Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very slow computer: malware, spyware, or viruses

Started by rnc_browns , Jun 03 2009 09:51 PM

  • Please log in to reply

#1
rnc_browns
Posted 03 June 2009 - 09:51 PM

rnc_browns

    New Member

  • Member
  • Pip
  • 1 posts
My computer has been very slow for a while, I install updates and also have an antivirus program and other types of spyware blockers and all that, but the computer still seems slow. Applications take a while to open and startup is slow as well. The internet seems to drag a little as well but not sure if that has anything to do as a result of infection.

I went through your manual and did all the necessary steps but the computer still needs some looking at. Here is all the info from mbam, rooter, and otl:

Malwarebytes' Anti-Malware 1.37
Database version: 2216
Windows 5.1.2600 Service Pack 3

6/2/2009 7:08:39 PM
mbam-log-2009-06-02 (19-08-39).txt

Scan type: Quick Scan
Objects scanned: 147167
Time elapsed: 52 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Clicker) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\drnpfdxqwp.dll_old (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\Kevin Crockett.DELL-BHVIT8VZQW\Favorites\adult sites\Hardcore\yvon's training.lnk (Adware.SurfAssistant) -> Quarantined and deleted successfully.

Microsoft Windows XP Home Edition (5.1.2600) Service

Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76285 Mo/Free:3714 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)

Wed 06/03/2009|19:43

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Adaptec\Easy CD Creator

5\DirectCD\DirectCD.exe
---------- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
----------

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\pri

ntray.exe
---------- C:\Program Files\Common

Files\AOL\1148442141\ee\AOLSoftware.exe
----------

C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
---------- C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
---------- C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
---------- C:\Program Files\Spyware Doctor\pctsTray.exe
---------- C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Dell V305\dldtmon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Spyware

Terminator\SpywareTerminatorShield.exe
---------- C:\Program Files\Dell V305\dldtMsdMon.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\system32\dlbtcoms.exe
---------- C:\WINDOWS\system32\dldtcoms.exe
---------- C:\Program Files\Norton AntiVirus\navapsvc.exe
---------- C:\Program Files\Norton

AntiVirus\AdvTools\NPROTECT.EXE
---------- C:\Program Files\Spyware Doctor\pctsAuxs.exe
---------- C:\Program Files\Spyware

Terminator\sp_rsser.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Spyware Doctor\pctsSvc.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\KEVINC~1.X-R\Cookies\kevin

crockett@crackle[2].txt
C:\DOCUME~1\KEVINC~1.X-R\Cookies\kevin_crockett

@crackle[1].txt
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Everything that

was on the desktop\Other Desktop Folders\gchgf\Ulead

Media Studio Pro 6.5 + Crack.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Everything that

was on the desktop\Other Desktop Folders\gchgf\Vegas

Video 4.0 + Keygen.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Everything that

was on the desktop\Other Desktop Folders\VV\Vegas

Video 4.0\Vegas Video 4.0 Keygen 2.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Everything that

was on the desktop\Other Desktop Folders\VV\Vegas

Video 4.0\Vegas Video 4.0 Keygen.EXE
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Desktop Music Folders\real\Real One Player

v10_Gold_with crack\how to install.txt
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Desktop Music Folders\real\Real One Player

v10_Gold_with

crack\RealOne_Player6.1_Plus_wGOLD_Pack_Option_[

FINAL]_English.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Desktop Music Folders\real\Real One Player

v10_Gold_with crack\crack6.1\DataCache.zip
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Desktop Music Folders\real\Real One Player

v10_Gold_with

crack\upgrade_v10\RealPlayer10GOLD.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Download and Install Files\Adobe Photoshop

CS v8.0 + key + crack.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Download and Install Files\draw\Adobe

Photoshop CS v8.0 + key + crack\Adobe Photoshop CS

v8.0.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Download and Install Files\draw\Adobe

Photoshop CS v8.0 + key + crack\crack 1.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Download and Install Files\draw\Adobe

Photoshop CS v8.0 + key + crack\crack 2.exe
C:\DOCUME~1\KEVINC~1.X-R\Desktop\Kevin's

Briefcase\Download and Install Files\draw\Adobe

Photoshop CS v8.0 + key + crack\NOTE.txt


1 - "C:\Rooter$\Rooter_1.txt" - Wed 06/03/2009|19:18
2 - "C:\Rooter$\Rooter_2.txt" - Wed 06/03/2009|19:49

----------------------\\ Scan completed at 19:49

OTL logfile created on: 6/3/2009 9:11:54 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 16.09 Mb Available Physical Memory | 6.31% Memory free
1001.09 Mb Paging File | 304.89 Mb Available in Paging File | 30.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 31.63 Gb Free Space | 42.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-RI7PJGT6UO9IX
Current User Name: Kevin Crockett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
PRC - C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe (Lexmark)
PRC - C:\Program Files\Common Files\AOL\1148442141\ee\AOLSoftware.exe (America Online, Inc.)
PRC - C:\Program Files\LexmarkX83\ACMonitor_X83.exe (Jetsoft Development Company)
PRC - C:\Program Files\Java\jre1.5.0\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe (Jetsoft Development Company)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Dell V305\dldtmon.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Program Files\Dell V305\dldtMsdMon.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\dlbtcoms.exe ( )
PRC - C:\WINDOWS\system32\dldtcoms.exe ( )
PRC - C:\Program Files\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (Symantec Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\upgrade.exe (PC Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dlbt_device [Auto | Running]) -- C:\WINDOWS\system32\dlbtcoms.exe ( )
SRV - (dldtCATSCustConnectService [Auto | Stopped]) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe ()
SRV - (dldt_device [Auto | Running]) -- C:\WINDOWS\system32\dldtcoms.exe ( )
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (navapsvc [Auto | Running]) -- C:\Program Files\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (NProtectService [Auto | Running]) -- C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (Symantec Corporation)
SRV - (SBService [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe (Symantec Corporation)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sp_rssrv [Auto | Running]) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (ati2mpaa [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys (ATI Technologies Inc.)
DRV - (ati2mtaa [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (basic2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (DCamUSBUVT [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbuvt.sys (IC Media Corporation)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (ENETHUSB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\enethusb.sys (Efficient Networks, Inc.)
DRV - (Fallback [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (Fsks [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.)
DRV - (hsf_msft [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (IKFileSec [Boot | Running]) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt [System | Running]) -- C:\WINDOWS\system32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKSysSec [System | Running]) -- C:\WINDOWS\system32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (Imapi [System | Running]) -- C:\WINDOWS\system32\drivers\ImapiRox.sys (Roxio Inc.)
DRV - (K56 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040707.008\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040707.008\NAVEX15.SYS (Symantec Corporation)
DRV - (NPDriver [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2K [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (Rksample [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.)
DRV - (SAVRT [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SAVRT.SYS (Symantec Corporation)
DRV - (SAVRTPEL [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SoftFax [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (SpeakerPhone [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys (Conexant)
DRV - (sp_rsdrv2 [System | Running]) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (Tones [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V124 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys (Conexant Systems, Inc.)
DRV - (xbreader [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\xbreader.sys (Thesycon GmbH, Germany)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_Url = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/10/08 13:24:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/03 19:24:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/06/03 19:24:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/26 10:50:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/02 19:08:38 | 00,000,000 | ---D | M]

[2008/12/12 20:28:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Application Data\mozilla\Extensions
[2008/12/12 20:28:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/03 01:07:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Application Data\mozilla\Firefox\Profiles\345p47r5.default\extensions
[2008/05/13 16:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Application Data\mozilla\Firefox\Profiles\345p47r5.default\extensions\{4892b5dc-4df3-11dc-8314-0800200c9a66}
[2005/07/08 18:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Application Data\mozilla\Firefox\Profiles\42725kwj.kevin\extensions
[2005/07/08 18:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Application Data\mozilla\Firefox\Profiles\42725kwj.kevin\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/12 20:28:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/03 17:28:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/03 17:23:12 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/03 17:23:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/18 10:36:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/18 10:36:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/18 10:36:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/18 10:36:12 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/18 10:36:12 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/18 10:36:12 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/18 10:36:12 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (238945 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8359 more lines...
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EZTBARTB) - {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} - C:\WINDOWS\DOWNLO~1\eztbartb.dll File not found
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - Reg Error: Key error. File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (EZTBARTB) - {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} - C:\WINDOWS\DOWNLO~1\eztbartb.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} - C:\WINDOWS\DOWNLO~1\eztbartb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
O4 - HKLM..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE (Symantec Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe" ()
O4 - HKLM..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe" ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148442141\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" (The Weather Channel Interactive)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm File not found
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...nst_current.cab (YInstStarter Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://webchat.dell...t/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: CheckKernel - {8ad8a477-adbd-4e80-9c19-bc091f40a606} - C:\WINDOWS\Installer\{8ad8a477-adbd-4e80-9c19-bc091f40a606}\CheckKernel.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/13 01:52:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/01/16 01:56:50 | 00,005,952 | ---- | M] () - C:\autoexec.bat.Exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/03 21:02:11 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2100/02/24 15:15:04 | 00,000,821 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2100/02/16 17:09:06 | 00,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.INI
[2009/06/03 19:18:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/03 19:17:05 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\OTL.exe
[2009/06/03 19:16:02 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Rooter.exe
[2009/06/03 15:52:54 | 00,172,214 | ---- | C] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Picture3.jpg
[2009/06/03 00:56:27 | 00,199,353 | ---- | C] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Picture2.jpg
[2009/06/03 00:55:52 | 00,199,353 | ---- | C] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Picture.jpg
[2009/06/03 00:10:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ThumbnailCache4R
[2009/06/02 16:23:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Application Data\Malwarebytes
[2009/06/02 16:23:21 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1.WIN\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/02 16:23:02 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/02 16:22:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/06/02 16:22:58 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/02 16:22:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/02 16:10:00 | 03,371,376 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\mbam-setup.exe
[2009/06/02 15:07:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/02 15:04:56 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/02 14:59:01 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\NTREGOPT.lnk
[2009/06/02 14:59:00 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\ERUNT.lnk
[2009/06/02 14:55:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/02 14:04:08 | 00,000,674 | ---- | C] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/06/02 12:57:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\SysRestorePoint.exe
[2009/06/02 12:56:39 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\erunt_setup.exe
[2009/06/02 12:21:13 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\TFC.exe
[2009/06/01 14:13:40 | 00,038,912 | ---- | C] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\resume-WVU.doc
[2009/05/10 23:08:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Local Settings\Apps
[2009/03/19 14:44:01 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2008/12/30 01:03:39 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/12/30 01:03:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/12/28 19:16:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2008/12/28 19:16:18 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2008/12/28 19:16:17 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2008/12/28 19:11:41 | 00,360,448 | R--- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2008/05/12 13:07:47 | 00,000,864 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/02/21 16:41:23 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2008/02/19 18:25:56 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2008/01/31 05:41:56 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2008/01/31 05:41:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2008/01/31 05:41:21 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2008/01/31 05:38:09 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2008/01/31 05:38:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2008/01/31 05:36:33 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2008/01/31 05:36:30 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2008/01/31 05:35:02 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2008/01/31 05:34:28 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2008/01/30 12:02:30 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2008/01/30 11:59:24 | 01,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2008/01/30 11:57:41 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2008/01/30 11:56:56 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2008/01/30 11:55:13 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2008/01/30 11:54:56 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2008/01/30 11:54:22 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2008/01/30 11:53:31 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2008/01/30 11:53:22 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2008/01/30 11:52:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2008/01/21 22:05:12 | 00,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldtcfg.dll
[2008/01/15 23:05:08 | 00,000,020 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2008/01/15 22:59:17 | 00,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2007/11/13 15:13:09 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2007/04/28 10:41:49 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2007/02/26 21:15:59 | 00,000,155 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2007/02/19 07:20:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2007/02/19 07:20:24 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2007/02/19 07:20:02 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2007/02/19 07:17:06 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2007/02/19 07:17:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2007/02/19 07:16:52 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2007/02/19 07:16:48 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2007/02/19 07:15:34 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2007/02/07 17:57:16 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2007/01/30 14:47:52 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtpmui.dll
[2007/01/30 14:46:00 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtserv.dll
[2007/01/30 14:38:18 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtcomm.dll
[2007/01/30 14:36:30 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtlmpm.dll
[2007/01/30 14:35:00 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtiesc.dll
[2007/01/30 14:32:06 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtpplc.dll
[2007/01/30 14:31:08 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtcomc.dll
[2007/01/30 14:30:30 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtprox.dll
[2007/01/30 14:22:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtinpa.dll
[2007/01/30 14:21:46 | 00,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtusb1.dll
[2007/01/30 14:17:02 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbthbn3.dll
[2007/01/22 02:18:28 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcfg.dll
[2006/05/23 23:38:49 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/18 10:26:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2005/05/25 09:07:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtcnv4.dll
[2004/09/04 13:26:28 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AECDLJN.ini
[2004/08/26 17:26:13 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/11 00:30:38 | 00,000,305 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/04/10 14:11:04 | 00,000,173 | ---- | C] () -- C:\WINDOWS\X83_DS.ini
[2002/03/04 23:33:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/11/07 16:12:33 | 00,000,207 | ---- | C] () -- C:\WINDOWS\ACTIVITY.INI
[2001/11/07 10:29:46 | 00,001,261 | ---- | C] () -- C:\WINDOWS\DISNEY.INI
[2001/10/25 14:20:08 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/09/20 23:07:38 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\8532util.dll
[2001/09/17 19:15:01 | 00,003,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2001/08/18 08:00:00 | 00,000,969 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/18 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/10 13:14:16 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/03/05 15:07:22 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/01/05 14:34:30 | 00,016,812 | ---- | C] () -- C:\WINDOWS\System32\lxas2kpm.dll
[2001/01/05 13:08:02 | 00,008,427 | ---- | C] () -- C:\WINDOWS\System32\lxas2kui.dll
[2000/10/24 10:08:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 10:08:33 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== Files - Modified Within 30 Days ==========

[3 C:\DOCUME~1\KEVINC~1.X-R\My Documents\*.tmp files]
[2009/06/03 21:41:00 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/06/03 19:26:26 | 00,000,020 | ---- | M] () -- C:\WINDOWS\ACMonitor_X83.ini
[2009/06/03 19:26:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/03 19:25:08 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Local Settings\desktop.ini
[2009/06/03 19:25:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/03 19:24:57 | 26,746,8800 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/03 19:17:06 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\OTL.exe
[2009/06/03 19:16:22 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Rooter.exe
[2009/06/03 17:32:57 | 36,767,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/03 15:37:22 | 00,000,674 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/06/03 09:09:08 | 00,064,751 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/03 00:55:19 | 00,199,353 | ---- | M] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Picture2.jpg
[2009/06/03 00:55:19 | 00,199,353 | ---- | M] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Picture.jpg
[2009/06/03 00:52:04 | 00,172,214 | ---- | M] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\Picture3.jpg
[2009/06/03 00:16:00 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/03 00:15:49 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/03 00:15:43 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/03 00:11:28 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/02 16:23:21 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1.WIN\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/02 16:10:54 | 03,371,376 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\mbam-setup.exe
[2009/06/02 15:04:56 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/02 14:59:01 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\NTREGOPT.lnk
[2009/06/02 14:59:00 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\ERUNT.lnk
[2009/06/02 13:40:30 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\SysRestorePoint.exe
[2009/06/02 12:56:41 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\erunt_setup.exe
[2009/06/02 12:21:16 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\TFC.exe
[2009/06/01 14:13:40 | 00,038,912 | ---- | M] () -- C:\DOCUME~1\KEVINC~1.X-R\Desktop\resume-WVU.doc
[2009/05/29 20:00:00 | 00,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2009/05/28 17:57:21 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/17 21:59:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 6/3/2009 9:11:54 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 16.09 Mb Available Physical Memory | 6.31% Memory free
1001.09 Mb Paging File | 304.89 Mb Available in Paging File | 30.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 31.63 Gb Free Space | 42.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-RI7PJGT6UO9IX
Current User Name: Kevin Crockett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ File not found
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Avant Browser\avant.exe:*:Disabled:The Fastest Web Browser on Earth! File not found
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Common Files\AOL\1148442141\ee\aolsoftware.exe:*:Enabled:AOL Services (America Online, Inc.)
C:\Program Files\Common Files\AOL\1148442141\ee\aim6.exe:*:Enabled:AIM (America Online, Inc.)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 File not found
C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealPlayer File not found
C:\Documents and Settings\Kevin Crockett.X-RI7PJGT6UO9IX\Desktop\utorrent.exe:*:Enabled:µTorrent File not found
C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek File not found
C:\WINDOWS\system32\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server ( )
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Dell V305\dldtamon.exe:*:Enabled:Dell Device Monitor ()
C:\Program Files\Dell V305\frun.exe:*:Enabled:Dell Imaging Toolbox ()
C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader (ABBYY (BIT Software))
C:\Program Files\Dell V305\dldtmon.exe:*:Enabled:Printer Device Monitor ()
C:\WINDOWS\system32\dldtcoms.exe:*:Enabled:Lexmark Communications System ( )
C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtpswx.exe:*:Enabled:Printer Status Window Interface ()
C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe:*:Enabled:Time Executable ()
C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtjswx.exe:*:Enabled:Job Status Window Interface ()
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{313AA16E-8C61-410C-A225-917462421659}" = EZSuite For EZCam III
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3884FCC0-9E16-423B-959A-FD77DD2F39E6}" = GuitarVision
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{AACDE433-670D-429B-B90B-A177AFAFD610}" = Sonic Foundry Vegas 4.0
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}" = Norton AntiVirus 2003 Professional Edition
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"ActionReplay Xbox" = ActionReplay Xbox
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced Tools" = Advanced Tools
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG8Uninstall" = AVG 8.5
"Dell V305" = Dell V305
"Desktop Weather by The Weather Channel" = Desktop Weather by The Weather Channel
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark X83" = C:\PROGRA~1\LEXMAR~1
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Doctor" = Spyware Doctor 6.0
"Spyware Terminator_is1" = Spyware Terminator
"Ultra PSP Movie Converter_is1" = Ultra PSP Movie Converter 4.2.1213
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2009 4:56:39 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 4:56:40 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 5:02:09 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Hang | ID = 1001
Description = Fault bucket 1203592333.

Error - 4/17/2009 5:02:09 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Hang | ID = 1001
Description = Fault bucket 1203592333.

Error - 4/17/2009 5:02:09 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Hang | ID = 1001
Description = Fault bucket 1203592333.

Error - 5/10/2009 10:59:57 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 11.0.0.453, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2009 9:06:13 AM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Error | ID = 1000
Description = Faulting application dldtcoms.exe, version 1.233.55.0, faulting module
dldtusb1.dll, version 1.233.55.0, fault address 0x000691f8.

Error - 5/18/2009 1:41:09 AM | Computer Name = X-RI7PJGT6UO9IX | Source = sdCoreService | ID = 0
Description =

Error - 5/26/2009 5:12:55 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2009 12:39:41 AM | Computer Name = X-RI7PJGT6UO9IX | Source = sdCoreService | ID = 0
Description =

[ System Events ]
Error - 6/3/2009 7:36:46 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7022
Description = The PC Tools Security Service service hung on starting.

Error - 6/3/2009 7:36:47 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 6/3/2009 7:38:23 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 6/3/2009 7:38:23 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 6/3/2009 7:38:26 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7000
Description = The Norton Unerase Protection Driver service failed to start due to
the following error: %%5

Error - 6/3/2009 7:38:45 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%5

Error - 6/3/2009 7:39:03 PM | Computer Name = X-RI7PJGT6UO9IX | Source = DCOM | ID = 10010
Description = The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register
with DCOM within the required timeout.

Error - 6/3/2009 7:42:38 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 6/3/2009 7:46:53 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 3 time(s).

Error - 6/3/2009 7:52:36 PM | Computer Name = X-RI7PJGT6UO9IX | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 4 time(s).


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP