I recently posted a topic in your Windows 7 area here, and was asked to make a new topic here to get a clean bill of health from you guys before I continue.
So, I followed all of the instructions listed in your Malware and Spyware Cleaning Guide, and halve all the logs in front of me. But before I post them, I must mention that I had some problems with the GMER Rootkit Scanner as whenever I opened it I received this error "C:/Windows/system32/config/system: The system cannot find the file specified" and many of the options on the right hand side of the program window were greyed out. Also, when I clicked scan, I got another error "C:/Windows/system32/config/system: The system cannot access the file because it is being used by another process". Is this a 64-bit thing of my computer? This all resulted in my GMER scan not producing any results, and hence, no log.
Anyway, here are my logs.
MBAM:
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4439 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 17/08/2010 12:45:17 mbam-log-2010-08-17 (12-45-17).txt Scan type: Quick scan Objects scanned: 128726 Time elapsed: 2 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
OTL - OTL.txt
OTL logfile created on: 17/08/2010 12:55:37 - Run 1OTL by OldTimer - Version 3.2.10.0 Folder = D:\Desktop64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 150.00 Gb Total Space | 37.32 Gb Free Space | 24.88% Space Free | Partition Type: NTFSDrive D: | 215.66 Gb Total Space | 154.24 Gb Free Space | 71.52% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: Alastair-PCCurrent User Name: AlastairLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userInclude 64bit ScansCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 90 DaysOutput = StandardQuick Scan ========== Processes (SafeList) ========== PRC - [2010/08/17 12:51:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exePRC - [2010/08/13 15:23:22 | 001,957,888 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exePRC - [2010/07/27 01:27:33 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2010/07/27 01:27:33 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exePRC - [2010/07/27 01:24:48 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exePRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exePRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exePRC - [2010/05/07 08:40:33 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Games\Steam\Steam.exePRC - [2010/03/12 18:40:20 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exePRC - [2009/09/25 15:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2007/01/31 19:29:46 | 001,135,616 | ---- | M] () -- C:\Users\********\AppData\Roaming\Folding@home-smp\smpd.exePRC - [2004/06/16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe ========== Modules (SafeList) ========== MOD - [2010/08/17 12:51:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dllMOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocxMOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:<strong class='bbc'>64bit:</strong> - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)SRV:<strong class='bbc'>64bit:</strong> - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)SRV:<strong class='bbc'>64bit:</strong> - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)SRV:<strong class='bbc'>64bit:</strong> - [2010/03/12 18:40:18 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)SRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2010/07/27 01:24:48 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2010/07/01 12:07:34 | 000,524,784 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2007/01/31 19:29:46 | 001,135,616 | ---- | M] () [Auto | Running] -- C:\Users\Alastair\AppData\Roaming\Folding@home-smp\smpd.exe -- (mpich2_smpd) ========== Driver Services (SafeList) ========== DRV:<strong class='bbc'>64bit:</strong> - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:<strong class='bbc'>64bit:</strong> - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)DRV:<strong class='bbc'>64bit:</strong> - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)DRV:<strong class='bbc'>64bit:</strong> - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwavdt.sys -- (btwavdt)DRV:<strong class='bbc'>64bit:</strong> - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:<strong class='bbc'>64bit:</strong> - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)DRV:<strong class='bbc'>64bit:</strong> - [2010/06/28 21:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)DRV:<strong class='bbc'>64bit:</strong> - [2010/04/07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)DRV:<strong class='bbc'>64bit:</strong> - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)DRV:<strong class='bbc'>64bit:</strong> - [2010/03/12 18:40:20 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)DRV:<strong class='bbc'>64bit:</strong> - [2009/10/09 23:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)DRV:<strong class='bbc'>64bit:</strong> - [2009/09/25 15:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:<strong class='bbc'>64bit:</strong> - [2009/09/25 15:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:<strong class='bbc'>64bit:</strong> - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:<strong class='bbc'>64bit:</strong> - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:<strong class='bbc'>64bit:</strong> - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)DRV:<strong class='bbc'>64bit:</strong> - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:<strong class='bbc'>64bit:</strong> - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:<strong class='bbc'>64bit:</strong> - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:<strong class='bbc'>64bit:</strong> - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:<strong class='bbc'>64bit:</strong> - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:<strong class='bbc'>64bit:</strong> - [2008/03/10 12:17:40 | 000,386,560 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt61.sys -- (RT61)DRV - [2010/07/01 12:07:36 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)DRV - [2010/07/01 12:07:36 | 000,056,304 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gbIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 CE 71 BA 20 D0 CA 01 [binary data]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7FF - prefs.js..extensions.enabledItems: [email protected]:3.7.8FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.8FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1FF - prefs.js..extensions.enabledItems: [email protected]:1.19FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4FF - prefs.js..extensions.enabledItems: [email protected]:1.5.7FF - prefs.js..extensions.enabledItems: [email protected]:1.2FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.9FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/27 01:27:35 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/27 01:27:35 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/04/15 14:27:33 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/04/05 23:14:27 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mozilla\Extensions[2010/04/05 23:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}[2010/04/03 23:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}[2010/08/17 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions[2010/03/30 03:08:55 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}[2010/07/16 16:40:59 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}[2010/07/15 12:06:04 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}[2010/04/16 17:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}[2010/07/12 10:53:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2010/07/15 12:06:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}[2010/06/18 10:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}[2010/03/30 03:08:55 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\[email protected][2010/04/16 17:52:39 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\[email protected][2010/07/05 09:37:42 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\[email protected][2010/03/30 03:08:55 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\[email protected][2010/08/06 02:00:47 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\extensions\[email protected][2010/08/12 21:17:49 | 000,001,543 | ---- | M] () -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\searchplugins\bbc-good-food.xml[2010/08/12 21:17:49 | 000,001,238 | ---- | M] () -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\searchplugins\facebook.xml[2010/08/13 17:31:45 | 000,000,986 | ---- | M] () -- C:\Users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\sf7jbyhu.default\searchplugins\metacritic.xml[2010/08/09 00:10:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions[2010/04/21 10:52:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2010/08/09 00:10:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll[2008/08/15 16:09:02 | 000,002,303 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allcdcovers.xml[2010/07/27 01:27:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml[2010/04/05 01:37:10 | 000,002,581 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-uk.xml[2010/04/05 01:37:10 | 000,002,225 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bbc-food-recipe-search.xml[2010/04/05 01:37:10 | 000,001,543 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bbc-good-food.xml[2010/07/27 01:27:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml[2008/08/04 15:11:18 | 000,002,072 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\demonoid.xml[2008/08/04 15:11:44 | 000,001,137 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dictionary.xml[2010/07/27 01:27:34 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml[2008/08/04 15:09:38 | 000,002,042 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\facebook.xml[2010/04/05 01:37:10 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-images-uk.xml[2010/01/03 00:01:36 | 000,001,930 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\hmv-search.xml[2008/08/04 15:04:34 | 000,001,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\imdb.xml[2008/08/04 15:17:20 | 000,001,909 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\isohunt.xml[2008/08/04 15:11:34 | 000,001,134 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mininova.xml[2010/04/05 01:37:10 | 000,005,665 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\playcom.xml[2010/04/05 01:37:10 | 000,001,922 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\the-pirate-bay---seeders-secure.xml[2010/01/31 17:53:08 | 000,001,980 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wolframalpha.xml[2010/07/27 01:27:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml[2008/08/04 15:11:50 | 000,002,255 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\youtube.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O4:<strong class='bbc'>64bit:</strong> - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:<strong class='bbc'>64bit:</strong> - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not foundO4 - HKCU..\Run: [Steam] c:\program files (x86)\games\steam\steam.exe (Valve Corporation)O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - Startup: C:\Users\Alastair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk = C:\Program Files (x86)\foobar2000\foobar2000.exe ()O4 - Startup: C:\Users\Alastair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O13 - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18:<strong class='bbc'>64bit:</strong> - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO18:<strong class='bbc'>64bit:</strong> - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO18:<strong class='bbc'>64bit:</strong> - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:<strong class='bbc'>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:<strong class='bbc'>64bit:</strong> - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:<strong class='bbc'>64bit:</strong> - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:<strong class='bbc'>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35:<strong class='bbc'>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*O35:<strong class='bbc'>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:<strong class='bbc'>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*O37:<strong class='bbc'>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINTRestore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010/08/17 12:51:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe[2010/08/17 12:42:17 | 000,000,000 | ---D | C] -- C:\Users\Alastair\AppData\Roaming\Malwarebytes[2010/08/17 12:42:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys[2010/08/17 12:42:12 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2010/08/17 12:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2010/08/17 12:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2010/08/17 12:41:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2010/08/17 12:40:08 | 000,000,000 | ---D | C] -- C:\Users\Alastair\Desktop[2010/08/17 12:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT[2010/08/16 11:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation[2010/08/16 11:40:56 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll[2010/08/16 11:40:56 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll[2010/08/16 11:40:47 | 000,000,000 | ---D | C] -- C:\NVIDIA[2010/08/16 00:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent[2010/08/16 00:28:02 | 000,000,000 | ---D | C] -- C:\Users\Alastair\AppData\Roaming\uTorrent[2010/08/15 16:27:05 | 000,000,000 | ---D | C] -- C:\Users\Alastair\AppData\Roaming\SanDisk[2010/08/13 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\Alastair\AppData\Roaming\OOo-dev[2010/08/13 01:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion[2010/08/13 01:26:46 | 000,021,480 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys[2010/08/13 01:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip[2010/08/09 00:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2010/08/06 17:41:30 | 000,000,000 | ---D | C] -- C:\Users\Alastair\AppData\Roaming\vlc[2010/08/02 13:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE[2010/07/15 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HFM.NET[2010/07/10 23:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TPBTooth[2010/07/10 00:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET[2010/06/30 00:03:37 | 000,000,000 | ---D | C] -- D:\Documents\Osmos[2010/06/29 21:28:57 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll[2010/06/29 21:28:57 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll[2010/06/29 21:28:57 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll[2010/06/29 21:28:57 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll[2010/06/29 21:28:57 | 000,000,000 | ---D | C] -- D:\Documents\OsmosDemo[2010/06/29 21:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL[2010/06/29 10:41:38 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr[2010/06/29 00:04:56 | 000,000,000 | ---D | C] -- D:\Documents\My Games[2010/06/21 22:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe[2010/06/21 20:39:13 | 000,000,000 | ---D | C] -- D:\Documents\BioWare[2010/06/15 03:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll[2010/06/15 03:16:22 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll[2010/05/29 11:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX[2010/05/29 11:01:35 | 000,000,000 | ---D | C] -- C:\Windows\DRIVERS[2010/05/26 08:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat[2010/05/26 08:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat[2010/05/22 16:46:51 | 000,000,000 | ---D | C] -- C:\Users\Alastair\AppData\Local\AliensVsPredator[2010/05/21 22:08:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM[2010/05/21 22:07:46 | 000,000,000 | ---D | C] -- C:\Users\Alastair\AppData\Local\Rockstar Games[2010/05/21 22:07:23 | 000,000,000 | RH-D | C] -- C:\Users\Alastair\AppData\Roaming\SecuROM ========== Files - Modified Within 90 Days ========== [2010/08/17 12:57:08 | 002,359,296 | -HS- | M] () -- C:\Users\Alastair\NTUSER.DAT[2010/08/17 12:51:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe[2010/08/17 12:43:42 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2010/08/17 12:43:42 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2010/08/17 12:42:15 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2010/08/17 12:36:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2010/08/17 12:36:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010/08/17 12:36:26 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys[2010/08/17 12:35:43 | 003,932,878 | -H-- | M] () -- C:\Users\Alastair\AppData\Local\IconCache.db[2010/08/16 11:46:38 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2010/08/16 11:46:38 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2010/08/16 11:46:38 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2010/08/15 20:28:48 | 000,020,992 | ---- | M] () -- C:\Users\Alastair\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/08/15 19:57:33 | 000,015,044 | ---- | M] () -- D:\Documents\Checkouts.ods[2010/08/15 19:56:32 | 044,384,553 | ---- | M] () -- D:\Desktop\Kaz_Pics.7z[2010/08/14 21:37:39 | 000,000,000 | ---- | M] () -- C:\Windows\pcfriend.INI[2010/08/14 09:19:51 | 000,294,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2010/08/13 17:48:01 | 000,013,259 | ---- | M] () -- D:\Documents\Budget Computer.ods[2010/08/13 11:07:07 | 000,064,472 | ---- | M] () -- C:\Users\Alastair\AppData\Local\GDIPFONTCACHEV1.DAT[2010/08/13 01:41:02 | 000,002,252 | ---- | M] () -- C:\Users\Alastair\.kdiff3rc[2010/08/13 01:27:22 | 000,001,007 | ---- | M] () -- C:\Users\Alastair\Application Data\Microsoft\Internet Explorer\Quick Launch\KDiff3.lnk[2010/08/12 23:38:51 | 000,017,708 | ---- | M] () -- D:\Documents\Work.ods[2010/08/12 19:13:16 | 000,000,218 | ---- | M] () -- C:\Users\Alastair\.recently-used.xbel[2010/08/12 19:11:58 | 000,000,857 | ---- | M] () -- C:\Users\Alastair\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk[2010/08/02 13:02:20 | 000,016,442 | ---- | M] () -- D:\Documents\Financial Forecast.ods[2010/07/28 00:26:26 | 000,007,633 | ---- | M] () -- C:\Users\Alastair\AppData\Local\Resmon.ResmonCfg[2010/07/09 23:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll[2010/07/09 23:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll[2010/07/09 23:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb[2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys[2010/06/30 00:03:34 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll[2010/06/30 00:03:34 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll[2010/06/30 00:03:34 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll[2010/06/30 00:03:34 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll[2010/06/29 11:56:17 | 000,015,473 | ---- | M] () -- D:\Documents\Games List.ods[2010/06/29 10:41:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe[2010/06/28 21:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys[2010/06/28 21:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys[2010/06/28 21:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys[2010/06/28 21:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys[2010/06/28 21:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys[2010/06/15 03:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll[2010/06/15 03:16:22 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll ========== Files Created - No Company Name ========== [2010/08/17 12:48:42 | 000,293,376 | ---- | C] () -- D:\Desktop\gmer.exe[2010/08/17 12:42:15 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2010/08/15 19:57:32 | 000,015,044 | ---- | C] () -- D:\Documents\Checkouts.ods[2010/08/15 19:56:45 | 044,384,553 | ---- | C] () -- D:\Desktop\Kaz_Pics.7z[2010/08/14 21:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI[2010/08/13 17:47:59 | 000,013,259 | ---- | C] () -- D:\Documents\Budget Computer.ods[2010/08/13 01:32:52 | 000,000,154 | ---- | C] () -- C:\Users\Alastair\AppData\Roaming\Rim.Desktop.Exception.log[2010/08/13 01:32:00 | 000,000,807 | ---- | C] () -- C:\Users\Alastair\AppData\Roaming\Rim.Desktop.HttpServerSetup.log[2010/08/12 19:13:16 | 000,000,218 | ---- | C] () -- C:\Users\Alastair\.recently-used.xbel[2010/08/12 19:11:58 | 000,000,857 | ---- | C] () -- C:\Users\Alastair\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk[2010/04/18 23:23:06 | 001,380,352 | ---- | C] () -- C:\Windows\SysWow64\mpich2shmp.dll[2010/04/18 23:23:06 | 001,196,032 | ---- | C] () -- C:\Windows\SysWow64\mpich2.dll[2010/04/18 23:23:06 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\mpich2shm.dll[2010/04/18 23:23:06 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\mpich2mpi.dll[2010/04/18 11:49:32 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{f0dac6bb-4ace-11df-b50b-dc57970f5406}.TMContainer00000000000000000002.regtrans-ms[2010/04/18 11:49:32 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{f0dac6bb-4ace-11df-b50b-dc57970f5406}.TMContainer00000000000000000001.regtrans-ms[2010/04/18 11:49:32 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUser.dat{f0dac6bb-4ace-11df-b50b-dc57970f5406}.TM.blf[2010/04/18 11:49:31 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{f0dac6b0-4ace-11df-b50b-dc57970f5406}.TMContainer00000000000000000002.regtrans-ms[2010/04/18 11:49:31 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{f0dac6b0-4ace-11df-b50b-dc57970f5406}.TMContainer00000000000000000001.regtrans-ms[2010/04/18 11:49:31 | 000,262,144 | ---- | C] () -- C:\ProgramData\NTUser.dat[2010/04/18 11:49:31 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUser.dat{f0dac6b0-4ace-11df-b50b-dc57970f5406}.TM.blf[2010/04/18 11:49:31 | 000,005,120 | -HS- | C] () -- C:\ProgramData\NTUser.dat.LOG1[2010/04/18 11:49:31 | 000,000,000 | -HS- | C] () -- C:\ProgramData\NTUser.dat.LOG2[2010/04/03 19:45:16 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL[2010/04/03 13:31:11 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll[2010/04/03 13:31:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll[2010/04/01 19:42:41 | 000,020,992 | ---- | C] () -- C:\Users\Alastair\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/03/31 02:29:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010/03/31 01:00:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini[2010/03/30 17:20:44 | 000,007,633 | ---- | C] () -- C:\Users\Alastair\AppData\Local\Resmon.ResmonCfg[2010/03/12 18:40:20 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini[2009/09/29 22:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/04/15 12:09:42 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Audacity[2010/04/12 12:58:52 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Bioshock[2010/05/05 09:35:55 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Blackberry Desktop[2010/08/11 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Folding@home-gpu[2010/08/01 17:30:07 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Folding@home-smp[2010/08/16 21:29:24 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\foobar2000[2010/04/16 00:06:33 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\fretsonfire[2010/07/27 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\HFM[2010/04/01 22:46:47 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\InfraRecorder[2010/08/12 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\inkscape[2010/04/01 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\IrfanView[2010/04/15 12:01:14 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Mp3tag[2010/07/15 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Notepad++[2010/08/13 01:42:32 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\OOo-dev[2010/03/31 00:50:37 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\OpenOffice.org[2010/04/05 23:13:02 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Opera[2010/08/13 01:32:56 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Research In Motion[2010/08/15 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\SanDisk[2010/08/11 18:58:42 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Spotify[2010/04/05 23:14:26 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Thunderbird[2010/04/05 23:06:47 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Trusteer[2010/08/16 21:34:53 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\uTorrent[2010/08/15 23:26:09 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini[2010/08/17 12:36:26 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll[2010/08/17 12:36:30 | 4290,240,512 | -HS- | M] () -- C:\pagefile.sys[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\Fonts\*.com >[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini >[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr >[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* >[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %PROGRAMFILES%\Internet Explorer\*.dat > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >< End of report >
OTL - Extras.txt
OTL Extras logfile created on: 17/08/2010 12:55:37 - Run 1OTL by OldTimer - Version 3.2.10.0 Folder = D:\Desktop64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 150.00 Gb Total Space | 37.32 Gb Free Space | 24.88% Space Free | Partition Type: NTFSDrive D: | 215.66 Gb Total Space | 154.24 Gb Free Space | 71.52% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: ALASTAIR-PCCurrent User Name: AlastairLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userInclude 64bit ScansCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 90 DaysOutput = StandardQuick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== <strong class='bbc'>64bit:</strong> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== <strong class='bbc'>64bit:</strong> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %* File not foundcmdfile [open] -- "%1" %* File not foundcomfile [open] -- "%1" %* File not foundexefile [open] -- "%1" %* File not foundhelpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not foundinffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %* File not foundregfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1" File not foundscrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /S File not foundtxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not foundDirectory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== <strong class='bbc'>64bit:</strong> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 <strong class='bbc'>64bit:</strong> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <strong class='bbc'>64bit:</strong> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 <strong class='bbc'>64bit:</strong> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)"{2C22EA92-CB30-4932-0050-000001000000}" = InfraRecorder 0.50 (x64 edition)"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022"{568E7944-73F2-414E-BA4F-D3F5F9A183B2}" = Microsoft LifeCam"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55"Defraggler" = Defraggler"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"NVIDIA Display Control Panel" = NVIDIA Display Control Panel"NVIDIA Drivers" = NVIDIA Drivers"QuickSFV" = QuickSFV (Remove only)"Recuva" = Recuva"WinGimp-2.0_is1" = GIMP 2.6.8"WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}" = Medal of Honor Allied Assault(tm) Spearhead Patch 2.15"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}" = Folding@home-gpu"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}" = Medal of Honor Allied Assault(tm) Spearhead"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver"{DF9046D6-5F1F-40B6-9782-3DC2D902D391}" = Medal of Honor Allied Assault(tm) Breakthrough Patch v2.40"{E03989B9-A4EF-4B97-9F5F-529315177A5B}" = HFM.NET 0.5.1.198"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"8BallClub" = 8BallClub Billiards"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)"avast5" = avast! Free Antivirus"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0"CCleaner" = CCleaner"ERUNT_is1" = ERUNT 1.1j"FLAC" = FLAC 1.2.1b (remove only)"Folding@Home Windows SMP Client" = Folding@Home Windows SMP Client"foobar2000" = foobar2000 v1.1 beta 2"Fraps" = Fraps"Frets on Fire" = Frets On Fire"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour"IrfanView" = IrfanView (remove only)"KDiff3" = KDiff3 (remove only)"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)"Mp3tag" = Mp3tag v2.46a"Notepad++" = Notepad++"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"OpenAL" = OpenAL"Rapport_msi" = Rapport"Speccy" = Speccy"Spotify" = Spotify"Starcraft" = Starcraft"Steam App 10" = Counter-Strike"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes"Steam App 10680" = Aliens vs. Predator"Steam App 11440" = DiRT"Steam App 12110" = Grand Theft Auto: Vice City"Steam App 12130" = Manhunt"Steam App 12140" = Max Payne"Steam App 12150" = Max Payne 2: The Fall of Max Payne"Steam App 12170" = Grand Theft Auto"Steam App 12180" = Grand Theft Auto 2"Steam App 12800" = FUEL"Steam App 12830" = Operation Flashpoint: Dragon Rising"Steam App 130" = Half-Life: Blue Shift"Steam App 150" = Counter-Strike Steamworks Beta"Steam App 17460" = Mass Effect"Steam App 20" = Team Fortress Classic"Steam App 220" = Half-Life 2"Steam App 240" = Counter-Strike: Source"Steam App 280" = Half-Life: Source"Steam App 29180" = Osmos"Steam App 30" = Day of Defeat"Steam App 300" = Day of Defeat: Source"Steam App 320" = Half-Life 2: Deathmatch"Steam App 340" = Half-Life 2: Lost Coast"Steam App 360" = Half-Life Deathmatch: Source"Steam App 380" = Half-Life 2: Episode One"Steam App 38700" = Toki Tori"Steam App 40" = Deathmatch Classic"Steam App 400" = Portal"Steam App 420" = Half-Life 2: Episode Two"Steam App 440" = Team Fortress 2"Steam App 50" = Half-Life: Opposing Force"Steam App 500" = Left 4 Dead"Steam App 550" = Left 4 Dead 2"Steam App 60" = Ricochet"Steam App 70" = Half-Life"Steam App 80" = Counter-Strike: Condition Zero"uTorrent" = µTorrent"VLC media player" = VLC media player 1.1.2"WinLiveSuite_Wave3" = Windows Live Essentials"Worms2" = Worms2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"WinDirStat" = WinDirStat 1.1.2 ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 12/08/2010 11:10:59 | Computer Name = Alastair-PC | Source = Bonjour Service | ID = 100Description = Error - 12/08/2010 13:04:20 | Computer Name = Alastair-PC | Source = Bonjour Service | ID = 100Description = Error - 12/08/2010 13:04:20 | Computer Name = Alastair-PC | Source = Bonjour Service | ID = 100Description = Error - 12/08/2010 13:04:20 | Computer Name = Alastair-PC | Source = Bonjour Service | ID = 100Description = Error - 12/08/2010 14:36:25 | Computer Name = Alastair-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12/08/2010 20:45:33 | Computer Name = Alastair-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12/08/2010 20:45:34 | Computer Name = Alastair-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 15/08/2010 11:37:12 | Computer Name = Alastair-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 15/08/2010 11:37:17 | Computer Name = Alastair-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 15/08/2010 12:03:57 | Computer Name = Alastair-PC | Source = Application Error | ID = 1000Description = Faulting application name: helppane.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd17c Faulting module name: helppane.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd17c Exception code: 0xc0000005 Fault offset: 0x0000000000006aeaFaulting process id: 0x136c Faulting application start time: 0x01cb3c9376bf8494 Faulting application path: C:\Windows\helppane.exe Faulting module path: C:\Windows\helppane.exe Report Id: b589531a-a886-11df-a0d7-f53361fbbc1e [ Media Center Events ]Error - 31/03/2010 16:54:43 | Computer Name = Alastair-PC | Source = MCUpdate | ID = 0Description = 21:54:43 - Error connecting to the internet. 21:54:43 - Unable to contact server.. Error - 02/04/2010 07:41:26 | Computer Name = Alastair-PC | Source = MCUpdate | ID = 0Description = 12:41:25 - Error connecting to the internet. 12:41:25 - Unable to contact server.. Error - 02/04/2010 07:41:34 | Computer Name = Alastair-PC | Source = MCUpdate | ID = 0Description = 12:41:31 - Error connecting to the internet. 12:41:31 - Unable to contact server.. Error - 02/04/2010 08:41:39 | Computer Name = Alastair-PC | Source = MCUpdate | ID = 0Description = 13:41:39 - Error connecting to the internet. 13:41:39 - Unable to contact server.. Error - 02/04/2010 08:41:45 | Computer Name = Alastair-PC | Source = MCUpdate | ID = 0Description = 13:41:44 - Error connecting to the internet. 13:41:44 - Unable to contact server.. [ System Events ]Error - 14/08/2010 05:13:54 | Computer Name = Alastair-PC | Source = Microsoft-Windows-HAL | ID = 12Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error - 15/08/2010 02:19:21 | Computer Name = Alastair-PC | Source = Server | ID = 2505Description = The server could not bind to the transport \Device\NetBT_Tcpip_{B170C40F-768D-4CC3-9E98-836532D08216} because another computer on the network has the same name. The server could not start. Error - 15/08/2010 18:21:42 | Computer Name = Alastair-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 23:13:35 on ?15/?08/?2010 was unexpected. Error - 15/08/2010 18:26:04 | Computer Name = Alastair-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 23:22:51 on ?15/?08/?2010 was unexpected. Error - 15/08/2010 19:12:14 | Computer Name = Alastair-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 00:08:01 on ?16/?08/?2010 was unexpected. Error - 16/08/2010 05:44:48 | Computer Name = Alastair-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 00:34:05 on ?16/?08/?2010 was unexpected. Error - 16/08/2010 16:02:49 | Computer Name = Alastair-PC | Source = Microsoft-Windows-HAL | ID = 12Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error - 16/08/2010 16:28:00 | Computer Name = Alastair-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 21:25:15 on ?16/?08/?2010 was unexpected. Error - 16/08/2010 16:36:17 | Computer Name = Alastair-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 21:34:49 on ?16/?08/?2010 was unexpected. Error - 16/08/2010 20:48:30 | Computer Name = Alastair-PC | Source = Microsoft-Windows-HAL | ID = 12Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. < End of report >
Edited by AliL, 17 August 2010 - 06:46 AM.
Sign In
Create Account
