Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 7 Slowdown. Some websites won't load.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Davesport

Davesport

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 June 2009 - 07:26 AM

Hi & I'd like to thank you for looking at my post.

I'm experiencing problems with a lot of different websites either being slow or unavailable. My browser locates the website but then the status bar at the bottom of the brower window says something like "Waiting on http:// ***** etc The site/s in question never appear. I end up redirecting my browser & doing something else. Some of the webby's load partially & then stop.

My PC is a couple of years old & is running Vista with a fully up to date version of AVG free edition. I've got no "detectable" viruses running a scan using AVG or Spybot or Ad Aware. Browsing seems to the only thing affected & there are no outward signs that anything else is wrong. I run CCleaner on a fairly regular basis to clean out the caches.

I'm a bit of a computer numpty but can usually work throught things in a logical & organised fashion once I'm aware of whats required. If there's anything in that log that looks dodgy or is simply not required please let me know.

Edited to add. Could this be a problem within my Buffalo router ?

Your help is much appreciated. Dave.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:46, on 03/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Ruaridh Angus Music\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\stickies\stickies.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Admin Account\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P19UBCOY\HiJackThis[1].exe
C:\Users\ADMINA~1\AppData\Local\Temp\Rar$EX02.166\HijackThis.exe
C:\Users\Admin Account\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Ruaridh Angus Music\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1233846894867
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://eilandonan.remotemanager.co.uk/comm...MJPEGRender.ocx
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://64.21.226.243/activex/decoder/intel_mpeg4_dec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c98934b3b973f0) (gupdate1c98934b3b973f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - C:\ElsaWin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12425 bytes

Edited by Davesport, 04 June 2009 - 08:05 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 04 June 2009 - 02:07 PM

Hi Davesport,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#3 Davesport

Davesport
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 June 2009 - 03:59 PM

Hi Farbar. Greetings from Scotland. Thankyou for your time & assistance.

I've posted the OLT logs from my Desktop PC. I've edited my post to remove the logs from my laptop.

Thanks again in advance for your time.

Regards Dave.

OTL logfile created on: 04/06/2009 22:55:17 - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Admin Account\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.85% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.12 Gb Total Space | 450.13 Gb Free Space | 76.80% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.37 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYPC
Current User Name: Admin Account
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/07/20 01:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/20 13:57:32 | 00,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2009/06/01 09:32:16 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/15 09:57:01 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/03/21 13:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/02/07 15:59:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2003/03/13 16:46:14 | 00,122,963 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2003/03/13 16:38:18 | 00,221,267 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe
PRC - [2009/05/20 09:31:25 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2003/03/13 16:42:16 | 00,180,307 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe
PRC - [2003/03/13 16:51:50 | 00,073,811 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrKdS.exe
PRC - [2003/03/13 17:06:46 | 00,348,243 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe
PRC - [2007/07/20 01:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2007/07/20 01:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFHost.exe
PRC - [2008/01/19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/21 13:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/05 11:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007/09/26 14:42:04 | 00,267,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/10/26 09:22:47 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/07/25 17:02:54 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 17:06:30 | 02,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2009/05/15 09:57:03 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/02/20 13:58:44 | 00,053,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2007/02/08 06:16:24 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2009/04/29 16:38:26 | 00,188,728 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/11/06 12:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Ruaridh Angus Music\ZEN Media Explorer\CTCheck.exe
PRC - [2009/06/01 09:32:17 | 00,518,488 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2007/07/17 12:03:38 | 00,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2008/01/19 08:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/02/20 13:29:00 | 00,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/03/09 00:28:19 | 00,700,416 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2007/01/11 19:15:00 | 00,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
PRC - [2008/01/19 08:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2007/07/25 17:02:32 | 00,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2008/01/19 08:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2003/03/13 16:41:44 | 01,376,339 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/05 10:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/21 17:15:26 | 02,592,656 | ---- | M] (Spotify AB) -- C:\Program Files\Spotify\spotify.exe
PRC - [2008/01/19 08:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2009/06/04 21:22:18 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Account\Desktop\OTL.exe
PRC - [2008/01/19 08:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/03/03 05:40:22 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/15 09:57:01 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/01/05 12:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/19 12:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/05 12:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/07 15:59:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98934b3b973f0 [Auto | Stopped])
SRV - [2009/03/24 22:06:21 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2007/03/21 13:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/05 12:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/01 09:32:16 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/02/20 13:57:32 | 00,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ [Auto | Running])
SRV - [2003/03/13 16:46:14 | 00,122,963 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm [Auto | Running])
SRV - [2003/03/13 16:41:44 | 01,376,339 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf [On_Demand | Running])
SRV - [2003/03/13 16:38:18 | 00,221,267 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba [Auto | Running])
SRV - [2003/03/13 16:42:16 | 00,180,307 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis [Auto | Running])
SRV - [2003/03/13 16:51:50 | 00,073,811 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrKdS.exe -- (LcSvrKds [Auto | Running])
SRV - [2003/03/13 17:06:46 | 00,348,243 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS [Auto | Start_Pending])
SRV - [2007/07/20 01:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2007/07/20 01:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/07/20 01:42:30 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/01/05 12:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Running])
SRV - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2007/03/26 14:06:24 | 00,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2007/07/15 18:24:04 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/05/15 09:57:06 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/15 09:57:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/07/15 18:24:04 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2008/01/19 05:25:05 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Running])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/06/19 12:06:16 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2005/02/11 12:19:20 | 00,055,216 | ---- | M] (MCCI) -- C:\Windows\system32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])
DRV - [2009/05/14 09:32:38 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2007/01/11 19:15:06 | 00,032,272 | ---- | M] (Logitech, Inc.) -- C:\Windows\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007/01/11 19:15:16 | 00,032,528 | ---- | M] (Logitech, Inc.) -- C:\Windows\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007/07/20 01:37:56 | 02,109,592 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/07/20 01:39:50 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Running])
DRV - [2007/07/18 18:42:42 | 00,025,624 | ---- | M] () -- C:\Windows\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/07/19 01:44:00 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2007/09/17 09:07:00 | 07,624,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/07/19 01:39:15 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007/07/19 01:39:15 | 01,278,104 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 08:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2007/04/23 14:54:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115mdfl.sys -- (s115mdfl [On_Demand | Stopped])
DRV - [2007/04/23 14:54:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115mdm.sys -- (s115mdm [On_Demand | Stopped])
DRV - [2007/04/23 14:54:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115mgmt.sys -- (s115mgmt [On_Demand | Stopped])
DRV - [2007/04/23 14:54:50 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115obex.sys -- (s115obex [On_Demand | Stopped])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2005/11/04 11:06:52 | 00,048,640 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2007/02/08 06:16:26 | 00,647,680 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 06:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/07/15 18:24:04 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\S-1-5-21-1322409805-2538862180-448290080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.co.uk"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/04 17:11:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/04 17:11:57 | 00,000,000 | ---D | M]

[2009/06/04 17:12:06 | 00,000,000 | ---D | M] -- C:\Users\Admin Account\AppData\Roaming\mozilla\Extensions
[2009/06/04 17:12:06 | 00,000,000 | ---D | M] -- C:\Users\Admin Account\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/04 17:12:06 | 00,000,000 | ---D | M] -- C:\Users\Admin Account\AppData\Roaming\mozilla\Firefox\Profiles\5c1ui1m5.default\extensions
[2009/06/04 17:11:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/04 17:11:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/24 07:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 07:00:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (306011 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 10537 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTCheck] C:\Ruaridh Angus Music\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe File not found
O4 - HKLM..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" ()
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Ruaridh Angus Music\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1233846894867 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://eilandonan.remotemanager.co.uk/comm...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} http://64.21.226.243/activex/decoder/intel_mpeg4_dec.cab (CAxMP4Dec Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9fc17f48-32b5-11dc-a14a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9fc17f48-32b5-11dc-a14a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\gdistart.exe -- File not found
O33 - MountPoints2\{adce21b6-7841-11dd-a151-0007617e5cad}\Shell\AutoRun\command - "" = C:\Windows\system32\setupSNK.exe -- [2008/01/19 08:33:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ee828ec6-3ba1-11de-8ac5-0007617e5cad}\Shell - "" = AutoRun
O33 - MountPoints2\{ee828ec6-3ba1-11de-8ac5-0007617e5cad}\Shell\AutoRun\command - "" = L:\loader.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/04 21:27:55 | 00,000,000 | R--D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/04 21:22:01 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Admin Account\Desktop\OTL.exe
[2009/06/04 17:12:04 | 00,000,000 | ---D | C] -- C:\Users\Admin Account\AppData\Roaming\Mozilla
[2009/06/04 17:11:59 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/04 17:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/06/03 09:57:39 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin Account\Desktop\HijackThis.exe
[2009/06/03 09:53:53 | 00,000,000 | ---D | C] -- C:\HiJack this
[2009/05/22 23:05:11 | 00,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/05/14 09:50:51 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/05/14 09:33:00 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/05/14 09:32:51 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/05/14 09:32:50 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/05/14 09:31:38 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/14 09:31:37 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/05/14 09:31:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/13 21:45:41 | 00,000,280 | -HS- | C] () -- C:\Users\Public\Documents\desktop.ini
[2009/05/08 09:07:08 | 00,001,057 | ---- | C] () -- C:\Users\Admin Account\Desktop\Spybot - Search & Destroy.lnk
[2009/05/08 07:58:32 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2008/09/29 11:01:45 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/12/22 19:11:17 | 00,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/07/18 18:42:42 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/07/18 16:11:49 | 00,001,008 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/07 20:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Files - Modified Within 30 Days ==========

[2009/06/04 22:49:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/04 21:50:08 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/04 21:50:08 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/04 21:50:08 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/04 21:27:18 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/04 21:27:18 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/04 21:22:18 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Account\Desktop\OTL.exe
[2009/06/04 20:44:21 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/06/04 19:38:41 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/06/04 19:32:02 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB6493F5-916B-4DEF-8EA0-9F6A6B0813EE}.job
[2009/06/04 17:30:56 | 00,002,595 | ---- | M] () -- C:\Users\Admin Account\Desktop\Microsoft Word.lnk
[2009/06/04 17:11:59 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/04 13:05:07 | 36,794,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/04 13:05:07 | 00,064,911 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/04 13:03:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/04 13:03:24 | 21,453,08672 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/04 00:33:21 | 00,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/01 09:52:00 | 00,001,672 | ---- | M] () -- C:\Users\Admin Account\Desktop\CCleaner.lnk
[2009/06/01 09:33:00 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/05/31 15:17:00 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/05/27 21:45:01 | 00,002,485 | ---- | M] () -- C:\Users\Admin Account\Desktop\Microsoft AutoRoute 2007.lnk
[2009/05/22 23:05:11 | 00,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/05/15 09:57:07 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/05/15 09:57:06 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/05/15 09:57:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/05/14 09:32:45 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/05/14 09:32:38 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/05/14 09:31:37 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/05/14 09:23:58 | 00,001,057 | ---- | M] () -- C:\Users\Admin Account\Desktop\Spybot - Search & Destroy.lnk
[2009/05/13 21:45:41 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/05/08 09:21:32 | 00,306,011 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/05/07 08:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/06 15:58:41 | 00,000,648 | -HS- | M] () -- C:\Users\Admin Account\Desktop\desktop.ini
[2009/05/06 15:58:41 | 00,000,402 | -HS- | M] () -- C:\Users\Admin Account\Documents\desktop.ini
[2009/05/06 15:58:41 | 00,000,174 | -HS- | M] () -- C:\Users\Admin Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Admin Account\Documents\Talktalk:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin Account\Documents\HYMER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin Account\Documents\Caterham:Roxio EMC Stream
@Alternate Data Stream - 7134 bytes -> C:\Users\Admin Account\Desktop\BLAT.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Users\Admin Account\Desktop\MHF.url:favicon
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 04/06/2009 22:55:17 - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Admin Account\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.85% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.12 Gb Total Space | 450.13 Gb Free Space | 76.80% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.37 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYPC
Current User Name: Admin Account
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========


========== Vista Active Application Exception List ==========

{22C343E6-2F63-45D4-BF79-4FD85F20780F} = PROTOCOL=17 | DIR=IN | APP=C:\RUARIDH ANGUS MUSIC\LIMEWIRE\LIMEWIRE.EXE |
{26D74155-A989-4A07-BF6A-B251860CAD0F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{2B485A54-9766-4D11-9606-31A5462BCAAE} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
{38F83984-4054-4481-8A5B-AA1AC5A0A495} = PROTOCOL=6 | DIR=IN | APP=C:\FROM OLD PC\LIMEWIRE\LIMEWIRE.EXE |
{58A6AFA9-1528-4C91-819E-5D6596B15E23} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{838BD606-9AD2-4045-8B9B-67E8098AF199} = PROTOCOL=17 | DIR=IN | APP=C:\FROM OLD PC\LIMEWIRE\LIMEWIRE.EXE |
{8CAAA9C3-CA5E-4669-9DE6-BD6AA4185C90} = PROTOCOL=6 | DIR=IN | APP=C:\RUARIDH ANGUS MUSIC\LIMEWIRE\LIMEWIRE.EXE |
{99307D78-24A6-4B6E-A4F4-FB5AEA4B6B98} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{D64E5A25-1FC3-4828-A1DF-E03965E787ED} = DIR=IN | APP=C:\PROGRAM FILES\AVG\AVG8\AVGUPD.EXE |
{E2C53210-03A0-4099-B0A7-BED568527F06} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{31A941FE-277D-44DF-B394-F4BCADE973F0}C:\program files\real\realplayer\realplay.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE |
TCP Query User{3EEEAB8F-9755-440E-889D-61756E2CACC8}K:\limewire\limewire.exe = PROTOCOL=6 | DIR=IN | APP=K:\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{82AB979A-F122-4A1D-8FAE-BBA7BA7D1088}C:\program files\itunes\itunes.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
TCP Query User{85D7F78B-77EC-4A4E-99A9-B2234A2A34BF}C:\program files\simplify media\simplifymedia.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SIMPLIFY MEDIA\SIMPLIFYMEDIA.EXE |
TCP Query User{A58A3AA5-4658-46CB-AF54-DBA3F34ACF49}C:\program files\internet explorer\iexplore.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
TCP Query User{CC67D09D-9703-472C-9C45-702B0AC95F6B}C:\program files\skype\phone\skype.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
UDP Query User{06B78CDF-D37D-456D-B004-ED410E839BC2}C:\program files\real\realplayer\realplay.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE |
UDP Query User{653DF6FB-3603-40B6-B63B-3A21C7156EF0}C:\program files\itunes\itunes.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
UDP Query User{81A8DF4F-2A85-492A-91A0-74D86A6313EE}K:\limewire\limewire.exe = PROTOCOL=17 | DIR=IN | APP=K:\LIMEWIRE\LIMEWIRE.EXE |
UDP Query User{91FD1072-F196-4CB2-BBDA-25FB062B9CF9}C:\program files\skype\phone\skype.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
UDP Query User{B1DCC9DE-DBA3-40D5-82F7-AB52F03E1158}C:\program files\simplify media\simplifymedia.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SIMPLIFY MEDIA\SIMPLIFYMEDIA.EXE |
UDP Query User{BE91BF46-29BB-4814-8AA0-3CD8DD377B6E}C:\program files\internet explorer\iexplore.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9491C880-1C35-11DE-97B2-005056806466}" = Google Earth Plugin
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009)
"DVD Shrink_is1" = DVD Shrink 3.1.4
"ElsaWin" = ElsaWin
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Nomad MuVo TX" = NOMAD MuVo TX
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"ST6UNST #1" = DTAwin
"Stickies 6.0c" = Stickies 6.0c
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/05/2009 11:17:58 | Computer Name = StudyPC | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly. (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

Error - 20/05/2009 04:31:04 | Computer Name = StudyPC | Source = VSS | ID = 8194
Description =

Error - 20/05/2009 04:31:25 | Computer Name = StudyPC | Source = VSS | ID = 8194
Description =

Error - 21/05/2009 12:12:49 | Computer Name = StudyPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18226, time stamp
0x49ac95d6, faulting module avgssie.dll, version 8.5.0.310, time stamp 0x49d0dbd0,
exception code 0xc0000005, fault offset 0x00028b8f, process id 0x18cc, application
start time 0x01c9d8a2f34114c0.

Error - 21/05/2009 14:04:10 | Computer Name = StudyPC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18226 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 24b0 Start Time: 01c9da3dc39b87e0 Termination Time: 53

Error - 26/05/2009 04:45:32 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = Failed to QueryValue.: Key:SOFTWARE\Volkswagen AG\LcSvrKds\Settings,
Name:DSN.

Error - 26/05/2009 04:45:32 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = CMapKdNrStammbuch::OpenDatabase - 80004005. Description: Unspecified
error

Error - 26/05/2009 04:45:32 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = D:\VSS60\projects\ole server\service\LcSvrKds\mapkds.cpp, (86): failed
to open database

Error - 27/05/2009 09:21:51 | Computer Name = StudyPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18226, time stamp
0x49ac95d6, faulting module avgssie.dll, version 8.5.0.310, time stamp 0x49d0dbd0,
exception code 0xc0000005, fault offset 0x00028b8f, process id 0x2284, application
start time 0x01c9deaf77f49310.

Error - 31/05/2009 05:02:05 | Computer Name = StudyPC | Source = Application Hang | ID = 1002
Description = The program spotify.exe version 0.3.15.16797 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17f4 Start Time: 01c9dddf1c02d786 Termination Time: 68

[ Media Center Events ]
Error - 17/04/2008 04:20:43 | Computer Name = StudyPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 25/05/2008 20:00:23 | Computer Name = StudyPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 01/06/2009 04:38:23 | Computer Name = StudyPC | Source = Service Control Manager | ID = 7022
Description =

Error - 02/06/2009 12:20:47 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 02/06/2009 12:22:35 | Computer Name = StudyPC | Source = Service Control Manager | ID = 7022
Description =

Error - 03/06/2009 03:16:41 | Computer Name = StudyPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 0019D1E09C69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/06/2009 03:16:42 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 03/06/2009 03:18:21 | Computer Name = StudyPC | Source = Service Control Manager | ID = 7022
Description =

Error - 03/06/2009 04:43:57 | Computer Name = StudyPC | Source = Service Control Manager | ID = 7011
Description =

Error - 04/06/2009 08:03:33 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 04/06/2009 08:05:13 | Computer Name = StudyPC | Source = Service Control Manager | ID = 7022
Description =

Error - 04/06/2009 13:40:13 | Computer Name = StudyPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 0019D1E09C69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Edited by Davesport, 04 June 2009 - 04:58 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 04 June 2009 - 04:21 PM

Hi Dave,

Scotland is a beautiful country with a rich history.

Posting two logs from two systems creates confusion for both of us. Handling two systems simultaneously makes the malware removal or troubleshooting much more complicated than it already is. Before we proceed pleas edit your post. Leave the logs of related to the original issue you have started the topic for and remove the rest. You may later on start a separate topic for the other one. I didn't edit your post and thought you may do it yourself. Thank you.

#5 Davesport

Davesport
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 June 2009 - 04:59 PM

Hi again Farbar.

I've edited my post to delete the entries from my Laptop.

Regards Dave.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 04 June 2009 - 05:58 PM

Thank you for editing the post Dave.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions

Please tell me if you have a flash driver? It might be infected and we have to make sure it is disinfected. But we will doe it the next round.
  • Empty all p2p (LimeWire) download folder. It might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.


  • You want to uninstall this preinstalled application coming with Dell computer as it is installed without the consent of the users and many have objections to the commercial and advertising nature of it: URL Assistant

  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      :otl
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
      O33 - MountPoints2\{9fc17f48-32b5-11dc-a14a-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{9fc17f48-32b5-11dc-a14a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\gdistart.exe -- File not found
      O33 - MountPoints2\{ee828ec6-3ba1-11de-8ac5-0007617e5cad}\Shell - "" = AutoRun
      O33 - MountPoints2\{ee828ec6-3ba1-11de-8ac5-0007617e5cad}\Shell\AutoRun\command - "" = L:\loader.exe -- File not found
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • We are not done yet as we have to scan the system for any possible hidden malware. But tell me if you see any difference in how Internet Explorer is running after OTL fix.


#7 Davesport

Davesport
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 07 June 2009 - 01:31 PM

Good evening Farbar.

I do have several flash drives. 4 in total.

So far I've

1 Emptied the Limewire download folder.
2 Disabled teatimer
3 Run the Resetteatimer.exe
4 Ran the OTL fix with the script you supplied.

I can now view the websites in question. IE looks like it's running quite quickly again.

Would it be possible for us to see this process through as I'd like to uninstall Limewire & any other software that's slowing my computer down. There seem to be lots of processes running that I know nothing about.

Many thanks, Dave.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 07 June 2009 - 01:40 PM

Great news and thanks for the detailed feedback. :thumbup2:
You may uninstall LimeWhire now.
We are going to make sure the computer is clean then we can attend any remaining issues or wishes.
Please copy and paste the OTL log to your reply.

#9 Davesport

Davesport
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 07 June 2009 - 02:15 PM

Hi Farbar.

Immediately after I wrote my last reply to you my PC has started behaving strangely. Firstly I have completely lost all connectivity from my PC to the router. I can't access anything outside the PC which is connected via a LAN cable. I have no internet access, mail or access to my router from my PC. Secondly, Windows is taking about five minutes to boot up which is not normal for my system. I get the welcome screen & then the screen turns blue for a couple of minutes before going to the usual desktop.

I did'nt save the OTL log (my mistake) & if it's required I'll have to run OTL with your script again.

Regards Dave.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 07 June 2009 - 02:55 PM

No need to run OTL once again.
We are going to restore the internet connection.

Download LSPFix-3.zip to a convenient location and unzip the file.
  • Please double-click LSPFix.exe.
  • Please let me know what you see under the Keep section. Let me also now if there is anything under the Remove section.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 07 June 2009 - 05:01 PM

From the PM: The System Restore is used.

My apology for any inconvenience.
Please run OTL and post the log it creates to see the current condition of the computer before proceeding.

#12 Davesport

Davesport
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 07 June 2009 - 05:11 PM

Hi Farbar. Below are the latest OLT logs.

OTL logfile created on: 07/06/2009 23:04:21 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Admin Account\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 42.97% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.12 Gb Total Space | 449.66 Gb Free Space | 76.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.37 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYPC
Current User Name: Admin Account
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/07/20 01:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/20 13:57:32 | 00,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2009/06/01 09:32:16 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/15 09:57:01 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/07 15:59:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2007/03/21 13:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2003/03/13 16:46:14 | 00,122,963 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2003/03/13 16:38:18 | 00,221,267 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe
PRC - [2009/05/20 09:31:25 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2003/03/13 16:42:16 | 00,180,307 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe
PRC - [2003/03/13 16:51:50 | 00,073,811 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrKdS.exe
PRC - [2003/03/13 17:06:46 | 00,348,243 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe
PRC - [2007/07/20 01:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2007/07/20 01:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFHost.exe
PRC - [2008/01/19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/15 10:37:02 | 00,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2007/03/21 13:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/05 11:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007/09/26 14:42:04 | 00,267,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/10/26 09:22:47 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/07/25 17:02:54 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 17:06:30 | 02,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2009/05/15 09:57:03 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/02/20 13:58:44 | 00,053,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2007/02/08 06:16:24 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2009/04/29 16:38:26 | 00,188,728 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/11/06 12:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Ruaridh Angus Music\ZEN Media Explorer\CTCheck.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/06/01 09:32:17 | 00,518,488 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2007/07/17 12:03:38 | 00,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2008/01/19 08:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/02/20 13:29:00 | 00,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/03/09 00:28:19 | 00,700,416 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2008/01/19 08:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/01/11 19:15:00 | 00,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
PRC - [2007/07/25 17:02:32 | 00,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2008/01/19 08:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2003/03/13 16:41:44 | 01,376,339 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/05 10:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/01/19 08:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/03/03 05:40:22 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/03 05:40:22 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/01/19 08:33:37 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2009/06/07 23:04:13 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Account\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/15 09:57:01 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/01/05 12:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/19 12:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/05 12:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/07 15:59:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98934b3b973f0 [Auto | Stopped])
SRV - [2009/03/24 22:06:21 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2007/03/21 13:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/05 12:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/01 09:32:16 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/02/20 13:57:32 | 00,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ [Auto | Running])
SRV - [2003/03/13 16:46:14 | 00,122,963 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm [Auto | Running])
SRV - [2003/03/13 16:41:44 | 01,376,339 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf [On_Demand | Running])
SRV - [2003/03/13 16:38:18 | 00,221,267 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba [Auto | Running])
SRV - [2003/03/13 16:42:16 | 00,180,307 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis [Auto | Running])
SRV - [2003/03/13 16:51:50 | 00,073,811 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrKdS.exe -- (LcSvrKds [Auto | Running])
SRV - [2003/03/13 17:06:46 | 00,348,243 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS [Auto | Start_Pending])
SRV - [2007/07/20 01:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2007/07/20 01:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/07/20 01:42:30 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/01/05 12:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Running])
SRV - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2007/03/26 14:06:24 | 00,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2007/07/15 18:24:04 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/05/15 09:57:06 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/15 09:57:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/07/15 18:24:04 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2008/01/19 05:25:05 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Running])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/06/19 12:06:16 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2005/02/11 12:19:20 | 00,055,216 | ---- | M] (MCCI) -- C:\Windows\system32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])
DRV - [2009/05/14 09:32:38 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2007/01/11 19:15:06 | 00,032,272 | ---- | M] (Logitech, Inc.) -- C:\Windows\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007/01/11 19:15:16 | 00,032,528 | ---- | M] (Logitech, Inc.) -- C:\Windows\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007/07/20 01:37:56 | 02,109,592 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/07/20 01:39:50 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Running])
DRV - [2007/07/18 18:42:42 | 00,025,624 | ---- | M] () -- C:\Windows\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/07/19 01:44:00 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2007/09/17 09:07:00 | 07,624,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/07/19 01:39:15 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007/07/19 01:39:15 | 01,278,104 | ---- | M] (Logitech Inc.) -- C:\Windows\system32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 08:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2007/04/23 14:54:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115mdfl.sys -- (s115mdfl [On_Demand | Stopped])
DRV - [2007/04/23 14:54:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115mdm.sys -- (s115mdm [On_Demand | Stopped])
DRV - [2007/04/23 14:54:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115mgmt.sys -- (s115mgmt [On_Demand | Stopped])
DRV - [2007/04/23 14:54:50 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s115obex.sys -- (s115obex [On_Demand | Stopped])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2005/11/04 11:06:52 | 00,048,640 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2007/02/08 06:16:26 | 00,647,680 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 06:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/07/15 18:24:04 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\S-1-5-21-1322409805-2538862180-448290080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.co.uk"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/07 21:41:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/07 21:41:57 | 00,000,000 | ---D | M]

[2009/04/24 07:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 07:00:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

O1 HOSTS File: (306011 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 10537 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTCheck] C:\Ruaridh Angus Music\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe File not found
O4 - HKLM..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" ()
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Ruaridh Angus Music\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1322409805-2538862180-448290080-1000\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1233846894867 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://eilandonan.remotemanager.co.uk/comm...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} http://64.21.226.243/activex/decoder/intel_mpeg4_dec.cab (CAxMP4Dec Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9fc17f48-32b5-11dc-a14a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9fc17f48-32b5-11dc-a14a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\gdistart.exe -- File not found
O33 - MountPoints2\{adce21b6-7841-11dd-a151-0007617e5cad}\Shell\AutoRun\command - "" = C:\Windows\system32\setupSNK.exe -- [2008/01/19 08:33:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ee828ec6-3ba1-11de-8ac5-0007617e5cad}\Shell - "" = AutoRun
O33 - MountPoints2\{ee828ec6-3ba1-11de-8ac5-0007617e5cad}\Shell\AutoRun\command - "" = L:\loader.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/07 23:04:04 | 00,000,000 | R--D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/07 23:04:00 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Admin Account\Desktop\OTL.exe
[2009/06/07 19:20:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/04 17:12:04 | 00,000,000 | ---D | C] -- C:\Users\Admin Account\AppData\Roaming\Mozilla
[2009/06/04 17:11:59 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/04 17:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/06/03 09:57:39 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin Account\Desktop\HijackThis.exe
[2009/06/03 09:53:53 | 00,000,000 | ---D | C] -- C:\HiJack this
[2009/05/22 23:05:11 | 00,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/05/14 09:50:51 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/05/14 09:33:00 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/05/14 09:32:51 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/05/14 09:32:50 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/05/14 09:31:38 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/14 09:31:37 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/05/14 09:31:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/13 21:45:41 | 00,000,280 | -HS- | C] () -- C:\Users\Public\Documents\desktop.ini
[2008/09/29 11:01:45 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/12/22 19:11:17 | 00,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/07/18 18:42:42 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/07/18 16:11:49 | 00,001,008 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/07 20:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Files - Modified Within 30 Days ==========

[2009/06/07 23:04:13 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Account\Desktop\OTL.exe
[2009/06/07 22:39:53 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/07 22:39:53 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/07 22:35:57 | 00,002,485 | ---- | M] () -- C:\Users\Admin Account\Desktop\Microsoft AutoRoute 2007.lnk
[2009/06/07 22:05:29 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/07 22:05:29 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/07 22:05:29 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/07 22:03:43 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/06/07 21:59:50 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/06/07 21:59:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/07 21:59:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/07 21:59:29 | 21,453,08672 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/07 21:52:04 | 00,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/07 21:45:21 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB6493F5-916B-4DEF-8EA0-9F6A6B0813EE}.job
[2009/06/07 21:44:47 | 36,902,655 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/07 21:44:47 | 00,065,301 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/04 17:30:56 | 00,002,595 | ---- | M] () -- C:\Users\Admin Account\Desktop\Microsoft Word.lnk
[2009/06/04 17:11:59 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/01 09:52:00 | 00,001,672 | ---- | M] () -- C:\Users\Admin Account\Desktop\CCleaner.lnk
[2009/06/01 09:33:00 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/05/31 15:17:00 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/05/22 23:05:11 | 00,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/05/15 09:57:07 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/05/15 09:57:06 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/05/15 09:57:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/05/14 09:32:45 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/05/14 09:32:38 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/05/14 09:31:37 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/05/14 09:23:58 | 00,001,057 | ---- | M] () -- C:\Users\Admin Account\Desktop\Spybot - Search & Destroy.lnk
[2009/05/13 21:45:41 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Admin Account\Documents\Talktalk:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin Account\Documents\HYMER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin Account\Documents\Caterham:Roxio EMC Stream
< End of report >


OTL Extras logfile created on: 07/06/2009 23:04:21 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Admin Account\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 42.97% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.12 Gb Total Space | 449.66 Gb Free Space | 76.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.37 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDYPC
Current User Name: Admin Account
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1322409805-2538862180-448290080-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========


========== Vista Active Application Exception List ==========

{22C343E6-2F63-45D4-BF79-4FD85F20780F} = PROTOCOL=17 | DIR=IN | APP=C:\RUARIDH ANGUS MUSIC\LIMEWIRE\LIMEWIRE.EXE |
{26D74155-A989-4A07-BF6A-B251860CAD0F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{2B485A54-9766-4D11-9606-31A5462BCAAE} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
{38F83984-4054-4481-8A5B-AA1AC5A0A495} = PROTOCOL=6 | DIR=IN | APP=C:\FROM OLD PC\LIMEWIRE\LIMEWIRE.EXE |
{58A6AFA9-1528-4C91-819E-5D6596B15E23} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{838BD606-9AD2-4045-8B9B-67E8098AF199} = PROTOCOL=17 | DIR=IN | APP=C:\FROM OLD PC\LIMEWIRE\LIMEWIRE.EXE |
{8CAAA9C3-CA5E-4669-9DE6-BD6AA4185C90} = PROTOCOL=6 | DIR=IN | APP=C:\RUARIDH ANGUS MUSIC\LIMEWIRE\LIMEWIRE.EXE |
{99307D78-24A6-4B6E-A4F4-FB5AEA4B6B98} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{D64E5A25-1FC3-4828-A1DF-E03965E787ED} = DIR=IN | APP=C:\PROGRAM FILES\AVG\AVG8\AVGUPD.EXE |
{E2C53210-03A0-4099-B0A7-BED568527F06} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{31A941FE-277D-44DF-B394-F4BCADE973F0}C:\program files\real\realplayer\realplay.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE |
TCP Query User{3EEEAB8F-9755-440E-889D-61756E2CACC8}K:\limewire\limewire.exe = PROTOCOL=6 | DIR=IN | APP=K:\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{82AB979A-F122-4A1D-8FAE-BBA7BA7D1088}C:\program files\itunes\itunes.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
TCP Query User{85D7F78B-77EC-4A4E-99A9-B2234A2A34BF}C:\program files\simplify media\simplifymedia.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SIMPLIFY MEDIA\SIMPLIFYMEDIA.EXE |
TCP Query User{A58A3AA5-4658-46CB-AF54-DBA3F34ACF49}C:\program files\internet explorer\iexplore.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
TCP Query User{CC67D09D-9703-472C-9C45-702B0AC95F6B}C:\program files\skype\phone\skype.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
UDP Query User{06B78CDF-D37D-456D-B004-ED410E839BC2}C:\program files\real\realplayer\realplay.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE |
UDP Query User{653DF6FB-3603-40B6-B63B-3A21C7156EF0}C:\program files\itunes\itunes.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
UDP Query User{81A8DF4F-2A85-492A-91A0-74D86A6313EE}K:\limewire\limewire.exe = PROTOCOL=17 | DIR=IN | APP=K:\LIMEWIRE\LIMEWIRE.EXE |
UDP Query User{91FD1072-F196-4CB2-BBDA-25FB062B9CF9}C:\program files\skype\phone\skype.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
UDP Query User{B1DCC9DE-DBA3-40D5-82F7-AB52F03E1158}C:\program files\simplify media\simplifymedia.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SIMPLIFY MEDIA\SIMPLIFYMEDIA.EXE |
UDP Query User{BE91BF46-29BB-4814-8AA0-3CD8DD377B6E}C:\program files\internet explorer\iexplore.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9491C880-1C35-11DE-97B2-005056806466}" = Google Earth Plugin
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009)
"DVD Shrink_is1" = DVD Shrink 3.1.4
"ElsaWin" = ElsaWin
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Nomad MuVo TX" = NOMAD MuVo TX
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"ST6UNST #1" = DTAwin
"Stickies 6.0c" = Stickies 6.0c
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/06/2009 04:36:53 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = D:\VSS60\projects\ole server\service\LcSvrKds\mapkds.cpp, (86): failed
to open database

Error - 02/06/2009 12:21:04 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = Failed to QueryValue.: Key:SOFTWARE\Volkswagen AG\LcSvrKds\Settings,
Name:DSN.

Error - 02/06/2009 12:21:04 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = CMapKdNrStammbuch::OpenDatabase - 80004005. Description: Unspecified
error

Error - 02/06/2009 12:21:04 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = D:\VSS60\projects\ole server\service\LcSvrKds\mapkds.cpp, (86): failed
to open database

Error - 02/06/2009 12:26:44 | Computer Name = StudyPC | Source = Application Hang | ID = 1002
Description = The program SDUpdate.exe version 1.6.0.12 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14ac Start Time: 01c9e39e90fe0b24 Termination Time: 10

Error - 02/06/2009 12:27:42 | Computer Name = StudyPC | Source = Application Hang | ID = 1002
Description = The program SDUpdate.exe version 1.6.0.12 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1300 Start Time: 01c9e39ef24637e4 Termination Time: 5

Error - 02/06/2009 16:57:49 | Computer Name = StudyPC | Source = Google Update | ID = 20
Description =

Error - 03/06/2009 03:16:52 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = Failed to QueryValue.: Key:SOFTWARE\Volkswagen AG\LcSvrKds\Settings,
Name:DSN.

Error - 03/06/2009 03:16:52 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = CMapKdNrStammbuch::OpenDatabase - 80004005. Description: Unspecified
error

Error - 03/06/2009 03:16:52 | Computer Name = StudyPC | Source = LCSVRKDS | ID = 1
Description = D:\VSS60\projects\ole server\service\LcSvrKds\mapkds.cpp, (86): failed
to open database

[ Media Center Events ]
Error - 17/04/2008 04:20:43 | Computer Name = StudyPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 25/05/2008 20:00:23 | Computer Name = StudyPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 07/06/2009 14:42:18 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 07/06/2009 14:46:10 | Computer Name = StudyPC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 07/06/2009 14:55:49 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 07/06/2009 14:55:49 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 07/06/2009 14:59:38 | Computer Name = StudyPC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 07/06/2009 16:43:06 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 07/06/2009 16:43:52 | Computer Name = StudyPC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.59.659.0 Loading engine version: 1.1.4701.0

Error - 07/06/2009 16:44:59 | Computer Name = StudyPC | Source = Service Control Manager | ID = 7022
Description =

Error - 07/06/2009 16:59:37 | Computer Name = StudyPC | Source = HTTP | ID = 15016
Description =

Error - 07/06/2009 17:01:32 | Computer Name = StudyPC | Source = Service Control Manager | ID = 7022
Description =


< End of report >


Many thanks Dave.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 07 June 2009 - 05:31 PM

So with using the System Restore it is all the same as before the fix.

I see you have used Bonjour before, I don't see it any more on the list of programs. It has left an entry behind causing some problems with internet connection. I tried to get rid of it first. You may have to leave with the situation for a while until the system is cleaner. Then we fix the entry with a special tool for this kind of problem. OTL should do it but we don't use it again to fix anything. :thumbup2:

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll File not foundYou have to leave with

++++++++++++++++

Your computer is infected with a flash drive infection. This type of infection gets usually carried over through removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Please make sure you have your removable devices ready to disinfect. Don't connect them yet.

  • Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection

    Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore


    Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Turn of the auto-protect or resident-shield of your antivirus.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning which takes only a few seconds and then exit the program.
  • Reboot your computer when done.
Note 1:Please temporarily disable your anti-virus program before downloading this tool as it can be falsely flagged as malware: How to disable anti-virus programs
Note 2: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


#14 Davesport

Davesport
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 07 June 2009 - 06:22 PM

Hi Farbar.

Yes, everything apart from the weblinks appear to be working correctly. I assume we can address this later ?

What I've done so far.

1 Disabled all Autoplay functions for all media types on all my drives. IE no autoplay for anything.
2 Downloaded the Flash disinfector
3 Disabled Resident Shield in AVG 8.5
4 Ran the Flash disinfector on my USB drives
5 Rebooted my PC
6 re activated Resident Shiels in AVG

Many thanks, Dave.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:35 AM

Posted 07 June 2009 - 06:40 PM

Well done Dave and thanks for the detailed feedback. :thumbup2:

Yes, everything apart from the weblinks appear to be working correctly. I assume we can address this later


Yes sure we do, after this and the next round.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users