Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yoog and Blueskyadagency [Solved]

Started by Tam2u , May 03 2009 09:08 AM

  • This topic is locked This topic is locked

#1
Tam2u
Posted 03 May 2009 - 09:08 AM

Tam2u

    Member

  • Member
  • PipPipPip
  • 109 posts
I have tried everything in the Spyware and Malware Removal Guide in the forum. still can't seem to get rid of Yoog Search engine and am unable to stop the pop ups from Blueskyadagency. Here are the logs from
Rooter and OTLI


''ROOTER"

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:38130 Mo/Free:2842 Mo)
D:\ [CD-Rom] (Total:300 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:40 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:17 Mo/Free:17 Mo)

Sun 05/03/2009| 7:22

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\WINDOWS\System32\wbem\unsecapp.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Google\Gmail Notifier\gnotify.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ROSEHA~1\My Documents\Desktop\Unused Desktop Shortcuts\MassvePrme303XFORCE\Crack\massivekeygen-win32.rar
C:\DOCUME~1\ROSEHA~1\My Documents\Desktop\Unused Desktop Shortcuts\MassvePrme303XFORCE\Crack\massivekeygen.exe


1 - "C:\Rooter$\Rooter_1.txt" - Thu 04/30/2009|23:13
2 - "C:\Rooter$\Rooter_2.txt" - Sun 05/03/2009| 7:24

----------------------\\ Scan completed at 7:24


"OTListIt"

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:38130 Mo/Free:2842 Mo)
D:\ [CD-Rom] (Total:300 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:40 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:17 Mo/Free:17 Mo)

Sun 05/03/2009| 7:22

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\WINDOWS\System32\wbem\unsecapp.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Google\Gmail Notifier\gnotify.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ROSEHA~1\My Documents\Desktop\Unused Desktop Shortcuts\MassvePrme303XFORCE\Crack\massivekeygen-win32.rar
C:\DOCUME~1\ROSEHA~1\My Documents\Desktop\Unused Desktop Shortcuts\MassvePrme303XFORCE\Crack\massivekeygen.exe


1 - "C:\Rooter$\Rooter_1.txt" - Thu 04/30/2009|23:13
2 - "C:\Rooter$\Rooter_2.txt" - Sun 05/03/2009| 7:24

----------------------\\ Scan completed at 7:24
OTListIt logfile created on: 5/3/2009 7:34:23 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Geek Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 174.56 Mb Available Physical Memory | 45.70% Memory free
731.36 Mb Paging File | 336.65 Mb Available in Paging File | 46.03% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.78 Gb Free Space | 61.19% Space Free | Partition Type: NTFS
Drive D: | 300.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 41.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.59 Mb Total Space | 17.26 Mb Free Space | 98.08% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ITWPROSERVICES
Current User Name: Rose Hagstrom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Geek Tools\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Mhost [Auto | Stopped]) -- C:\Program Files\massive_mhost\mhost.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SABProcEnum [On_Demand | Stopped]) -- C:\WINDOWS\System32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www14.yoog.co.../search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.20
FF - prefs.js..extensions.enabledItems: {f86e6264-e877-5fce-c3e4-8668a7d99da2}:1.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.4.1
FF - prefs.js..extensions.enabledItems: {78533c73-dead-4339-aebb-0ebad9476c6f}:0.2.1
FF - prefs.js..extensions.enabledItems: {dc0a2d4c-21fd-45b6-961b-d882c49d752b}:0.6.0.2
FF - prefs.js..extensions.enabledItems: {b7400dc5-2077-4d79-a9ea-5f24f6a06259}:0.2.0.2
FF - prefs.js..extensions.enabledItems: {36734583-47ba-41ce-8164-a183618253d2}:3.00
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: {47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: {1f052e2a-b7b9-11d9-945f-00e08161165f}:1.8.33
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {224d6e00-0336-11dd-95ff-0800200c9a66}:1.3.5.56
FF - prefs.js..extensions.enabledItems: {1f870b8e-d71f-11db-8314-0800200c9a66}:2.0.2
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.121408
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.48
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:0.4.1
FF - prefs.js..keyword.URL: "http://www14.yoog.co.../search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www14.yoog.co.../search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www14.yoog.co.../search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 22:05:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 16:28:13 | 00,000,000 | ---D | M]

[2008/12/01 18:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Extensions
[2008/12/01 18:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/02 15:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions
[2009/03/17 07:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2008/12/11 17:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2008/12/03 18:43:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{1f052e2a-b7b9-11d9-945f-00e08161165f}
[2008/12/03 18:46:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{1f870b8e-d71f-11db-8314-0800200c9a66}
[2008/12/01 18:18:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{224d6e00-0336-11dd-95ff-0800200c9a66}
[2008/12/18 10:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2008/12/01 18:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{36734583-47ba-41ce-8164-a183618253d2}
[2009/05/02 15:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/12/03 18:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2008/12/03 18:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2009/03/11 17:32:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2009/03/05 19:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/01 18:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{78533c73-dead-4339-aebb-0ebad9476c6f}
[2008/12/01 18:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{843910fe-46fc-4f15-a319-aca2bd71b55d}
[2008/12/01 18:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{8b0bc85b-b7b9-46ad-9cff-2325cc3ca111}
[2008/12/01 18:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{b7400dc5-2077-4d79-a9ea-5f24f6a06259}
[2008/12/01 18:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{b90fa88d-d623-40da-a4eb-7144f85a3139}
[2009/01/19 21:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2008/12/01 18:52:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{dc0a2d4c-21fd-45b6-961b-d882c49d752b}
[2009/02/18 17:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/06 15:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}
[2009/04/09 18:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/17 13:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2008/12/03 18:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/09 18:29:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/03/17 07:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/03/29 16:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2008/12/01 18:52:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/01/01 20:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/03/27 21:51:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/01/01 20:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/09 18:29:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/30 21:39:38 | 00,000,247 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\Application Data\Mozilla\FireFox\Profiles\2axw2227.default\searchplugins\Yoog Search.xml
[2009/05/02 08:04:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 16:28:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/25 13:46:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 11:40:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 16:27:31 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 16:27:31 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/30 02:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 02:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 02:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 02:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 02:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 02:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 02:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (301828 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10429 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll ()
O2 - BHO: (TBSB05288 Class) - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ECO Bar) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [hrlhlqls] "C:\WINDOWS\hrlhlqls.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8 - Extra context menu item: &IE Toolbar search - res://C:\Program Files\411IEToolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: frame.crazywinnings.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: 1 range(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....738&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1123976077921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1173662393033 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/29 09:13:53 | 00,575,080 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 09:13:53 | 00,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 09:13:53 | 00,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/01/04 18:17:30 | 00,000,270 | ---- | M] () - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/02 15:32:31 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/02 15:32:30 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/02 15:32:29 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/02 15:32:27 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/02 15:32:24 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/02 15:32:21 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/02 15:32:20 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/02 15:32:20 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/02 15:32:20 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/02 15:31:41 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/02 15:31:41 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/05/02 15:31:41 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/02 15:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/02 15:05:38 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\avast_home_setup.exe
[2009/05/01 09:38:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\My Received Files
[2009/05/01 08:53:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/01 08:50:42 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/01 08:45:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/01 08:41:08 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/30 23:30:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/30 23:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/30 23:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/30 23:25:13 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/30 23:25:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/30 23:25:11 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/30 23:25:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/30 23:25:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/30 23:25:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/30 23:25:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/30 23:25:04 | 00,000,000 | ---D | C] -- C:\c6e3d8596353b04659e7757f009685
[2009/04/30 23:10:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 22:14:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Geek Tools
[2009/04/30 21:48:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Malwarebytes
[2009/04/30 21:47:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 21:47:45 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 21:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 21:47:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 21:45:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 21:44:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/29 17:17:52 | 00,040,423 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\ITW-Original Master Customer List.wpd
[2009/04/29 17:17:52 | 00,007,680 | -HS- | C] () -- C:\WINDOWS\Thumbs.db
[2009/04/28 15:46:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/28 15:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/04/28 15:46:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/04/28 15:45:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/04/28 15:43:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/26 16:19:57 | 00,001,269 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Max Journal Info.rtf
[2009/04/25 14:54:53 | 00,864,256 | ---- | C] (dti) -- C:\WINDOWS\System32\hrlhlqls.exe
[2009/04/25 14:54:24 | 00,385,024 | ---- | C] () -- C:\WINDOWS\djia6624.exe
[2009/04/25 14:52:21 | 00,227,109 | ---- | C] () -- C:\WINDOWS\qbxku3355.exe
[2009/04/25 14:52:20 | 00,223,009 | ---- | C] () -- C:\WINDOWS\lusfp2133.exe
[2009/04/25 14:09:54 | 00,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2009/04/25 13:53:52 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/04/25 13:51:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/25 13:49:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/25 13:44:56 | 00,075,082 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\12.jpg
[2009/04/22 11:23:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\HTML
[2009/04/21 15:23:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Creative Tools
[2009/04/21 14:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\Text
[2009/04/21 10:39:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Ashampoo
[2009/04/21 10:38:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/04/21 10:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/04/20 21:28:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\pnl
[2009/04/20 15:46:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\QPPriv
[2009/04/19 13:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Apple Computer
[2009/04/19 13:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/19 13:07:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/19 13:05:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/19 13:05:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/17 19:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\Massive
[2009/04/17 19:49:08 | 00,000,008 | ---- | C] () -- C:\WINDOWS\ldf.dat
[2009/04/17 19:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\massive_mhost
[2009/04/15 21:07:24 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 21:07:23 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 21:07:22 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 21:07:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 21:07:20 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 21:07:19 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 21:07:18 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 21:05:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/13 13:07:14 | 00,686,080 | ---- | C] () -- C:\WINDOWS\System32\nsy40.dll
[2009/04/11 14:11:41 | 00,000,776 | -H-- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\.picasa.ini
[2009/04/06 09:38:49 | 00,001,034 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\magicJack.lnk
[2009/03/30 14:46:22 | 00,000,169 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/10 08:18:33 | 00,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/14 12:23:42 | 01,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2009/01/14 12:23:42 | 01,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2009/01/14 12:23:42 | 01,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2009/01/14 12:23:41 | 01,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2009/01/14 12:23:40 | 01,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2009/01/14 12:22:43 | 00,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2009/01/14 12:22:35 | 01,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2009/01/14 12:22:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2009/01/14 12:22:34 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2009/01/14 12:22:33 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2009/01/14 12:22:33 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2009/01/14 12:22:32 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2008/10/13 11:08:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/09/19 15:37:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2008/09/18 13:43:49 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 13:43:48 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/18 13:43:01 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/09/18 13:43:00 | 00,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/09/18 13:40:57 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/09/16 15:19:19 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2007/10/22 20:28:22 | 01,260,072 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/20 19:57:00 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/06/28 23:17:30 | 00,000,640 | ---- | C] () -- C:\WINDOWS\FoldingBooklet.ini
[2006/06/15 07:29:02 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/06/15 07:22:40 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/15 07:19:08 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/08 17:02:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/08 12:20:35 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/02 12:56:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/28 03:19:51 | 00,000,438 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/12/22 13:53:54 | 00,000,562 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/12/17 06:50:54 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2003/11/17 16:15:02 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/10/30 02:28:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/10/30 02:17:46 | 00,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/30 02:02:28 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/30 02:02:02 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/30 01:48:26 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/17 19:00:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2003/02/17 19:00:36 | 00,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2003/02/05 13:11:12 | 00,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/03 06:58:52 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/02 18:00:05 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/05/02 15:36:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/02 15:36:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\Local Settings\DESKTOP.INI
[2009/05/02 15:36:21 | 00,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/02 15:36:20 | 40,062,5664 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/02 15:35:00 | 00,000,562 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/02 15:35:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/05/02 15:35:00 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/05/02 15:32:31 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/02 15:32:20 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/02 15:28:57 | 00,001,034 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\magicJack.lnk
[2009/05/02 15:06:51 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\avast_home_setup.exe
[2009/05/01 09:03:03 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\DESKTOP.INI
[2009/05/01 03:14:55 | 00,536,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/01 03:14:55 | 00,466,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/01 03:14:55 | 00,079,630 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/01 00:13:23 | 01,644,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/29 17:17:52 | 00,040,423 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\ITW-Original Master Customer List.wpd
[2009/04/29 17:17:52 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/29 17:06:59 | 00,037,888 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Thumbs.db
[2009/04/28 08:34:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/27 17:47:59 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/27 17:47:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/27 08:34:46 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/27 08:34:22 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/26 16:19:57 | 00,001,269 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Max Journal Info.rtf
[2009/04/25 14:54:57 | 00,864,256 | ---- | M] (dti) -- C:\WINDOWS\System32\hrlhlqls.exe
[2009/04/25 14:54:27 | 00,385,024 | ---- | M] () -- C:\WINDOWS\djia6624.exe
[2009/04/25 14:52:21 | 00,227,109 | ---- | M] () -- C:\WINDOWS\qbxku3355.exe
[2009/04/25 14:52:21 | 00,223,009 | ---- | M] () -- C:\WINDOWS\lusfp2133.exe
[2009/04/25 14:17:38 | 00,077,824 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Thumbs.db
[2009/04/25 14:09:54 | 00,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2009/04/13 13:07:14 | 00,686,080 | ---- | M] () -- C:\WINDOWS\System32\nsy40.dll
[2009/04/11 14:16:33 | 00,000,776 | -H-- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\.picasa.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\WindowsUpdate.log:kxouet
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\TWUNK_16.EXE:wrahhq
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\TWUNK_16.EXE:kxdjub
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\Rhododendron.bmp:qeqxxb
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\FeatherTexture.bmp:ymfgv
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\EXPLORER.SCF:gbizk
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\BOOTSTAT.DAT:nzcgf
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\VMMREG32.DLL:wplsva
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\TWUNK_16.EXE:zglrxc
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\orun32.isu:teciwt
@Alternate Data Stream - 3547 bytes -> C:\WINDOWS\WINNT.BMP:cyghyd
@Alternate Data Stream - 3547 bytes -> C:\WINDOWS\BOOTSTAT.DAT:eikzng
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\Sti_Trace.log:ftwuh
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\River Sumida.bmp:fudge
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\Rhododendron.bmp:tdkozb
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\REGLOCS.OLD:ttinw
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\DESKTOP.INI:takoc
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\DELLSTAT.INI:wiwlb
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\WIASERVC.LOG:rxvocq
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\VB.INI:lnaahf
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\TWUNK_32.EXE:xsxizu
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\TASKMAN.EXE:oeizap
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\TASKMAN.EXE:lqxplw
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\REGLOCS.OLD:ymysdz
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\orun32.isu:thayjz
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\ODBCINST.INI:idzqay
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\DELL.BMP:ckhetu
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\VBADDIN.INI:sqfyo
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\Soap Bubbles.bmp:grqmc
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\corelpf.lrs:ihzwg
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\CONTROL.INI:lplsf
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\BOOTSTAT.DAT:ilzdc
< End of report >


"Extras"

OTListIt Extras logfile created on: 5/3/2009 7:34:23 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Geek Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 174.56 Mb Available Physical Memory | 45.70% Memory free
731.36 Mb Paging File | 336.65 Mb Available in Paging File | 46.03% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.78 Gb Free Space | 61.19% Space Free | Partition Type: NTFS
Drive D: | 300.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 41.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.59 Mb Total Space | 17.26 Mb Free Space | 98.08% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ITWPROSERVICES
Current User Name: Rose Hagstrom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application (Ipswitch, Inc. 81 Hartwell Ave. Lexington MA)
C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer File not found
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service File not found
C:\Program Files\Common Files\AOL\1221670493\ee\aolsoftware.exe:*:Enabled:AOL Shared Components File not found
C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information File not found
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 (Macromedia, Inc.)
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe:*:Enabled:BrMfcWnd File not found
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe:*:Enabled:BrMfcMon File not found
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe:*:Enabled:BrMfimon File not found
C:\Program Files\Brother\Brmfl06a\FAXRX.exe:*:Enabled:FAXRX File not found
C:\Program Files\Brother\Brmfl06a\AddrBook.exe:*:Enabled:AddrBook File not found
C:\Program Files\Brother\Brmfl06a\Para_USB\brqikmon.exe:*:Enabled:brqikmon File not found
C:\Program Files\Brother\Brmfl06a\BrScUtil.exe:*:Enabled:Scanner Utility File not found
C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe:*:Enabled:BrCtrCen File not found
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe:*:Enabled:BrccMCtl File not found
C:\Program Files\ScanSoft\PaperPort\PaprPort.exe:*:Enabled:PaprPort File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox (Mozilla Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Computer, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\massive_mhost\mhost.exe:LocalSubNet:Enabled:Mhost ()
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Documents and Settings\Rose Hagstrom\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22CF42D-023D-4A7B-9033-802F666F6F44}" = MyDeluxeInvoices & Estimates 5.5.0.0
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Apophysis 2.0" = Apophysis 2.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"avast!" = avast! Antivirus
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"GoldWave v5.23" = GoldWave v5.23
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"massive_prime" = massive_prime 3.0.3
"Mhost" = Mhost 3.0.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSnap 3" = MWSnap 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealOne Player
"Shockwave" = Shockwave
"Textaizer Pro_is1" = Textaizer Pro v3.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2008 7:58:47 AM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application magicJack.exe, version 1.80.451.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2008 8:29:04 AM | Computer Name = ITWPROSERVICES | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ROSE HAGSTROM\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/28/2008 12:00:44 AM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application Picasa3.exe, version 3.0.57.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/28/2008 11:38:17 PM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application Picasa3.exe, version 3.0.57.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/2/2008 8:48:03 PM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 10:40:31 PM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application Picasa3.exe, version 3.0.57.44, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2008 1:19:37 PM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2008 1:19:37 PM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2008 1:19:37 PM | Computer Name = ITWPROSERVICES | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/13/2008 8:56:19 AM | Computer Name = ITWPROSERVICES | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ROSE HAGSTROM\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 4/26/2009 9:46:04 AM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 4/26/2009 9:46:30 AM | Computer Name = ITWPROSERVICES | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/28/2009 3:54:25 PM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 4/29/2009 8:11:43 AM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 4/30/2009 8:41:16 AM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 4/30/2009 10:08:56 PM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 5/1/2009 12:13:05 AM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 5/1/2009 9:04:28 AM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 5/2/2009 3:27:20 PM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).

Error - 5/2/2009 3:37:33 PM | Computer Name = ITWPROSERVICES | Source = Service Control Manager | ID = 7034
Description = The Mhost service terminated unexpectedly. It has done this 1 time(s).


< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 03 May 2009 - 10:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..keyword.URL: "http://www14.yoog.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www14.yoog.com/search.php?q="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [hrlhlqls] "C:\WINDOWS\hrlhlqls.exe" File not found
[2009/04/25 14:54:53 | 00,864,256 | ---- | C] (dti) -- C:\WINDOWS\System32\hrlhlqls.exe
[2009/04/25 14:54:24 | 00,385,024 | ---- | C] () -- C:\WINDOWS\djia6624.exe
[2009/04/25 14:52:21 | 00,227,109 | ---- | C] () -- C:\WINDOWS\qbxku3355.exe
[2009/04/25 14:52:20 | 00,223,009 | ---- | C] () -- C:\WINDOWS\lusfp2133.exe
[2009/04/25 14:09:54 | 00,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\WindowsUpdate.log:kxouet
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\TWUNK_16.EXE:wrahhq
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\TWUNK_16.EXE:kxdjub
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\Rhododendron.bmp:qeqxxb
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\FeatherTexture.bmp:ymfgv
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\EXPLORER.SCF:gbizk
@Alternate Data Stream - 7305 bytes -> C:\WINDOWS\BOOTSTAT.DAT:nzcgf
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\VMMREG32.DLL:wplsva
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\TWUNK_16.EXE:zglrxc
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\orun32.isu:teciwt
@Alternate Data Stream - 3547 bytes -> C:\WINDOWS\WINNT.BMP:cyghyd
@Alternate Data Stream - 3547 bytes -> C:\WINDOWS\BOOTSTAT.DAT:eikzng
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\Sti_Trace.log:ftwuh
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\River Sumida.bmp:fudge
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\Rhododendron.bmp:tdkozb
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\REGLOCS.OLD:ttinw
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\DESKTOP.INI:takoc
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\DELLSTAT.INI:wiwlb
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\WIASERVC.LOG:rxvocq
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\VB.INI:lnaahf
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\TWUNK_32.EXE:xsxizu
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\TASKMAN.EXE:oeizap
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\TASKMAN.EXE:lqxplw
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\REGLOCS.OLD:ymysdz
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\orun32.isu:thayjz
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\ODBCINST.INI:idzqay
@Alternate Data Stream - 11592 bytes -> C:\WINDOWS\DELL.BMP:ckhetu
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\VBADDIN.INI:sqfyo
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\Soap Bubbles.bmp:grqmc
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\corelpf.lrs:ihzwg
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\CONTROL.INI:lplsf
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\BOOTSTAT.DAT:ilzdc

:Services

:Reg

:Files
C:\DOCUME~1\ROSEHA~1\My Documents\Desktop\Unused Desktop Shortcuts\MassvePrme303XFORCE\Crack

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time, and don't run the Custom Scan )

  • 0

#3
Tam2u
Posted 03 May 2009 - 03:42 PM

Tam2u

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
I am trying but it does not seem to want to run. Before I do something that might be wrong thought I should come back here and ask. Would it help if i tried doing this in safe mode or am I just not giving it enough time to run? I pasted that whole code and hit the Run Fix, I left and went to run some errands I get back 2 1/2 hours later it is still at this line
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
which is like line 4 and says Not Responding. Maybe I am just not doing it right.
  • 0

#4
Rorschach112
Posted 03 May 2009 - 05:18 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
it should only take a few minutes

delete OTListIt2 and re-download it from the same link above. Then run the fix again

If that fails, try it in safe mode.

Also make sure you have Firefox closed
  • 0

#5
Tam2u
Posted 03 May 2009 - 05:37 PM

Tam2u

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
This time it ran fine and here is the log
========== OTLISTIT ==========
Process explorer.exe killed successfully!
No active process named AAWService.exe was found!
Process AAWTray.exe killed successfully!
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www14.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: "http://www14.yoog.co.../search.php?q=" removed from keyword.URL
C:\Documents and Settings\Rose Hagstrom\Application Data\Mozilla\FireFox\Profiles\2axw2227.default\user.js moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hrlhlqls deleted successfully.
C:\WINDOWS\System32\hrlhlqls.exe moved successfully.
C:\WINDOWS\djia6624.exe moved successfully.
C:\WINDOWS\qbxku3355.exe moved successfully.
C:\WINDOWS\lusfp2133.exe moved successfully.
C:\WINDOWS\System32\9B13A86D.plf moved successfully.
ADS C:\WINDOWS\WindowsUpdate.log:kxouet deleted successfully.
ADS C:\WINDOWS\TWUNK_16.EXE:wrahhq deleted successfully.
ADS C:\WINDOWS\TWUNK_16.EXE:kxdjub deleted successfully.
ADS C:\WINDOWS\Rhododendron.bmp:qeqxxb deleted successfully.
ADS C:\WINDOWS\FeatherTexture.bmp:ymfgv deleted successfully.
ADS C:\WINDOWS\EXPLORER.SCF:gbizk deleted successfully.
ADS C:\WINDOWS\BOOTSTAT.DAT:nzcgf deleted successfully.
ADS C:\WINDOWS\VMMREG32.DLL:wplsva deleted successfully.
ADS C:\WINDOWS\TWUNK_16.EXE:zglrxc deleted successfully.
ADS C:\WINDOWS\orun32.isu:teciwt deleted successfully.
ADS C:\WINDOWS\WINNT.BMP:cyghyd deleted successfully.
ADS C:\WINDOWS\BOOTSTAT.DAT:eikzng deleted successfully.
ADS C:\WINDOWS\Sti_Trace.log:ftwuh deleted successfully.
ADS C:\WINDOWS\River Sumida.bmp:fudge deleted successfully.
ADS C:\WINDOWS\Rhododendron.bmp:tdkozb deleted successfully.
ADS C:\WINDOWS\REGLOCS.OLD:ttinw deleted successfully.
ADS C:\WINDOWS\DESKTOP.INI:takoc deleted successfully.
ADS C:\WINDOWS\DELLSTAT.INI:wiwlb deleted successfully.
ADS C:\WINDOWS\WIASERVC.LOG:rxvocq deleted successfully.
ADS C:\WINDOWS\VB.INI:lnaahf deleted successfully.
ADS C:\WINDOWS\TWUNK_32.EXE:xsxizu deleted successfully.
ADS C:\WINDOWS\TASKMAN.EXE:oeizap deleted successfully.
ADS C:\WINDOWS\TASKMAN.EXE:lqxplw deleted successfully.
ADS C:\WINDOWS\REGLOCS.OLD:ymysdz deleted successfully.
ADS C:\WINDOWS\orun32.isu:thayjz deleted successfully.
ADS C:\WINDOWS\ODBCINST.INI:idzqay deleted successfully.
ADS C:\WINDOWS\DELL.BMP:ckhetu deleted successfully.
ADS C:\WINDOWS\VBADDIN.INI:sqfyo deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:grqmc deleted successfully.
ADS C:\WINDOWS\corelpf.lrs:ihzwg deleted successfully.
ADS C:\WINDOWS\CONTROL.INI:lplsf deleted successfully.
ADS C:\WINDOWS\BOOTSTAT.DAT:ilzdc deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOCUME~1\ROSEHA~1\My Documents\Desktop\Unused Desktop Shortcuts\MassvePrme303XFORCE\Crack moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Rose Hagstrom\Local Settings\Temp\Perflib_Perfdata_dfc.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_604.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05032009_192728

Files moved on Reboot...
File C:\Documents and Settings\Rose Hagstrom\Local Settings\Temp\Perflib_Perfdata_dfc.dat not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_604.dat not found!

