Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer Warning - visiting this web site may harm your compu

Started by monkaymagic , Apr 15 2009 04:03 PM

  • Please log in to reply

#1
monkaymagic
Posted 15 April 2009 - 04:03 PM

monkaymagic

    New Member

  • Member
  • Pip
  • 9 posts
Hi everyone,
Firstly I am not great with computers so bear with me.

The problem is every site I am going to has the message Internet Explorer Warning - visiting this web site may harm your computer! and the site is then blocked.

This has started happening today - sometimes when I go to search engine and click on a link it opens of a new page of porn or spyware removal.

Everytime I start up my computer today I get a fake antivirus program popping up and trying to run

I have just tried for a while clicking back and reclicking link to get here - so I hope this posts up (I'm trying and trying - really hope this isn't posting and posting?).

I have got Malware Antibytes on my computer but when I click on it nothing is happening.

Unable to access e-mails (hotmail) no matter how many times I try. So thanks for not having to verify e-mail address or I wouldn't be here asking!

Please, please can you help -
This is Hijack this log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:54, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.tesco.net/cd
R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.53 browser-security.microsoft.com
O1 - Hosts: 94.232.248.53 spy-wareprotector2009.com
O1 - Hosts: 94.232.248.53 www.spy-wareprotector2009.com
O1 - Hosts: 94.232.248.53 secure.spy-wareprotector2009.com
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,[email protected]
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PestPatrol Update Wizard.lnk = C:\Program Files\PestPatrol\WiseUpdt.exe
O4 - Global Startup: USRobotics Wireless USB Adapter.lnk = C:\Program Files\USRobotics\Wireless USB Manager\USR54G.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: NTLSignup - https://register.tes...o/NTLSignup.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate1c98652ce6f84a8) (gupdate1c98652ce6f84a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11340 bytes
  • 0

Advertisements

#2
kahdah
Posted 15 April 2009 - 04:44 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello monkaymagic

Welcome to G2Go. :)

Hi please request that this topic http://forums.techgu...-website-i.html be closed since you are getting help here.
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
monkaymagic
Posted 16 April 2009 - 02:25 PM

monkaymagic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTListIt logfile created on: 16/04/2009 21:12:44 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Rob Vickery\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 579.84 Mb Available Physical Memory | 56.65% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 5.46 Gb Free Space | 7.33% Space Free | Partition Type: NTFS
Drive D: | 68.66 Gb Total Space | 66.86 Gb Free Space | 97.37% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 1.36 Gb Free Space | 23.24% Space Free | Partition Type: FAT32
Drive F: | 149.04 Gb Total Space | 148.85 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ROBKE
Current User Name: Rob Vickery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
PRC - C:\Program Files\Medion Tools\KeyStat\KeyStat.exe ()
PRC - C:\Program Files\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
PRC - C:\Program Files\PestPatrol\PPMemCheck.exe ()
PRC - C:\Program Files\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Eraser\eraser.exe (Heidi Computers Ltd)
PRC - C:\Program Files\USRobotics\Wireless USB Manager\USR54G.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
PRC - C:\WINDOWS\system32\lxcicoms.exe ( )
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
PRC - C:\Documents and Settings\Rob Vickery\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (CLCapSvc [Auto | Running]) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CLSched [Auto | Running]) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CyberLink Media Library Service [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (gupdate1c98652ce6f84a8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (lxci_device [On_Demand | Running]) -- C:\WINDOWS\system32\lxcicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WmcCds [Unknown | Stopped]) -- c:\program files\windows media connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
SRV - (x10nets [On_Demand | Running]) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV - (3xHybrid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (CardReaderFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (cmudax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ldiskl [On_Demand | Stopped]) -- C:\Documents and Settings\Rob Vickery\Local Settings\Temp\ldiskl.sys ()
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RT2500USB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usbcm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbcm.sys (Microsystems Corp)
DRV - (USRWGU(USR) [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\USRWGU.sys (U.S. Robotics Corporation)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wbscr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wbscr.sys (Winbond Electronics Corp.)
DRV - (XUIF [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (ZDPSp50 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (216 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.53 browser-security.microsoft.com
O1 - Hosts: 94.232.248.53 spy-wareprotector2009.com
O1 - Hosts: 94.232.248.53 www.spy-wareprotector2009.com
O1 - Hosts: 94.232.248.53 secure.spy-wareprotector2009.com
O2 - BHO: (Flashget Catch Url Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (BHO) - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe File not found
O4 - HKLM..\Run: [Dit] Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe" (Lexmark International Inc.)
O4 - HKLM..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe ()
O4 - HKLM..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,[email protected] ()
O4 - HKLM..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (Heidi Computers Ltd)
O4 - HKCU..\Run: [system tool] C:\WINDOWS\sysguard.exe (?????????? ??????????)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ USRobotics Wireless USB Adapter.lnk = C:\Program Files\USRobotics\Wireless USB Manager\USR54G.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VTAgentReboot.exe ()
O4 - Startup: C:\Documents and Settings\Rob Vickery\Start Menu\Programs\Startup\PestPatrol Update Wizard.lnk = C:\Program Files\PestPatrol\WiseUpdt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (IE Toolbar)
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html (Google Inc.)
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html (Google Inc.)
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html (Google Inc.)
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html (Google Inc.)
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: musicmatch.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: musicmatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tesco.net ([memberservices] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tesco.net ([register] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: NTLSignup https://register.tes...o/NTLSignup.cab (Reg Error: Key error.)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E9681C1C-C1DF-4970-97BB-86C3E716AFA3} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iifddbyV) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - H:\autorun.exe () - [ CDFS ]
O32 - Autorun File - H:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -- [2006/09/11 16:12:50 | 00,023,040 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[10 C:\Documents and Settings\Rob Vickery\Desktop\*.tmp files]
[2009/04/16 21:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Vickery\Desktop\Misc1.1
[2009/04/16 21:02:21 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17944.exe
[2009/04/16 21:02:21 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/04/16 21:01:49 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Vickery\Desktop\OTListIt2.exe
[2009/04/15 23:24:48 | 00,259,072 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/15 23:24:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/15 23:24:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/15 23:24:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/15 23:24:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/15 23:24:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/15 23:24:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/15 23:24:48 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/15 23:24:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 23:24:32 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28419.exe
[2009/04/15 23:23:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/15 22:12:50 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/15 21:15:33 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/04/13 00:05:25 | 00,305,680 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/04/12 23:31:55 | 00,002,585 | ---- | C] () -- C:\Documents and Settings\Rob Vickery\Desktop\s599735398_3389.jpg
[2009/04/08 20:41:17 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Rob Vickery\My Documents\BIKES.doc
[2009/04/04 14:13:15 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Rob Vickery\Desktop\Rob1.1.doc
[2008/11/16 00:21:25 | 00,013,353 | ---- | C] () -- C:\WINDOWS\System32\sudyhu.dll
[2008/02/11 20:00:12 | 00,000,906 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2008/02/07 18:35:15 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/02/07 18:35:15 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/02/07 18:35:15 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/02/07 18:35:15 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/02/07 18:35:15 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/08/25 15:46:43 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/11/24 20:11:38 | 00,000,413 | ---- | C] () -- C:\WINDOWS\SDA_APPS.INI
[2006/10/08 18:16:40 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006/08/31 20:37:40 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/08/31 20:37:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2006/08/31 20:37:08 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/08/31 20:33:59 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\lxcivs.dll
[2006/08/31 20:33:36 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciserv.dll
[2006/08/31 20:33:36 | 01,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciusb1.dll
[2006/08/31 20:33:36 | 00,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipmui.dll
[2006/08/31 20:33:36 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciprox.dll
[2006/08/31 20:33:36 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipplc.dll
[2006/08/31 20:33:35 | 00,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihbn3.dll
[2006/08/31 20:33:35 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomc.dll
[2006/08/31 20:33:35 | 00,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcilmpm.dll
[2006/08/31 20:33:35 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomm.dll
[2006/05/22 18:51:54 | 00,000,059 | ---- | C] () -- C:\WINDOWS\PestPatrol.ini
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/04/20 15:13:46 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2005/04/09 14:53:40 | 00,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2005/02/09 19:52:42 | 00,000,772 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/09 18:28:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/09 15:38:29 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/09 15:13:16 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\14E4D0A500.sys
[2005/02/09 15:13:15 | 00,005,224 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/02/09 15:04:43 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\GetOSVer.dll
[2005/02/09 14:47:53 | 00,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2005/02/09 14:31:04 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2005/02/09 14:31:04 | 00,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/02/09 14:27:12 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll
[2005/02/09 14:27:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll
[2005/02/09 14:22:39 | 00,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005/02/09 14:22:35 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/02/09 13:34:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/09 13:34:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/09 10:37:10 | 00,001,210 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/09 10:37:05 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/02/09 10:37:04 | 00,000,268 | ---- | C] () -- C:\WINDOWS\System.ini
[2005/02/09 10:36:59 | 00,000,325 | ---- | C] () -- C:\WINDOWS\System32\ntnet.drv
[2005/01/20 15:05:59 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/09/28 22:54:30 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2002/10/06 22:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 03:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 03:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 03:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[14 C:\Documents and Settings\Rob Vickery\My Documents\*.tmp files]
[10 C:\Documents and Settings\Rob Vickery\Desktop\*.tmp files]
[2009/04/16 21:01:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Vickery\Desktop\OTListIt2.exe
[2009/04/16 21:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\bsfzbdkl.job
[2009/04/16 20:48:22 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17944.exe
[2009/04/16 20:47:41 | 00,432,774 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 20:47:41 | 00,376,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 20:47:41 | 00,051,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 20:47:36 | 35,181,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/16 20:47:36 | 00,100,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/16 20:46:45 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/04/16 20:46:29 | 00,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2009/04/16 20:46:19 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/16 20:46:18 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/16 20:46:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/16 20:46:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/16 20:46:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/16 20:45:55 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/16 01:21:14 | 00,035,366 | ---- | M] () -- C:\Documents and Settings\Rob Vickery\Application Data\wklnhst.dat
[2009/04/16 00:54:43 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Rob Vickery\My Documents\BIKES.doc
[2009/04/15 23:23:56 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28419.exe
[2009/04/13 00:05:05 | 00,305,680 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/04/12 23:31:57 | 00,002,585 | ---- | M] () -- C:\Documents and Settings\Rob Vickery\Desktop\s599735398_3389.jpg
[2009/04/04 14:23:54 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Rob Vickery\Desktop\Rob1.1.doc
[2009/03/28 01:58:56 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== LOP Check ==========

[2009/02/03 23:57:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2005/02/09 15:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/02/09 15:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2005/02/10 12:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/04/15 21:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/14 00:35:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2005/02/09 14:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2006/08/31 20:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005/07/07 20:37:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/04/15 23:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2005/11/26 20:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2008/11/16 02:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/07/26 19:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/07/26 19:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2005/10/24 17:34:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/02/09 15:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2005/02/10 12:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/06/19 14:30:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2005/02/10 12:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/04 22:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/16 01:21:21 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rob Vickery\Application Data
[2008/09/15 11:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Adobe
[2008/06/13 13:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\AdobeUM
[2008/06/10 21:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Ahead
[2005/02/10 12:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\AOL
[2006/10/08 18:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Atari
[2009/03/14 01:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Azureus
[2008/06/10 22:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\BitTorrent
[2005/02/09 16:22:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\CyberLink
[2005/06/28 12:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\DMCache
[2008/09/04 23:08:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\DNA
[2009/04/12 03:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\FrostWire
[2009/02/03 23:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Google
[2006/07/14 13:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Help
[2008/11/15 01:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\HouseCall 6.6
[2005/02/09 19:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Identities
[2006/11/11 13:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\InstallShield
[2005/10/24 17:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Lavasoft
[2009/03/22 01:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\LimeWire
[2009/03/14 00:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Lionhead Studios
[2005/02/09 17:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Macromedia
[2008/11/16 02:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Malwarebytes
[2008/07/09 18:57:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Microsoft
[2008/11/07 23:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Mozilla
[2006/09/04 18:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\NewSoft
[2005/12/20 23:22:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\OLYMPUS
[2005/02/10 12:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Real
[2006/12/30 01:47:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Sports Interactive
[2005/02/09 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Sun
[2007/04/30 15:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\TSO
[2008/11/04 01:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\Viewpoint
[2005/02/10 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Vickery\Application Data\You've Got Pictures Screensaver
[2009/04/16 21:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\bsfzbdkl.job
[2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/16 20:46:19 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/04/16 20:46:18 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/04/16 20:46:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >





OTListIt Extras logfile created on: 16/04/2009 21:12:44 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Rob Vickery\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 579.84 Mb Available Physical Memory | 56.65% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 5.46 Gb Free Space | 7.33% Space Free | Partition Type: NTFS
Drive D: | 68.66 Gb Total Space | 66.86 Gb Free Space | 97.37% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 1.36 Gb Free Space | 23.24% Space Free | Partition Type: FAT32
Drive F: | 149.04 Gb Total Space | 148.85 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ROBKE
Current User Name: Rob Vickery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"8896:TCP" = 8896:TCP:*:Enabled:BitComet 8896 TCP
"8896:UDP" = 8896:UDP:*:Enabled:BitComet 8896 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remote Assistance (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 (America Online, Inc.)
C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) (America Online, Inc)
C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console (Microsoft Corporation)
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:enabled:BlueSoleil (BlueTooth) (IVT Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remote Assistance (Microsoft Corporation)
C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 (America Online, Inc.)
C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) (America Online, Inc)
C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console (Microsoft Corporation)
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:enabled:BlueSoleil (BlueTooth) (IVT Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget (FlashGet.com)
C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts File not found
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent ()
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire (FrostWire Group)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{0AB149EB-2AE0-466C-9BA4-3A718CF06432}" = Information about your PC
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CE59656-4104-44AA-00BF-D2546C7EA497}" = Tiger Woods PGA TOUR 06
"{1E02403C-C469-4937-9B94-7DF9F78888FA}" = Smart Manager
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.02
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9061D8EC-67C5-4FD1-90D6-F6F5BE012707}" = USRobotics Wireless USB Adapter
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.50.01
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.82
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C5223522-2B12-4522-B165-99EE6C88771E}" = eTrust Antivirus Registration
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CD815603-AB71-4CFB-B3AC-522298037ACC}" = W83L518D
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Generic USB CardReader 2.0
"{EABE2A27-9452-472E-9389-EFF410E956E1}" = DeviceControl
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"America Online uk" = AOL UK (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.0
"BitComet" = BitComet 1.02
"BroadJump Client Foundation" = BroadJump Client Foundation
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem
"FlashGet(Jetcar) 1.80" = FlashGet(Jetcar) 1.80
"Flashpoint" = Flashpoint uninstall
"FrostWire" = FrostWire 4.17.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{9061D8EC-67C5-4FD1-90D6-F6F5BE012707}" = USRobotics Wireless USB Adapter
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"KeyStat" = KeyStat
"Lexmark 7300 Series" = Lexmark 7300 Series
"LimeWire" = LimeWire 4.18.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mininova-Vuze Toolbar" = Mininova-Vuze Toolbar
"Money2005b" = Microsoft Money
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ogg Vorbis Redistributable V 1.0b (vorbis1_0_pub~343AD259_is1" = Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release)
"Operation Flashpoint" = Operation Flashpoint uninstall
"PictureItPrem_v10" = Microsoft Photo Premium 10
"QSEDBUK Boiler Database Browser_is1" = QSEDBUK 1.12
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Super Winspy_is1" = Super Winspy v3.20
"Tesconet" = Tesco internet access dialler
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"TVUPlayer" = TVUPlayer 2.3.0.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vuze" = Vuze
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"X10Hardware" = X10 Hardware™

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/04/2009 16:59:10 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:11:09 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:14:41 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:43:31 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:50:31 | Computer Name = ROBKE | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2009 17:50:36 | Computer Name = ROBKE | Source = Application Hang | ID = 1001
Description = Fault bucket 678372478.

Error - 15/04/2009 17:57:28 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 18:21:46 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 16/04/2009 15:47:22 | Computer Name = ROBKE | Source = Application Hang | ID = 1002
Description = Hanging application sysguard.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/04/2009 15:47:26 | Computer Name = ROBKE | Source = Application Hang | ID = 1002
Description = Hanging application sysguard.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 15/04/2009 16:59:10 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:11:09 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:14:41 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:43:31 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 17:50:31 | Computer Name = ROBKE | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup[1].tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/04/2009 17:50:36 | Computer Name = ROBKE | Source = Application Hang | ID = 1001
Description = Fault bucket 678372478.

Error - 15/04/2009 17:57:28 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 15/04/2009 18:21:46 | Computer Name = ROBKE | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.0.0.232, faulting module
unknown, version 0.0.0.0, fault address 0x10011e39.

Error - 16/04/2009 15:47:22 | Computer Name = ROBKE | Source = Application Hang | ID = 1002
Description = Hanging application sysguard.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/04/2009 15:47:26 | Computer Name = ROBKE | Source = Application Hang | ID = 1002
Description = Hanging application sysguard.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 31/12/2002 19:01:00 | Computer Name = ROBKE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 31/12/2002 23:16:17 | Computer Name = ROBKE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 31/12/2002 23:16:53 | Computer Name = ROBKE | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 01/01/2003 00:12:31 | Computer Name = ROBKE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 01/01/2003 00:12:49 | Computer Name = ROBKE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 09/04/2009 17:31:47 | Computer Name = ROBKE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 09/04/2009 17:31:47 | Computer Name = ROBKE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 10/04/2009 14:58:53 | Computer Name = ROBKE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 10/04/2009 14:58:56 | Computer Name = ROBKE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 10/04/2009 14:59:25 | Computer Name = ROBKE | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.


< End of report >






Hi,
Thanks for helping very appreciated, please find above first part that you have asked for
  • 0

#4
monkaymagic
Posted 16 April 2009 - 03:05 PM

monkaymagic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,
Hope this has worked correctly???


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-16 21:36:19
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 86FBC738 ZwEnumerateKey
Code 86FCF590 ZwFlushInstructionCache
Code 8724F206 IofCallDriver
Code 8711B3A6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF0BC 5 Bytes JMP 8724F20B
.text ntkrnlpa.exe!IofCompleteRequest 804EF14C 5 Bytes JMP 8711B3AB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B528A 5 Bytes JMP 86FCF594
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622950 5 Bytes JMP 86FBC73C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----





Thanks again for your help
  • 0

#5
kahdah
Posted 17 April 2009 - 06:30 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease first go to Start > Control Panel > Add remove programs:
uninstall these programs:
  • Ask Toolbar
  • Viewpoint Media Player

then exit the Add\remove programs list.
===================================
After that I see that you have Limewire,Frostwire and Mininova-Vuze Toolbar installed.
Having P2p programs such as these raise the possibility of getting infected again.
See here for information on P2P's.
I will leave it up to you if you want to remove it.
To remove it just simply uninstall them then delete their folders in this location > C:\Program Files\Limewire,Frostwire ,Minninova
--------------------------------
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
O2 - BHO: (BHO) - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll ()
O4 - HKCU..\Run: [system tool] C:\WINDOWS\sysguard.exe (?????????? ??????????)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iifddbyV) - File not found

:Files
C:\WINDOWS\tasks\bsfzbdkl.job

:Commands
[resethosts]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
=========================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===========================
  • Double click on Otlistit to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.


ALso post the Malwarebytes log.
  • 0

#6
monkaymagic
Posted 17 April 2009 - 12:20 PM

monkaymagic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,
Firstly I deleted the programs you said I should.
then
run otlist and pasted text you have given me into box

I rebooted when finished but due to an overheating issue (I think) the computer did not start to windows so I had to leave it for a few minutes to cool down - when I tried again I could not see a log and the date and time had changed to a few years ago on my computer - this happens fairly often. I did not know whether I should run this process again so carried on with the next steps without the log.

I then run mbam and it found 6 threats but it couldn't get rid of c:\windows\system32\uacinit.dll - I then restarted the computer but unfortunately it wouldn't start again and I had to wait a while for the computer to cool down.

Below are the log of the mbam log and the 2nd otlist log you asked me to do. The first otlist log is missing due to the overheating issue. If I run virus scans etc then restart my computer it never starts first time I have to wait for a while until it cools down.

Also after the running otlist for the first time I had greyed, almost transparent but clickable word document icons on my desktop which were named after word documents I had in another folder but which were blank when opened and which have now dissappeared.



Malwarebytes' Anti-Malware 1.36
Database version: 1994
Windows 5.1.2600 Service Pack 2

17/04/2009 18:33:25
mbam-log-2009-04-17 (18-33-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159937
Time elapsed: 20 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\ejylu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.


-----------------------------------









OTListIt logfile created on: 17/04/2009 19:05:38 - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Rob Vickery\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 574.74 Mb Available Physical Memory | 56.16% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.84 Gb Free Space | 9.17% Space Free | Partition Type: NTFS
Drive D: | 68.66 Gb Total Space | 66.86 Gb Free Space | 97.37% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 1.36 Gb Free Space | 23.25% Space Free | Partition Type: FAT32
Drive F: | 149.04 Gb Total Space | 148.85 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBKE
Current User Name: Rob Vickery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
PRC - C:\Program Files\Medion Tools\KeyStat\KeyStat.exe ()
PRC - C:\Program Files\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
PRC - C:\Program Files\PestPatrol\PPMemCheck.exe ()
PRC - C:\Program Files\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Eraser\eraser.exe (Heidi Computers Ltd)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
PRC - C:\WINDOWS\system32\lxcicoms.exe ( )
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
PRC - C:\Documents and Settings\Rob Vickery\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (CLCapSvc [Auto | Running]) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CLSched [Auto | Running]) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CyberLink Media Library Service [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (gupdate1c98652ce6f84a8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (lxci_device [On_Demand | Running]) -- C:\WINDOWS\system32\lxcicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WmcCds [Unknown | Stopped]) -- c:\program files\windows media connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
SRV - (x10nets [On_Demand | Running]) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV - (3xHybrid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (CardReaderFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (cmudax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RT2500USB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usbcm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbcm.sys (Microsystems Corp)
DRV - (USRWGU(USR) [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\USRWGU.sys (U.S. Robotics Corporation)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wbscr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wbscr.sys (Winbond Electronics Corp.)
DRV - (XUIF [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (ZDPSp50 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Flashget Catch Url Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe File not found
O4 - HKLM..\Run: [Dit] Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe" (Lexmark International Inc.)
O4 - HKLM..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe ()
O4 - HKLM..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,[email protected] ()
O4 - HKLM..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (Heidi Computers Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ USRobotics Wireless USB Adapter.lnk = C:\Program Files\USRobotics\Wireless USB Manager\USR54G.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VTAgentReboot.exe ()
O4 - Startup: C:\Documents and Settings\Rob Vickery\Start Menu\Programs\Startup\PestPatrol Update Wizard.lnk = C:\Program Files\PestPatrol\WiseUpdt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (IE Toolbar)
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html (Google Inc.)
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html (Google Inc.)
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html (Google Inc.)
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html (Google Inc.)
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: musicmatch.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: musicmatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tesco.net ([memberservices] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tesco.net ([register] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: NTLSignup https://register.tes...o/NTLSignup.cab (Reg Error: Key error.)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E9681C1C-C1DF-4970-97BB-86C3E716AFA3} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[10 C:\Documents and Settings\Rob Vickery\Desktop\*.tmp files]
[2009/04/17 18:35:28 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/04/17 17:41:39 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/16 21:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Vickery\Desktop\Misc1.1
[2009/04/16 21:02:21 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17944.exe
[2009/04/16 21:02:21 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/04/16 21:01:49 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Vickery\Desktop\OTListIt2.exe
[2009/04/15 23:24:48 | 00,259,072 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/15 23:24:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/15 23:24:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/15 23:24:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/15 23:24:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/15 23:24:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/15 23:24:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/15 23:24:48 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/15 23:24:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 23:24:32 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28419.exe
[2009/04/15 23:23:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/15 22:12:50 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/12 23:31:55 | 00,002,585 | ---- | C] () -- C:\Documents and Settings\Rob Vickery\Desktop\s599735398_3389.jpg
[2009/04/08 20:41:17 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Rob Vickery\My Documents\BIKES.doc
[2009/04/04 14:13:15 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Rob Vickery\Desktop\Rob1.1.doc
[2008/11/16 00:21:25 | 00,013,353 | ---- | C] () -- C:\WINDOWS\System32\sudyhu.dll
[2008/02/11 20:00:12 | 00,000,906 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2008/02/07 18:35:15 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/02/07 18:35:15 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/02/07 18:35:15 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/02/07 18:35:15 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/02/07 18:35:15 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/08/25 15:46:43 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/11/24 20:11:38 | 00,000,413 | ---- | C] () -- C:\WINDOWS\SDA_APPS.INI
[2006/10/08 18:16:40 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006/08/31 20:37:40 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/08/31 20:37:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2006/08/31 20:37:08 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/08/31 20:33:59 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\lxcivs.dll
[2006/08/31 20:33:36 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciserv.dll
[2006/08/31 20:33:36 | 01,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciusb1.dll
[2006/08/31 20:33:36 | 00,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipmui.dll
[2006/08/31 20:33:36 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciprox.dll
[2006/08/31 20:33:36 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipplc.dll
[2006/08/31 20:33:35 | 00,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihbn3.dll
[2006/08/31 20:33:35 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomc.dll
[2006/08/31 20:33:35 | 00,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcilmpm.dll
[2006/08/31 20:33:35 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomm.dll
[2006/05/22 18:51:54 | 00,000,059 | ---- | C] () -- C:\WINDOWS\PestPatrol.ini
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/04/20 15:13:46 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2005/04/09 14:53:40 | 00,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2005/02/09 19:52:42 | 00,000,772 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/09 18:28:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/09 15:38:29 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/09 15:13:16 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\14E4D0A500.sys
[2005/02/09 15:13:15 | 00,005,224 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/02/09 15:04:43 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\GetOSVer.dll
[2005/02/09 14:47:53 | 00,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2005/02/09 14:31:04 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2005/02/09 14:31:04 | 00,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/02/09 14:27:12 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll
[2005/02/09 14:27:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll
[2005/02/09 14:22:39 | 00,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005/02/09 14:22:35 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/02/09 13:34:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/09 13:34:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/09 10:37:10 | 00,001,210 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/09 10:37:05 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/02/09 10:37:04 | 00,000,268 | ---- | C] () -- C:\WINDOWS\System.ini
[2005/02/09 10:36:59 | 00,000,325 | ---- | C] () -- C:\WINDOWS\System32\ntnet.drv
[2005/01/20 15:05:59 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/09/28 22:54:30 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2002/10/06 22:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 03:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 03:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 03:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[14 C:\Documents and Settings\Rob Vickery\My Documents\*.tmp files]
[10 C:\Documents and Settings\Rob Vickery\Desktop\*.tmp files]
[2009/04/17 19:03:26 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Vickery\Desktop\OTListIt2.exe
[2009/04/17 19:00:29 | 00,432,774 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 19:00:29 | 00,376,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 19:00:29 | 00,051,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 18:59:35 | 00,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2009/04/17 18:59:35 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/17 18:59:22 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/17 18:59:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/17 18:59:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/17 18:59:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/17 18:58:59 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/17 18:10:28 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/17 12:03:42 | 35,195,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/16 20:48:22 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17944.exe
[2009/04/16 20:47:36 | 00,100,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/16 00:54:43 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Rob Vickery\My Documents\BIKES.doc
[2009/04/15 23:23:56 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28419.exe
[2009/04/12 23:31:57 | 00,002,585 | ---- | M] () -- C:\Documents and Settings\Rob Vickery\Desktop\s599735398_3389.jpg
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/04 14:23:54 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Rob Vickery\Desktop\Rob1.1.doc
[2009/03/28 01:58:56 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
< End of report >
  • 0

#7
kahdah
Posted 18 April 2009 - 05:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Your logs are clean without doing anymore scans from what I can see.

Besides the heating issue is the malware problem gone?
  • 0

#8
monkaymagic
Posted 18 April 2009 - 06:05 AM

monkaymagic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes I think so - everything seems to be working correctly now.

I don't really have much idea about firewalls and security is there any free downloads on the web that I should have to reduce the risk of this happening again?


Just like to thank you very much as well for your brilliant help - been having a few problems for months but they all seem to be cured now. So thank you kahdah.
  • 0

#9
kahdah
Posted 18 April 2009 - 06:11 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Here is a free one to use.
The rest of the info will be at the bottom of the page when I post my prevention information when we finish up.
Online Armor Free.

This link will explain how to use firewalls to better understand them, Firewall tutorial
==============================
I suggest after doing these last set of instructions to post a thread in this forum to get help with the overheating issue.
http://www.geekstogo...pherals-f9.html

Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
======================
Delete\uninstall anything else that we have used.


System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP