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Premium Suite - WE 2004
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F1E5C4C-B20C-42C3-B5F1-1FE2CA207AFE}" = Email Updater
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.9.1
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110094687}" = Cubis Gold
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110126437}" = 5 Spots
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = 5 Spots II
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11028247}" = Cubis Gold 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91D0985C-CF1E-4AD3-AC28-F9787718C71F}" = DVDFab Platinum
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{bd2d1966-42b7-43c8-b561-f1f278f15c84}" = Nero 9 Trial
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = Micronet SP907GK Wireless Network Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D18BBE5F-167B-4148-8011-074818D2DEDB}_is1" = Din's Curse 1.001
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E100A066-697B-419D-BC40-CDB1B00975A2}" = Harley-Davidson Race to the Rally
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Alien Shooter_is1" = Alien Shooter
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.3
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"avast5" = avast! Free Antivirus
"AVI DVD Burner_is1" = AVI DVD Burner v5.3.0.31
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BrothersInArms" = Brothers In Arms
"Build A Lot 4-Power source ." = Build A Lot 4-Power source .
"Build a Lot 5 Elizabethan Era1.0" = Build a Lot 5 Elizabethan Era
"Build-a-lot 2 - Town of the Year [h33t] [oi812heet]" = Build-a-lot 2 - Town of the Year [h33t] [oi812heet]
"Build-a-lot 3 - Passport to Europe 1.00" = Build-a-lot 3 - Passport to Europe 1.00
"CLUE Classic1.0" = CLUE Classic
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comanche 4" = Comanche 4
"Combat Arms EU" = Combat Arms EU
"Cooking Dash 2 - DinerTown Studios H33T" = Cooking Dash 2 - DinerTown Studios H33T
"Delta Force - Black Hawk Down" = Delta Force - Black Hawk Down (remove only)
"Diner Dash 5 - Boom Collectors Edition" = Diner Dash 5 - Boom Collectors Edition
"DivX Codec" = DivX Codec
"Download Manager" = Download Manager 2.3.10
"Dungeon Keeper II" = Dungeon Keeper 2
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD to VCD AVI DivX Converter v3.2 (build 062)" = DVD to VCD AVI DivX Converter v3.2 (build 062)
"EADM" = EA Download Manager
"Elf Bowling Holiday Pack 1.00" = Elf Bowling Holiday Pack 1.00
"feeding frenzy 2 shipwreck showdown sceneXtra" = feeding frenzy 2 shipwreck showdown sceneXtra
"feeding frenzy sceneXtra" = feeding frenzy sceneXtra
"Fragile Ball_is1" = Fragile Ball v1.06
"Google Chrome" = Google Chrome
"Hazen - The Dark Whispers_is1" = Hazen - The Dark Whispers
"Heart's Medicine - Season One Just For Fun Games" = Heart's Medicine - Season One Just For Fun Games
"Homeworld" = Homeworld
"Homeworld2" = Homeworld2
"House MD1.0" = House MD
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"LHTTSENG" = L&H TTS3000 British English
"LIFE QUEST Final" = LIFE QUEST Final
"Luxor 4 Quest For The Afterlife 1.00" = Luxor 4 Quest For The Afterlife 1.00
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Mahjong Memoirs1.0" = Mahjong Memoirs
"MahJong Suite_is1" = MahJong Suite 2010 v7.1
"Mahjong Towers Eternity 1.00" = Mahjong Towers Eternity 1.00
"MahjongChamp" = Mahjong Champ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery Case Files - Madame Fate 1.00" = Mystery Case Files - Madame Fate 1.00
"Mystery Case Files - Prime Suspects 1.00" = Mystery Case Files - Prime Suspects 1.00
"Mystery Case Files - Ravenhearst 1.00" = Mystery Case Files - Ravenhearst 1.00
"Mystery in London1.0" = Mystery in London
"NFOPad" = NFOPad 1.56
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pandora's Box 1.0" = Microsoft Pandora's Box
"PowerISO" = PowerISO
"Project Rescue Africa1.0" = Project Rescue Africa
"PunkBusterSvc" = PunkBuster Services
"QBeez 2_is1" = QBeez 2
"Rapport_msi" = Rapport
"Real Crimes Jack the Ripper1.0" = Real Crimes Jack the Ripper
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Roads of Rome II Just For Fun Games" = Roads of Rome II Just For Fun Games
"Roads of Rome Just For Fun Games" = Roads of Rome Just For Fun Games
"Rome The Curse of the Necklace 1.00" = Rome The Curse of the Necklace 1.00
"Settlement Colossus ." = Settlement Colossus .
"Shockwave" = Shockwave
"Snail Mail {h33t} {oi812heet}" = Snail Mail {h33t} {oi812heet}
"SopCast" = SopCast 3.2.9
"SystemRequirementsLab" = System Requirements Lab
"Tales of Monkey Island" = Tales of Monkey Island
"Text Twist 2 1.00" = Text Twist 2 1.00
"The Fall Trilogy Chapter 2 Reconstruction 1.00" = The Fall Trilogy Chapter 2 Reconstruction 1.00
"The Game of Life 1.00" = The Game of Life 1.00
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Tumble_0" = Tumble Bugs
"Tumblebugs_0" = Tumblebugs 2
"TVUPlayer" = TVUPlayer 2.5.0.1
"ValGor Dark Lord of Magic 1.00" = ValGor Dark Lord of Magic 1.00
"Veetle TV" = Veetle TV 0.9.18
"Virtual City ." = Virtual City .
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"vShare" = vShare Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"WT011606" = Snowboard SuperJam
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zuma's Revenge! - Adventure H33T" = Zuma's Revenge! - Adventure H33T

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/02/2011 21:45:03 | Computer Name = IRONGIANT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 11/02/2011 18:59:26 | Computer Name = IRONGIANT | Source = Application Hang | ID = 1002
Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/02/2011 22:06:02 | Computer Name = IRONGIANT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 31/12/2005 20:02:39 | Computer Name = IRONGIANT | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 31/12/2005 20:02:43 | Computer Name = IRONGIANT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 31/12/2005 20:02:43 | Computer Name = IRONGIANT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 12/02/2011 13:21:27 | Computer Name = IRONGIANT | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/02/2011 21:54:02 | Computer Name = IRONGIANT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 13/02/2011 06:14:52 | Computer Name = IRONGIANT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 13/02/2011 13:22:24 | Computer Name = IRONGIANT | Source = Application Error | ID = 1000
Description = Faulting application dkii.icd, version 0.0.0.0, faulting module dkii.icd,
version 0.0.0.0, fault address 0x0000c585.

[ System Events ]
Error - 13/02/2011 06:29:25 | Computer Name = IRONGIANT | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 13/02/2011 06:29:55 | Computer Name = IRONGIANT | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 13/02/2011 06:40:01 | Computer Name = IRONGIANT | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 13/02/2011 06:40:30 | Computer Name = IRONGIANT | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 13/02/2011 06:40:31 | Computer Name = IRONGIANT | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 13/02/2011 06:41:00 | Computer Name = IRONGIANT | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 13/02/2011 09:40:00 | Computer Name = IRONGIANT | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 13/02/2011 09:40:30 | Computer Name = IRONGIANT | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 13/02/2011 10:57:42 | Computer Name = IRONGIANT | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 13/02/2011 11:44:34 | Computer Name = IRONGIANT | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

 

Java steps done.
OTL Log...
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {FD0EBBED-0C42-4D0F-82DA-44399B5C420A}
C:\WINDOWS\Downloaded Program Files\download_xp.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
C:\WINDOWS\002235_.tmp deleted successfully.
C:\WINDOWS\005017_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\drivers\svwlyil.sys moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CA7BED1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VK9V89VMRV5V4REABYEKLPH9E48E2R0T5PL34DBW FLM3TLVVVVVVVVVVJVK .
ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:370EF5E8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP31BE97C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 13122 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Stuart Brodie
->Temp folder emptied: 11626307 bytes
->Temporary Internet Files folder emptied: 248964216 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98610607 bytes
->Google Chrome cache emptied: 86042984 bytes
->Flash cache emptied: 1201926 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2755499 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 429.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Stuart Brodie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02142011_193857

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_ba4.dat moved successfully.

Registry entries deleted on Reboot...
==================================================================
Security Check log...
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
==================================================================
Temp File Cleaner done.

I will start the ESET scanner shortly & paste the results in the morning.

 

ESET log

C:\Documents and Settings\Stuart Brodie\Desktop\Shared\Game Pack.rar Win32/ReflexiveArcade application
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXAuthor.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXInstaller.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\For Backup\Build A Lot 4-Power Source\Build A Lot 4-Power source.exe a variant of Win32/Kryptik.GTW trojan
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\For Backup\QBEEZ 2 FULL GAME\QBEEZ 2\GAME\Keygen.exe a variant of Win32/Keygen.BG application
C:\Program Files\Games\Build A Lot 4-Power source\Buildalot4.exe a variant of Win32/Kryptik.GTW trojan
C:\Program Files\Games\Cooking Dash 2 - DinerTown Studios\cookingdash2.exe a variant of Win32/Kryptik.GTW trojan
C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{C12F34CB-2335-49E8-9024-0865B2C7801E}\RP10\A0005666.exe a variant of Win32/Keygen.BG application
D:\Shared\Alien Shooter ALL a variant of Win32/Keygen.BG application
D:\Shared\Alien Shooter ALL (my collection) -7in1- and Bonus\Games\Alien Shooter ALL\Alien Shooter ALL\Alien Shooter v1.1 Keygen.exe a variant of Win32/Keygen.BG application
D:\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXAuthor.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan
D:\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXInstaller.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan
D:\Shared\For Backup\Build A Lot 4-Power Source\Build A Lot 4-Power source.exe a variant of Win32/Kryptik.GTW trojan
D:\Shared\For Backup\QBEEZ 2 FULL GAME\QBEEZ 2\GAME\Keygen.exe a variant of Win32/Keygen.BG application

 

Firefox & Adobe Reader updated

 

OTL Logs... I'll complete the other steps tomorrow

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\Game Pack.rar moved successfully.
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXAuthor.exe moved successfully.
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXInstaller.exe moved successfully.
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\For Backup\Build A Lot 4-Power Source\Build A Lot 4-Power source.exe moved successfully.
C:\Documents and Settings\Stuart Brodie\Desktop\Shared\For Backup\QBEEZ 2 FULL GAME\QBEEZ 2\GAME\Keygen.exe moved successfully.
C:\Program Files\Games\Build A Lot 4-Power source\Buildalot4.exe moved successfully.
C:\Program Files\Games\Cooking Dash 2 - DinerTown Studios\cookingdash2.exe moved successfully.
C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll moved successfully.
File\Folder C:\System Volume Information\_restore{C12F34CB-2335-49E8-9024-0865B2C7801E}\RP10\A0005666.exe not found.
File\Folder D:\Shared\Alien Shooter ALL (my collection) -7in1- and Bonus\Games\Alien Shooter ALL\Alien Shooter ALL\Alien Shooter v1.1 Keygen.exe not found.
D:\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXAuthor.exe moved successfully.
D:\Shared\DivX Professional AuthoR\DivX Professional AuthoR\DivXInstaller.exe moved successfully.
D:\Shared\For Backup\Build A Lot 4-Power Source\Build A Lot 4-Power source.exe moved successfully.
D:\Shared\For Backup\QBEEZ 2 FULL GAME\QBEEZ 2\GAME\Keygen.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Stuart Brodie
->Temp folder emptied: 589600 bytes
->Temporary Internet Files folder emptied: 18283544 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33576 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Stuart Brodie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02162011_220811

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_d78.dat moved successfully.

Registry entries deleted on Reboot...

=====================================================================================

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Stuart Brodie
->Temp folder emptied: 587891 bytes
->Temporary Internet Files folder emptied: 2028923 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Stuart Brodie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.6 log created on 02162011_221507

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_9c4.dat moved successfully.

Registry entries deleted on Reboot...

 

OTL cleanup done & recommended programs installed.
I'll post again in a few days and let you know how it has been behaving, but I would like to thank you for your help with this so far.