Registry entries deleted on Reboot...
  • 0

#6
Rorschach112
Posted 04 May 2009 - 05:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post a new OTL log
  • 0

#7
Tam2u
Posted 04 May 2009 - 02:45 PM

Tam2u

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTListIt logfile created on: 5/4/2009 4:36:00 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 205.30 Mb Available Physical Memory | 53.74% Memory free
731.36 Mb Paging File | 426.35 Mb Available in Paging File | 58.29% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.77 Gb Free Space | 61.14% Space Free | Partition Type: NTFS
Drive D: | 300.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 41.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.59 Mb Total Space | 17.26 Mb Free Space | 98.08% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ITWPROSERVICES
Current User Name: Rose Hagstrom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SABProcEnum [On_Demand | Stopped]) -- C:\WINDOWS\System32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.20
FF - prefs.js..extensions.enabledItems: {f86e6264-e877-5fce-c3e4-8668a7d99da2}:1.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.4.1
FF - prefs.js..extensions.enabledItems: {78533c73-dead-4339-aebb-0ebad9476c6f}:0.2.1
FF - prefs.js..extensions.enabledItems: {dc0a2d4c-21fd-45b6-961b-d882c49d752b}:0.6.0.2
FF - prefs.js..extensions.enabledItems: {b7400dc5-2077-4d79-a9ea-5f24f6a06259}:0.2.0.2
FF - prefs.js..extensions.enabledItems: {36734583-47ba-41ce-8164-a183618253d2}:3.00
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: {1f052e2a-b7b9-11d9-945f-00e08161165f}:1.8.33
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {224d6e00-0336-11dd-95ff-0800200c9a66}:1.3.5.56
FF - prefs.js..extensions.enabledItems: {1f870b8e-d71f-11db-8314-0800200c9a66}:2.0.2
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.121408
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.48
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:0.4.1

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/03 19:39:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 22:05:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 16:28:13 | 00,000,000 | ---D | M]

[2008/12/01 18:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Extensions
[2008/12/01 18:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 09:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions
[2009/03/17 07:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2008/12/11 17:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2008/12/03 18:43:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{1f052e2a-b7b9-11d9-945f-00e08161165f}
[2008/12/03 18:46:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{1f870b8e-d71f-11db-8314-0800200c9a66}
[2008/12/01 18:18:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{224d6e00-0336-11dd-95ff-0800200c9a66}
[2008/12/18 10:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2008/12/01 18:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{36734583-47ba-41ce-8164-a183618253d2}
[2009/05/02 15:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/12/03 18:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2008/12/03 18:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2009/03/11 17:32:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2009/03/05 19:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/01 18:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{78533c73-dead-4339-aebb-0ebad9476c6f}
[2008/12/01 18:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{843910fe-46fc-4f15-a319-aca2bd71b55d}
[2008/12/01 18:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{8b0bc85b-b7b9-46ad-9cff-2325cc3ca111}
[2008/12/01 18:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{b7400dc5-2077-4d79-a9ea-5f24f6a06259}
[2008/12/01 18:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{b90fa88d-d623-40da-a4eb-7144f85a3139}
[2009/01/19 21:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2008/12/01 18:52:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{dc0a2d4c-21fd-45b6-961b-d882c49d752b}
[2009/02/18 17:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/06 15:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}
[2009/04/09 18:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/17 13:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2008/12/03 18:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/09 18:29:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/03/17 07:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/03/29 16:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2008/12/01 18:52:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/01/01 20:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/03/27 21:51:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/01/01 20:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/09 18:29:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mozilla\Firefox\Profiles\2axw2227.default\extensions\[email protected]
[2009/04/30 21:39:38 | 00,000,247 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\Application Data\Mozilla\FireFox\Profiles\2axw2227.default\searchplugins\Yoog Search.xml
[2009/05/04 09:25:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 16:28:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/25 13:46:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/05/03 19:40:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 16:27:31 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 16:27:31 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/30 02:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 02:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 02:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 02:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 02:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 02:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 02:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (301828 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10429 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll ()
O2 - BHO: (TBSB05288 Class) - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ECO Bar) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8 - Extra context menu item: &IE Toolbar search - res://C:\Program Files\411IEToolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: frame.crazywinnings.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: 1 range(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....738&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1123976077921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1173662393033 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/29 09:13:53 | 00,575,080 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 09:13:53 | 00,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 09:13:53 | 00,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/01/04 18:17:30 | 00,000,270 | ---- | M] () - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/03 19:25:54 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\OTListIt2.exe
[2009/05/03 19:19:39 | 00,005,120 | -HS- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Thumbs.db
[2009/05/03 17:59:02 | 00,016,692 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\cancer colors.jpg
[2009/05/03 13:53:57 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/02 15:32:31 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/02 15:32:30 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/02 15:32:29 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/02 15:32:27 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/02 15:32:24 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/02 15:32:21 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/02 15:32:20 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/02 15:32:20 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/02 15:32:20 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/02 15:31:41 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/02 15:31:41 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/05/02 15:31:41 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/02 15:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/01 09:38:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\My Received Files
[2009/05/01 08:53:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/01 08:50:42 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/01 08:45:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/01 08:41:08 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/30 23:30:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/30 23:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/30 23:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/30 23:25:13 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/30 23:25:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/30 23:25:11 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/30 23:25:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/30 23:25:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/30 23:25:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/30 23:25:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/30 23:25:04 | 00,000,000 | ---D | C] -- C:\c6e3d8596353b04659e7757f009685
[2009/04/30 23:10:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 22:14:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Geek Tools
[2009/04/30 21:48:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Malwarebytes
[2009/04/30 21:47:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 21:47:45 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 21:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 21:47:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 21:45:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 21:44:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/29 17:17:52 | 00,040,423 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\ITW-Original Master Customer List.wpd
[2009/04/29 17:17:52 | 00,007,680 | -HS- | C] () -- C:\WINDOWS\Thumbs.db
[2009/04/28 15:46:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/28 15:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/04/28 15:46:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/04/28 15:45:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/04/28 15:43:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/26 16:19:57 | 00,001,269 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Max Journal Info.rtf
[2009/04/25 13:53:52 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/04/25 13:51:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/25 13:49:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/25 13:44:56 | 00,075,082 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\12.jpg
[2009/04/22 11:23:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\HTML
[2009/04/21 15:23:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Creative Tools
[2009/04/21 14:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\Text
[2009/04/21 10:39:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Ashampoo
[2009/04/21 10:38:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/04/21 10:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/04/20 21:28:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\pnl
[2009/04/20 15:46:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\My Documents\QPPriv
[2009/04/19 13:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Apple Computer
[2009/04/19 13:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/19 13:07:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/19 13:05:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/19 13:05:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/17 19:49:08 | 00,000,008 | ---- | C] () -- C:\WINDOWS\ldf.dat
[2009/04/17 19:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\massive_mhost
[2009/04/15 21:07:24 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 21:07:23 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 21:07:22 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 21:07:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 21:07:20 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 21:07:19 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 21:07:18 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 21:05:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/13 13:07:14 | 00,686,080 | ---- | C] () -- C:\WINDOWS\System32\nsy40.dll
[2009/04/11 14:11:41 | 00,000,776 | -H-- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\.picasa.ini
[2009/04/06 09:38:49 | 00,001,034 | ---- | C] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\magicJack.lnk
[2009/03/30 14:46:22 | 00,000,169 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/10 08:18:33 | 00,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/14 12:23:42 | 01,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2009/01/14 12:23:42 | 01,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2009/01/14 12:23:42 | 01,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2009/01/14 12:23:41 | 01,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2009/01/14 12:23:40 | 01,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2009/01/14 12:22:43 | 00,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2009/01/14 12:22:35 | 01,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2009/01/14 12:22:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2009/01/14 12:22:34 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2009/01/14 12:22:33 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2009/01/14 12:22:33 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2009/01/14 12:22:32 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2008/10/13 11:08:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/09/19 15:37:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2008/09/18 13:43:49 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 13:43:48 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/18 13:43:01 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/09/18 13:43:00 | 00,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/09/18 13:40:57 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/09/16 15:19:19 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2007/10/22 20:28:22 | 01,260,072 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/20 19:57:00 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/06/28 23:17:30 | 00,000,640 | ---- | C] () -- C:\WINDOWS\FoldingBooklet.ini
[2006/06/15 07:29:02 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/06/15 07:22:40 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/15 07:19:08 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/08 17:02:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/08 12:20:35 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/02 12:56:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/28 03:19:51 | 00,000,438 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/12/22 13:53:54 | 00,000,562 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/12/17 06:50:54 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2003/11/17 16:15:02 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/10/30 02:28:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/10/30 02:17:46 | 00,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/30 02:02:28 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/30 02:02:02 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/30 01:48:26 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/17 19:00:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2003/02/17 19:00:36 | 00,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2003/02/05 13:11:12 | 00,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/04 08:34:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/04 06:30:05 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/04 06:28:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 06:28:35 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\Local Settings\DESKTOP.INI
[2009/05/04 06:28:33 | 00,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/04 06:28:30 | 40,062,5664 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/03 19:26:06 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\OTListIt2.exe
[2009/05/03 19:19:39 | 00,005,120 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\Thumbs.db
[2009/05/03 18:00:30 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/05/03 17:59:09 | 00,016,692 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\cancer colors.jpg
[2009/05/02 15:35:00 | 00,000,562 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/02 15:35:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/05/02 15:35:00 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/05/02 15:32:31 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/02 15:32:20 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/02 15:28:57 | 00,001,034 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\magicJack.lnk
[2009/05/01 09:03:03 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\DESKTOP.INI
[2009/05/01 03:14:55 | 00,536,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/01 03:14:55 | 00,466,414 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/01 03:14:55 | 00,079,630 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/01 00:13:23 | 01,644,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/29 17:17:52 | 00,040,423 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\ITW-Original Master Customer List.wpd
[2009/04/29 17:17:52 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/27 17:47:59 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/27 17:47:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/27 08:34:46 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/27 08:34:22 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/26 16:19:57 | 00,001,269 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Max Journal Info.rtf
[2009/04/25 14:17:38 | 00,077,824 | -HS- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\Thumbs.db
[2009/04/13 13:07:14 | 00,686,080 | ---- | M] () -- C:\WINDOWS\System32\nsy40.dll
[2009/04/11 14:16:33 | 00,000,776 | -H-- | M] () -- C:\Documents and Settings\Rose Hagstrom\My Documents\.picasa.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== LOP Check ==========

[2009/05/02 15:23:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/10 08:28:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/03/17 11:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/15 16:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/09/17 12:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/09/17 12:55:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/04/19 13:05:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/19 13:07:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/21 10:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2008/09/18 13:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/04/25 13:49:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2008/02/26 11:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/23 20:38:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/12/15 16:46:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/06/05 20:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/09/18 13:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/09/17 08:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2008/09/16 20:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/03/10 08:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/17 12:59:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/04/30 21:47:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/16 21:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/04/28 15:46:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2003/12/15 14:05:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/09/29 18:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/04/25 13:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2004/12/19 19:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2003/10/30 02:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2003/10/30 02:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/24 17:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/09/26 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/09/17 15:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/07 19:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/03 19:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/25 07:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/21 15:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/18 18:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/03/14 09:47:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/30 21:48:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data
[2009/04/04 11:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Adobe
[2007/05/28 07:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\AdobeAUM
[2006/03/24 21:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\AdobeUM
[2009/02/07 17:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\AlwaysNeat
[2008/12/15 16:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\AOL
[2009/04/19 13:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Apple Computer
[2009/04/21 10:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Ashampoo
[2008/09/18 13:56:02 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Brother
[2009/04/22 11:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Corel
[2008/10/15 18:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Feedreader
[2009/02/07 12:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\funkitron
[2007/05/28 07:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Google
[2008/12/23 19:44:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\gtk-2.0
[2003/12/02 15:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Help
[2006/06/05 20:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\HP
[2003/10/30 01:47:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Identities
[2007/12/11 11:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Image Zone Express
[2008/09/17 08:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Ipswitch
[2008/09/16 20:59:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Lavasoft
[2007/07/20 19:57:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Leadertech
[2009/04/25 15:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\LimeWire
[2008/09/17 13:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Macromedia
[2009/04/30 21:48:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Malwarebytes
[2009/04/28 16:20:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Microsoft
[2009/05/02 15:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\mjusbsp
[2008/12/01 18:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Mozilla
[2009/03/08 13:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\panoramik
[2009/03/08 19:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Real
[2008/12/28 23:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Reflexivev1005
[2009/02/07 12:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\ScreenSeven
[2008/10/19 06:57:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Sun
[2008/09/26 15:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\SUPERAntiSpyware.com
[2008/09/20 11:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Viewpoint
[2008/12/21 21:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Winamp
[2008/09/20 14:37:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Windows Desktop Search
[2008/09/23 07:05:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Windows Search
[2008/12/25 20:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\WinRAR
[2009/01/18 18:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rose Hagstrom\Application Data\Yahoo!
[2009/05/04 08:34:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/05/03 18:00:30 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/05/04 06:28:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BC4708
< End of report >
  • 0

#8
Rorschach112
Posted 04 May 2009 - 02:59 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello


Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2009/04/30 21:39:38 | 00,000,247 | ---- | M] () -- C:\Documents and Settings\Rose Hagstrom\Application Data\Mozilla\FireFox\Profiles\2axw2227.default\searchplugins\Yoog Search.xml
[2009/04/13 13:07:14 | 00,686,080 | ---- | M] () -- C:\WINDOWS\System32\nsy40.dll

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done



Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txts will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
  • 0

#9
Tam2u
Posted 04 May 2009 - 03:33 PM

Tam2u

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
DDS (Ver_09-03-16.01) - NTFSx86
Run by Rose Hagstrom at 17:25:48.81 on Mon 05/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.143 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090504-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Rose Hagstrom\My Documents\Desktop\dds.pif
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Roadrunner
uDefault_Search_Url = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
BHO: TBSB05288 Class: {6714adbd-c6c1-42a8-bd84-9c9339059421} - c:\program files\ietoolbar\eco bar\tbu05139\ecobar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: ECO Bar: {10000000-1000-1000-1000-100000000000} - c:\program files\ietoolbar\eco bar\tbu05139\ecobar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: &IE Toolbar search - c:\program files\411ietoolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: frame.crazywinnings.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123976077921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173662393033
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roseha~1\applic~1\mozilla\firefox\profiles\2axw2227.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-10 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-2 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-2 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-2 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-2 352920]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-05-03 19:40 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-05-03 13:53 <DIR> -cd----- C:\_OTListIt
2009-05-03 06:55 <DIR> -cdsh--- c:\documents and settings\rose hagstrom\PrivacIE
2009-05-02 15:31 1,060,864 ac------ c:\windows\system32\MFC71.dll
2009-05-02 15:16 <DIR> -cdsh--- c:\documents and settings\rose hagstrom\IECompatCache
2009-05-01 09:02 <DIR> -cdsh--- c:\documents and settings\rose hagstrom\IETldCache
2009-05-01 08:53 <DIR> -cd----- c:\windows\ie8updates
2009-05-01 08:50 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-01 08:45 <DIR> -cd-h--- c:\windows\ie8
2009-05-01 08:41 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-30 23:30 <DIR> -cd----- c:\windows\system32\XPSViewer
2009-04-30 23:25 117,760 -c------ c:\windows\system32\prntvpt.dll
2009-04-30 23:25 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-30 23:25 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-30 23:25 575,488 -c------ c:\windows\system32\xpsshhdr.dll
2009-04-30 23:25 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-30 23:25 1,676,288 -c------ c:\windows\system32\xpssvcs.dll
2009-04-30 23:25 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-30 23:25 <DIR> -cd----- C:\c6e3d8596353b04659e7757f009685
2009-04-30 23:10 <DIR> -cd----- C:\Rooter$
2009-04-30 21:48 <DIR> -cd----- c:\docume~1\roseha~1\applic~1\Malwarebytes
2009-04-30 21:47 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-04-30 21:47 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 21:47 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-30 21:47 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-04-29 17:17 7,680 ac-sh--- c:\windows\Thumbs.db
2009-04-28 16:21 <DIR> -cd----- c:\documents and settings\rose hagstrom\Tracing
2009-04-28 15:46 <DIR> -cd----- c:\program files\Microsoft
2009-04-28 15:46 <DIR> -cd----- c:\program files\Windows Live SkyDrive
2009-04-28 15:43 <DIR> -cd----- c:\program files\common files\Windows Live
2009-04-25 13:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-25 13:49 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Cached Installations
2009-04-21 10:39 <DIR> -cd----- c:\docume~1\roseha~1\applic~1\Ashampoo
2009-04-21 10:38 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-04-21 10:37 <DIR> -cd----- c:\program files\Ashampoo
2009-04-17 19:49 8 ac------ c:\windows\ldf.dat
2009-04-17 19:48 <DIR> -cd----- c:\program files\massive_mhost
2009-04-15 21:07 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:07 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 21:07 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:07 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:07 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:07 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:07 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:05 2,560 -c------ c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-05-03 19:39 410,984 ac------ c:\windows\system32\deploytk.dll
2009-04-27 08:34 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-04-27 08:34 64,160 ac------ c:\windows\system32\drivers\Lbd.sys
2009-03-20 14:50 3,358,720 ac------ c:\windows\system32\GPhotos.scr
2009-03-08 04:34 914,944 ac------ c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 ac------ c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 ac------ c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 ac------ c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 ac------ c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 ac------ c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 ac------ c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 ac------ c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 ac------ c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 ac------ c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 ac------ c:\windows\system32\pdh.dll
2009-02-09 08:10 729,088 ac------ c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 ac------ c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 ac------ c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 ac------ c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 ac------ c:\windows\system32\ntkrnlpa.exe
2009-02-06 18:52 49,504 ac------ c:\windows\system32\sirenacm.dll
2009-02-06 07:11 110,592 ac------ c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 ac------ c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 ac------ c:\windows\system32\sc.exe
2008-09-04 03:07 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 17:28:35.40 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2003 9:09:00 AM
System Uptime: 5/4/2009 5:17:19 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2193/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 22.709 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2085: 3/30/2009 10:00:38 PM - System Checkpoint
RP2086: 3/31/2009 11:38:44 AM - Installed Java™ 6 Update 13
RP2087: 4/1/2009 1:28:09 PM - System Checkpoint
RP2088: 4/2/2009 1:38:59 PM - System Checkpoint
RP2089: 4/3/2009 8:42:11 AM - Avg8 Update
RP2090: 4/4/2009 10:27:49 AM - System Checkpoint
RP2091: 4/5/2009 11:39:20 AM - System Checkpoint
RP2092: 4/6/2009 1:46:51 PM - System Checkpoint
RP2093: 4/7/2009 1:52:38 PM - System Checkpoint
RP2094: 4/8/2009 4:35:07 PM - System Checkpoint
RP2095: 4/9/2009 5:03:29 PM - System Checkpoint
RP2096: 4/10/2009 6:05:57 PM - System Checkpoint
RP2097: 4/11/2009 7:45:04 PM - System Checkpoint
RP2098: 4/12/2009 8:24:08 PM - System Checkpoint
RP2099: 4/13/2009 9:05:45 AM - Avg8 Update
RP2100: 4/14/2009 9:24:11 AM - System Checkpoint
RP2101: 4/15/2009 9:38:07 AM - System Checkpoint
RP2102: 4/16/2009 3:01:01 AM - Software Distribution Service 3.0
RP2103: 4/16/2009 9:20:26 AM - Avg8 Update
RP2104: 4/17/2009 12:59:06 PM - System Checkpoint
RP2105: 4/18/2009 1:02:52 PM - System Checkpoint
RP2106: 4/19/2009 1:07:25 PM - Installed QuickTime
RP2107: 4/20/2009 2:02:37 PM - System Checkpoint
RP2108: 4/21/2009 3:06:17 PM - Removed WinZip 12.0
RP2109: 4/22/2009 5:23:30 PM - System Checkpoint
RP2110: 4/23/2009 5:28:13 PM - System Checkpoint
RP2111: 4/24/2009 6:34:08 PM - System Checkpoint
RP2112: 4/25/2009 1:51:52 PM - Installed ParetoLogic Data Recovery.
RP2113: 4/26/2009 2:32:40 PM - System Checkpoint
RP2114: 4/27/2009 2:58:12 PM - System Checkpoint
RP2115: 4/27/2009 8:55:53 PM - Removed ParetoLogic Data Recovery.
RP2116: 4/28/2009 10:17:18 PM - System Checkpoint
RP2117: 4/29/2009 11:12:47 PM - System Checkpoint
RP2118: 4/30/2009 3:00:45 AM - Software Distribution Service 3.0
RP2119: 4/30/2009 9:43:08 PM - Automatic Restore Point
RP2120: 4/30/2009 10:46:05 PM - Software Distribution Service 3.0
RP2121: 5/1/2009 12:13:07 AM - Printer Driver Microsoft XPS Document Writer Installed
RP2122: 5/1/2009 3:01:18 AM - Software Distribution Service 3.0
RP2123: 5/1/2009 8:20:24 AM - Software Distribution Service 3.0
RP2124: 5/1/2009 9:40:18 AM - Software Distribution Service 3.0
RP2125: 5/1/2009 9:47:30 AM - Avg8 Update
RP2126: 5/1/2009 9:50:31 AM - Avg8 Update
RP2127: 5/2/2009 10:08:19 AM - System Checkpoint
RP2128: 5/2/2009 3:21:11 PM - Removed AVG Free 8.5
RP2129: 5/2/2009 3:24:30 PM - Installed AVG Free 8.5
RP2130: 5/3/2009 6:53:48 AM - Automatic Restore Point
RP2131: 5/3/2009 7:14:35 PM - Removed Java 2 Runtime Environment, SE v1.4.2
RP2132: 5/3/2009 7:16:58 PM - Removed Java™ 6 Update 12
RP2133: 5/3/2009 7:39:07 PM - Installed Java™ 6 Update 13

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apophysis 2.0
Apple Software Update
Ashampoo Burning Studio 6 FREE
avast! Antivirus
Banctec Service Agreement
Broadcom Management Programs
BroadJump Client Foundation
CCleaner (remove only)
Choice Guard
Conexant SmartHSFi V92 56K DF PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
DAO
Dell Networking Guide
Dell Solution Center
Digital Line Detect
DS21Patch
ERUNT 1.1j
GdiplusUpgrade
GoldWave v5.23
Google Gmail Notifier
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® Extreme Graphics Driver
Ipswitch WS_FTP Pro
IrfanView (remove only)
Java™ 6 Update 13
LimeWire 4.18.8
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MWSnap 3
MyDeluxeInvoices & Estimates 5.5.0.0
NetWaiting
PDF Settings
Picasa 3
QuickTime
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Shockwave
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Textaizer Pro v3.0
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 11
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/3/2009 2:38:48 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/3/2009 2:38:34 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/3/2009 2:30:40 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
5/3/2009 2:29:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
5/3/2009 2:29:00 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/1/2009 12:13:05 AM, error: Service Control Manager [7034] - The Mhost service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================



And I did not know if you needed the new OT log so I thought I would add it here in case you did

========== OTLISTIT ==========
Process explorer.exe killed successfully!
C:\Documents and Settings\Rose Hagstrom\Application Data\Mozilla\FireFox\Profiles\2axw2227.default\searchplugins\Yoog Search.xml moved successfully.
C:\WINDOWS\System32\nsy40.dll unregistered successfully.
C:\WINDOWS\System32\nsy40.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05042009_171528

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_3c8.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
Rorschach112
Posted 04 May 2009 - 03:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

Advertisements

#11
Tam2u
Posted 04 May 2009 - 08:30 PM

Tam2u

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 3

5/4/2009 5:54:10 PM
mbam-log-2009-05-04 (17-54-10).txt

Scan type: Quick Scan
Objects scanned: 74991
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 04, 2009 23:59:38
Records in database: 2131995
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 107191
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:28:52


File name / Threat name / Threats count
C:\_OTListIt\MovedFiles\05032009_192728\WINDOWS\System32\hrlhlqls.exe Infected: Trojan-Downloader.Win32.VB.mak 1

The selected area was scanned.
  • 0

#12
Rorschach112
Posted 05 May 2009 - 05:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



  • Download OTCleanIt to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#13
Tam2u
Posted 05 May 2009 - 02:44 PM

Tam2u

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Thank you for walking me through this. I have installed the precautionary programs you mentioned to help make my computer safer and I absolutely love my Firefox. I have 2 places I go that I cannot get to in Firefox is there a plug-in or something that will make it adaptable so I don't have to use Internet Explorer at all.
  • 0

#14
Rorschach112
Posted 05 May 2009 - 02:49 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you be more specific about that
  • 0

#15
Tam2u
Posted 05 May 2009 - 02:55 PM

Tam2u

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
There are 2 sites that I go to regularly one being ifleet.com and it is not compatible with Firefox so I have to open IE in order to access it. I think I read somewhere that there was a plug in or something that would allow you to open an IE window in Firefox. If there is such a thing I would certainly like to find it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP