Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yoog and Blueskyadagency malware


  • Please log in to reply

#16
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I ran the software it said no virus found so it never popup a report
  • 0

Advertisements


#17
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay please run the OTList program again just like before and attach those logs please.
  • 0

#18
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTListIt logfile created on: 3/7/2009 2:07:40 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\Administrator\Desktop\Maintenance
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 562.89 Mb Available Physical Memory | 55.01% Memory free
2.41 Gb Paging File | 2.13 Gb Available in Paging File | 88.53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.74 Gb Total Space | 72.63 Gb Free Space | 50.88% Space Free | Partition Type: NTFS
Drive D: | 6.29 Gb Total Space | 1.12 Gb Free Space | 17.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 245.73 Mb Total Space | 60.59 Mb Free Space | 24.66% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-ULCUXRPJZF
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\ehome\ehRec.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe ()
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Documents and Settings\Administrator\Desktop\Maintenance\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor6.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Unknown | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (ScsiAccess [Auto | Running]) -- C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe ()
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Stopped]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (GRISOFT, s.r.o.)
DRV - (AvgTdiX [Auto | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CamDrL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (CX23880 [Auto | Running]) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CX88ENC [Auto | Running]) -- C:\WINDOWS\system32\drivers\cx88enc.sys (Conexant Systems, Inc.)
DRV - (CX88XBAR [Auto | Running]) -- C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys (Conexant Systems, Inc.)
DRV - (CXTUNE [Auto | Running]) -- C:\WINDOWS\system32\drivers\CX88TUNE.sys (Conexant Systems, Inc.)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS (Sonic Solutions)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResM.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (gmer [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IrBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (Agere Systems)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (MXOFX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MXOFX.SYS (Cypress Semiconductor)
DRV - (MXOPSWD [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (RxFilter [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (uacFlt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\uacflt.sys (Micronas GmbH)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.c...earch.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - presf.js..browser.search.defaulturl: "http://www14.yoog.co.../search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/12 19:01:37 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/05 19:40:19 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/06 20:43:25 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2008/12/15 18:27:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/15 18:27:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions [2009/03/07 13:18:25 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/02/04 19:31:43 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2008/09/06 18:37:14 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/02/27 07:44:29 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2) [2009/02/27 07:44:29 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\[email protected] [2008/01/26 10:44:20 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\[email protected] [2009/02/04 19:31:35 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\[email protected] [2008/09/01 19:46:54 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/07 13:18:25 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/06 20:43:25 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007/06/23 16:57:31 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007/08/24 17:40:39 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2007/12/26 17:53:28 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008/07/13 09:31:25 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/12/12 19:01:57 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Documents and Settings\Administrator\Application Data\AntispywareBot\Quarantine\13-02-2009-06-35-27\0.qit File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} http://learnlinc.sia...ad/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1210073089546 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll (InstallHelper Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll (There Voice Trainer)
O16 - DPF: {8BA1621C-F6E9-47C5-A55D-2F4BAB913B2B} https://barbara.sias...hedCredUtil.cab (Avatier Cached Password Control)
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} http://www.homestead...nd/MSSurVid.cab (SurroundVideoCtrl Object)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} file://c:\Program Files\There\ThereClient\ThereLauncher.dll (There Launcher)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O33 - MountPoints2\{61fed576-9232-11dd-905a-000ea68a2b44}\Shell - "" = AutoRun
O33 - MountPoints2\{61fed576-9232-11dd-905a-000ea68a2b44}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61fed576-9232-11dd-905a-000ea68a2b44}\Shell\AutoRun\command - "" = F:\DTSP_Launcher.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 00,040,960 | -HS- | M] (XSS)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/07 14:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\dogCard
[2009/03/06 20:29:45 | 10,730,74176 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/05 20:14:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Maintenance
[2009/03/05 16:28:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/05 16:28:48 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/05 15:58:52 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/04 19:56:25 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/03/04 19:56:13 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/03/04 19:56:13 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/04 19:56:13 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/04 19:56:11 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/03/04 16:49:08 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegClean.lnk
[2009/03/04 16:46:13 | 34,543,112 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/02/27 10:07:27 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/27 10:07:26 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/27 10:07:25 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/27 10:07:23 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/27 10:07:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/02/27 10:07:23 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/27 10:07:22 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/27 10:07:22 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/27 10:07:07 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/27 10:07:07 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/02/27 09:08:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/02/27 09:08:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/02/27 08:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\CR8
[2009/02/27 07:57:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/02/27 07:41:21 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/27 07:41:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/23 16:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/02/22 09:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/02/22 09:22:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/22 09:22:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/21 16:16:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/02/21 15:32:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2009/02/19 16:54:41 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jean.xls
[2009/02/12 18:28:38 | 17,994,320 | ---- | C] (Photodex Corporation) -- C:\Documents and Settings\Administrator\Desktop\pspro_40_2479.exe
[2009/02/11 19:29:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/11 19:28:22 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2009/02/11 19:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2009/02/11 19:28:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2009/02/11 19:07:49 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$an songs.doc
[2009/02/07 19:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/02/07 19:18:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/02/06 03:39:54 | 00,672,768 | ---- | C] () -- C:\WINDOWS\System32\nsr3F.dll

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/07 12:05:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/07 12:04:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/07 12:04:28 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/06 20:30:26 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/04 20:21:55 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/03/04 19:56:25 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/03/04 19:56:13 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/03/04 19:56:13 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/04 19:56:13 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/04 19:56:02 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/03/04 16:50:47 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job
[2009/03/04 16:49:56 | 34,543,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/03/04 16:49:08 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegClean.lnk
[2009/03/03 16:25:09 | 00,832,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/03/02 06:56:40 | 00,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
[2009/02/28 16:01:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/28 02:06:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/02/27 16:39:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/27 10:07:23 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/27 09:08:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/02/27 08:14:51 | 00,195,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/27 07:56:44 | 00,573,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/21 17:05:44 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/02/19 16:54:41 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jean.xls
[2009/02/19 16:49:07 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Jean songs.doc
[2009/02/19 16:11:50 | 01,019,392 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\winelabel.php
[2009/02/16 21:31:08 | 00,301,056 | ---- | M] () -- C:\WINDOWS\System32\gxcutunrakcpftv.dll
[2009/02/13 14:29:35 | 00,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2009/02/12 18:28:38 | 17,994,320 | ---- | M] (Photodex Corporation) -- C:\Documents and Settings\Administrator\Desktop\pspro_40_2479.exe
[2009/02/12 18:25:21 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/02/11 19:07:49 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$an songs.doc
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/06 22:10:31 | 00,168,448 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JEAN.doc
[2009/02/06 03:39:54 | 00,672,768 | ---- | M] () -- C:\WINDOWS\System32\nsr3F.dll
[2009/02/05 15:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/05 15:08:19 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/05 15:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/05 15:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/05 15:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/05 15:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Manzanillovcd_mpg1_352x240_29970fps_1120000bps_a1_d0_c80_10.mpg:Roxio EMC Stream
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Administrator\My Documents\grams90th.png:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\grams90th.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
< End of report >
  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
    FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
    FF - presf.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
    FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
    33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 00,040,960 | -HS- | M] (XSS)
    
    :files
    C:\WINDOWS\System32\nsr3F.dll
    C:\WINDOWS\System32\gxcutunrakcpftv.dll
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will "Fix Complete" and it will open a log for you, please post that log in your next reply.

  • 0

#20
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I still can not uninstall AVG as I mentioned before. So I have 2 antivirsus software installed.

Im still running the OTList and it is still running thru the AVG software
  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok after you post the OTList it log from my previous instructions, click Here to download the AVG Remover.
Save it to your desktop and double click it to run it.
AFter that post a fresh OT List it log.
  • 0

#22
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTListIt logfile created on: 3/8/2009 2:39:17 PM - Run 8
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\Administrator\Desktop\Maintenance
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 643.43 Mb Available Physical Memory | 62.88% Memory free
2.41 Gb Paging File | 2.09 Gb Available in Paging File | 86.96% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.74 Gb Total Space | 72.49 Gb Free Space | 50.79% Space Free | Partition Type: NTFS
Drive D: | 6.29 Gb Total Space | 1.12 Gb Free Space | 17.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 245.73 Mb Total Space | 47.91 Mb Free Space | 19.50% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-ULCUXRPJZF
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe ()
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\Maintenance\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor6.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Unknown | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (ScsiAccess [Auto | Running]) -- C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe ()
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CamDrL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (CX23880 [Auto | Running]) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CX88ENC [Auto | Running]) -- C:\WINDOWS\system32\drivers\cx88enc.sys (Conexant Systems, Inc.)
DRV - (CX88XBAR [Auto | Running]) -- C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys (Conexant Systems, Inc.)
DRV - (CXTUNE [Auto | Running]) -- C:\WINDOWS\system32\drivers\CX88TUNE.sys (Conexant Systems, Inc.)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS (Sonic Solutions)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResM.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (gmer [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IrBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (Agere Systems)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (MXOFX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MXOFX.SYS (Cypress Semiconductor)
DRV - (MXOPSWD [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (RxFilter [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (uacFlt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\uacflt.sys (Micronas GmbH)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.c...earch.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - presf.js..browser.search.defaulturl: "http://www14.yoog.co.../search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/12 19:01:37 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/07 15:39:02 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/07 15:39:02 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2008/12/15 18:27:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/15 18:27:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions [2009/03/07 13:18:25 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/02/04 19:31:43 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2008/09/06 18:37:14 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/02/27 07:44:29 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2) [2009/02/27 07:44:29 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\[email protected] [2008/01/26 10:44:20 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\[email protected] [2009/02/04 19:31:35 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\4nbh8j12.default\extensions\[email protected] [2008/09/01 19:46:54 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/07 13:18:25 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/07 15:39:02 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007/06/23 16:57:31 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007/08/24 17:40:39 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2007/12/26 17:53:28 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008/07/13 09:31:25 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/12/12 19:01:57 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Documents and Settings\Administrator\Application Data\AntispywareBot\Quarantine\13-02-2009-06-35-27\0.qit File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} http://learnlinc.sia...ad/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1210073089546 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll (InstallHelper Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll (There Voice Trainer)
O16 - DPF: {8BA1621C-F6E9-47C5-A55D-2F4BAB913B2B} https://barbara.sias...hedCredUtil.cab (Avatier Cached Password Control)
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} http://www.homestead...nd/MSSurVid.cab (SurroundVideoCtrl Object)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} file://c:\Program Files\There\ThereClient\ThereLauncher.dll (There Launcher)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O33 - MountPoints2\{61fed576-9232-11dd-905a-000ea68a2b44}\Shell - "" = AutoRun
O33 - MountPoints2\{61fed576-9232-11dd-905a-000ea68a2b44}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61fed576-9232-11dd-905a-000ea68a2b44}\Shell\AutoRun\command - "" = F:\DTSP_Launcher.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 00,040,960 | -HS- | M] (XSS)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/07 14:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\dogCard
[2009/03/06 20:29:45 | 10,730,74176 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/05 20:14:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Maintenance
[2009/03/05 16:28:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/05 16:28:48 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/05 15:58:52 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/04 19:56:25 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/03/04 19:56:13 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/03/04 19:56:13 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/04 19:56:13 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/04 19:56:11 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/03/04 16:49:08 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegClean.lnk
[2009/03/04 16:46:13 | 34,543,112 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/02/27 10:07:27 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/27 10:07:26 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/27 10:07:25 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/27 10:07:23 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/27 10:07:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/02/27 10:07:23 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/27 10:07:22 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/27 10:07:22 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/27 10:07:07 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/27 10:07:07 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/02/27 09:08:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/02/27 09:08:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/02/27 08:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\CR8
[2009/02/27 07:57:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/02/27 07:41:21 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/23 16:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/02/22 09:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/02/22 09:22:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/22 09:22:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/21 16:16:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/02/21 15:32:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2009/02/19 16:54:41 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jean.xls
[2009/02/12 18:28:38 | 17,994,320 | ---- | C] (Photodex Corporation) -- C:\Documents and Settings\Administrator\Desktop\pspro_40_2479.exe
[2009/02/11 19:29:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/11 19:28:22 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2009/02/11 19:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2009/02/11 19:28:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2009/02/11 19:07:49 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$an songs.doc
[2009/02/07 19:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/02/07 19:18:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/08 13:43:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/08 13:42:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/08 13:42:39 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/06 20:30:26 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/04 20:21:55 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/03/04 19:56:25 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/03/04 19:56:13 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/03/04 19:56:13 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/04 19:56:13 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/04 19:56:02 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/03/04 16:50:47 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job
[2009/03/04 16:49:56 | 34,543,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/03/04 16:49:08 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegClean.lnk
[2009/03/03 16:25:09 | 00,832,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/03/02 06:56:40 | 00,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
[2009/02/28 16:01:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/28 02:06:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/02/27 16:39:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/27 10:07:23 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/27 09:08:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/02/27 08:14:51 | 00,195,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/27 07:56:44 | 00,573,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/21 17:05:44 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/02/19 16:54:41 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jean.xls
[2009/02/19 16:49:07 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Jean songs.doc
[2009/02/19 16:11:50 | 01,019,392 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\winelabel.php
[2009/02/16 21:31:08 | 00,301,056 | ---- | M] () -- C:\WINDOWS\System32\gxcutunrakcpftv.dll
[2009/02/13 14:29:35 | 00,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2009/02/12 18:28:38 | 17,994,320 | ---- | M] (Photodex Corporation) -- C:\Documents and Settings\Administrator\Desktop\pspro_40_2479.exe
[2009/02/12 18:25:21 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/02/11 19:07:49 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$an songs.doc
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/06 22:10:31 | 00,168,448 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JEAN.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Manzanillovcd_mpg1_352x240_29970fps_1120000bps_a1_d0_c80_10.mpg:Roxio EMC Stream
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Administrator\My Documents\grams90th.png:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\grams90th.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
< End of report >
  • 0

#23
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
When I run OTLISTIT with the Custom Scans/Fix code it runs then just sites checking manual scans. I let this run over night and still sitting in the same place.
  • 0

#24
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok let's try that again.

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
    FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
    FF - presf.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
    FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
    33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe 
    :files
    C:\WINDOWS\System32\nsr3F.dll
    C:\WINDOWS\System32\gxcutunrakcpftv.dll
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will "Fix Complete" and it will open a log for you, please post that log in your next reply.

  • 0

#25
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I've tried running the OTlist again with the code mentioned above. I left the system running over night and it go any further than Scanning Service OSE which the status at the bottom of the window.
  • 0

Advertisements


#26
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi after you pasted the code in did you hit the Run Fix button or the Run Scan button.
Because it wouldn't be scanning anything with the code that was entered.

It would remove some registry entries and some files.
  • 0

#27
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
========== OTLISTIT ==========

Prefs.js: "Yoog Search" removed from browser.search.defaultenginename

Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
========== FILES ==========
File/Folder C:\WINDOWS\System32\nsr3F.dll not found.
File/Folder C:\WINDOWS\System32\gxcutunrakcpftv.dll not found.

OTListIt2 by OldTimer - Version 2.0.3.4 log created on 03092009_185001


My system won't boot properly or shut down.

I have to go into SafeMode then shut down. Then restart and then it boots fine.
  • 0

#28
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Go to Start >Run type in cmd then hit ok.
THen type in this chkdsk /r /f then hit enter.
Type in Y at the prompt and then restart the computer.
Let it run through this check and then let me know how it goes.
  • 0

#29
mchelle

mchelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ok, so the chdsk ran fine except when it when to restart it just sat there and never rebooted.
  • 0

#30
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok so do things run better now?

What happens with the system now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP