Post by: sona on May 13, 2009, 07:00:47 PM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> yoog has invaded my mozilla and i need help
Post by: guestolo on May 13, 2009, 08:31:24 PM
- Close all windows and Double click on OTListIt2.exe to Run it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
Post by: sona on May 14, 2009, 04:22:48 PM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> yoog has invaded my mozilla and i need help[/quote]Please help me out
Post by: sona on May 14, 2009, 08:24:51 PM
- Close all windows and Double click on OTListIt2.exe to Run it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
ok
Post by: sona on May 14, 2009, 08:39:39 PM
- Close all windows and Double click on OTListIt2.exe to Run it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
having trouble posting log. tried to attach and still won't let me
Post by: guestolo on May 15, 2009, 12:22:20 AM
Try the following, run OTListit2 again, this time
when the log opens in a text file, click on FORMAT at the top menu bar, then UNCHECK WORD WRAP
After you unchecked word wrap
Do the following:
Click EDIT at the top menubar
and then SELECT ALL
Then EDIT and select COPY
Come back here and PASTE to your reply
Don't forget about EXTRA.txt, a copy of it should be on your desktop
Open the file and copy/paste the whole contents back here too
Post by: sona on May 15, 2009, 10:22:08 PM
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.93 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 51.84% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.85 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
[color=\"orange\"]========== Processes (SafeList) ==========[/color]
PRC - [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2009/02/11 12:25:12 | 00,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\wEmail Removedexe
PRC - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/03/21 23:19:57 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/04/11 12:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/02/11 12:25:11 | 00,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\shellmon.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2008/10/18 18:38:02 | 00,347,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2008/04/16 23:18:12 | 02,516,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2009/05/15 23:18:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\home\Downloads\OTListIt2(2).exe
[color=\"orange\"]========== Win32 Services (SafeList) ==========[/color]
SRV - [2008/06/27 11:53:06 | 00,089,088 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV - [2007/12/11 16:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\sysnative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/05/05 18:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/03/18 20:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\sysnative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/19 21:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 22:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
SRV - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/09/11 07:53:00 | 00,279,040 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[color=\"orange\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2008/03/27 16:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/02/29 19:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/01/12 04:18:55 | 01,522,168 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV - [2009/03/18 16:44:07 | 00,332,848 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\BHDrvx64.sys -- (BHDrvx64 [System | Running])
DRV - [2009/03/18 16:44:07 | 00,582,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\ccHPx64.sys -- (ccHP [System | Running])
DRV - [2008/01/20 22:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
DRV - [2008/09/04 13:48:00 | 00,064,000 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,131,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/03/27 16:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 20:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2009/01/29 17:50:10 | 00,396,848 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSvia64.sys -- (IDSVia64 [System | Running])
DRV - [2008/08/14 06:18:54 | 08,029,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV - [2008/07/15 04:20:42 | 00,126,464 | ---- | M] () -- C:\Windows\sysnative\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\ENG64.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/03/13 10:44:26 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\EX64.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/01/20 22:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV - [2008/08/06 12:26:08 | 00,174,592 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/09/19 21:43:58 | 00,068,096 | ---- | M] () -- C:\Windows\sysnative\drivers\RTSTOR64.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2008/01/20 22:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,476,720 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SRTSP64.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,304 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SRTSPX64.SYS -- (SRTSPX [System | Running])
DRV - [2008/09/11 07:54:44 | 00,465,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV - [2008/01/20 22:47:25 | 00,012,288 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,402,992 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SYMEFA64.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/25 20:40:57 | 00,172,080 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,138,288 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,816 | R--- | M] () -- C:\Windows\sysnative\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009/03/12 04:43:27 | 00,046,640 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,310,320 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/06/19 21:37:42 | 00,325,680 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 22:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV - [2006/11/29 18:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\wanatw64.sys -- (wanatw [On_Demand | Running])
DRV - [2006/10/03 21:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2008/09/26 06:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])
[color=\"orange\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"orange\"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ (http://\"http://my.yahoo.com/\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=\"orange\"]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/10/18 19:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/13 22:38:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/05/12 17:34:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/05/12 17:34:56 | 00,000,000 | ---D | M]
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 18:33:16 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\yk9dkhpe.default\extensions
[2009/05/15 22:44:03 | 00,000,247 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
[2009/05/15 07:45:28 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/05/12 17:34:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 23:20:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/29 09:55:50 | 00,676,864 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\components\0cbb38e2-ac28-5efc-b550-f24254030a0b.dll
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/04/29 10:16:38 | 00,423,424 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\components\fmsjnmqveusjfoq.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (trueads search enhancer) - {3CDE6E37-E66E-AEAA-2448-F2F550B799E2} - C:\Windows\SysWow64\fmsjnmqveusjfoq.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (trueads) - {d02bd486-56a6-aea3-c9fb-3352a78d8400} - C:\Windows\SysWow64\nsr2778.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe" (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (CyberLink Corp.)
O4 - HKCU..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\Email RemovedEXE" -b (AOL, LLC.)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU" ()
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: Email Removed ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab\") (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab\") (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab\") (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab\") (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/12 17:34:59 | 00,000,000 | ---D | M]
[color=\"orange\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2009/05/15 18:15:13 | 00,012,756 | ---- | C] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 17:39:26 | 00,011,090 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 21:35:41 | 00,018,481 | ---- | C] () -- C:\Users\home\Documents\yoog 2.docx
[2009/05/14 21:35:01 | 00,023,269 | ---- | C] () -- C:\Users\home\Documents\yoog.docx
[2009/05/14 16:25:09 | 00,014,809 | ---- | C] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:44 | 00,673,152 | ---- | C] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:42 | 00,602,247 | ---- | C] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:54 | 00,467,718 | ---- | C] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:39 | 00,705,880 | ---- | C] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:05 | 00,524,416 | ---- | C] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:29 | 00,586,106 | ---- | C] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:07 | 00,519,581 | ---- | C] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:09:26 | 00,011,945 | ---- | C] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | C] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/12 16:44:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/05/10 19:13:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2009/05/10 16:05:10 | 00,059,526 | ---- | C] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe
[2009/05/10 16:05:07 | 00,085,660 | ---- | C] () -- C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe
[2009/05/09 22:13:13 | 00,019,789 | ---- | C] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 18:09:00 | 00,015,334 | ---- | C] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 13:03:10 | 00,012,893 | ---- | C] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 20:35:56 | 00,014,344 | ---- | C] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | C] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | C] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:26 | 00,055,454 | ---- | C] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 21:18:32 | 00,012,519 | ---- | C] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | C] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | C] () -- C:\Users\home\Documents\DAD1.docx
[2009/04/29 23:38:33 | 00,011,601 | ---- | C] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:46:13 | 00,014,523 | ---- | C] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/29 21:27:22 | 00,011,102 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:36 | 00,011,681 | ---- | C] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/29 10:16:46 | 00,567,808 | ---- | C] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll
[2009/04/29 09:55:50 | 00,684,032 | ---- | C] () -- C:\Windows\System32\nsr2778.dll
[2009/04/27 21:03:56 | 00,012,528 | ---- | C] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/27 17:08:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/04/27 17:05:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/04/26 22:19:39 | 00,012,611 | ---- | C] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 16:08:07 | 00,012,797 | ---- | C] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 16:48:48 | 00,012,658 | ---- | C] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:15 | 00,015,676 | ---- | C] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:31:12 | 00,183,296 | ---- | C] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | C] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 13:56:11 | 00,011,743 | ---- | C] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
[2006/11/02 08:34:27 | 00,000,336 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[color=\"orange\"]========== Files - Modified Within 30 Days ==========[/color]
[2009/05/15 22:45:03 | 00,012,756 | ---- | M] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 19:44:54 | 00,011,090 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/15 16:08:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/15 07:45:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/15 07:45:15 | 42,228,32640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/14 21:35:42 | 00,018,481 | ---- | M] () -- C:\Users\home\Documents\yoog 2.docx
[2009/05/14 21:35:01 | 00,023,269 | ---- | M] () -- C:\Users\home\Documents\yoog.docx
[2009/05/14 18:58:16 | 00,014,809 | ---- | M] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:50 | 00,673,152 | ---- | M] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:46 | 00,602,247 | ---- | M] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:56 | 00,467,718 | ---- | M] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:44 | 00,705,880 | ---- | M] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:07 | 00,524,416 | ---- | M] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:32 | 00,586,106 | ---- | M] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:13 | 00,519,581 | ---- | M] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:49:01 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhome.job
[2009/05/12 21:17:34 | 00,011,945 | ---- | M] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | M] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/10 23:33:36 | 00,019,789 | ---- | M] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/10 16:05:10 | 00,059,526 | ---- | M] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe
[2009/05/10 16:05:07 | 00,085,660 | ---- | M] () -- C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe
[2009/05/08 23:20:41 | 00,015,334 | ---- | M] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 23:11:04 | 00,012,893 | ---- | M] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 22:35:23 | 00,014,344 | ---- | M] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | M] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | M] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:27 | 00,055,454 | ---- | M] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 23:17:51 | 00,012,519 | ---- | M] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | M] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | M] () -- C:\Users\home\Documents\DAD1.docx
[2009/05/01 22:08:18 | 00,014,523 | ---- | M] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/30 23:15:36 | 00,011,601 | ---- | M] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:31:17 | 00,011,102 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:37 | 00,011,681 | ---- | M] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/29 10:16:46 | 00,567,808 | ---- | M] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll
[2009/04/29 09:55:50 | 00,684,032 | ---- | M] () -- C:\Windows\System32\nsr2778.dll
[2009/04/28 22:26:07 | 00,012,528 | ---- | M] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/28 16:29:03 | 00,000,336 | ---- | M] () -- C:\Windows\win.ini
[2009/04/26 22:19:39 | 00,012,611 | ---- | M] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 21:44:03 | 00,012,797 | ---- | M] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 17:46:36 | 00,012,658 | ---- | M] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:16 | 00,015,676 | ---- | M] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:37:52 | 00,183,296 | ---- | M] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | M] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 16:45:27 | 00,011,743 | ---- | M] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
[color=\"orange\"]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:61A065F2
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:D3A8AA31
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3A6BC948
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:A2B9AD4B
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:A1D3FEF0
< End of report >
OTListIt Extras logfile created on: 5/14/2009 9:31:55 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.93 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.89 Gb Free Space | 71.39% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
[color=\"orange\"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=\"orange\"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List
[color=\"orange\"]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]
[color=\"orange\"]========== Vista Active Open Ports Exception List ==========[/color]
{0E6B12A4-FB68-4E30-903A-11CEEA104F34} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{1BD1C519-DEFF-40EA-850C-8DB70C4C159E} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |
{261E635B-2E0A-4D64-99D9-3F69319A2305} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{34CCAAB4-67F5-4097-BFBC-87C331A816CE} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |
{54693961-F3A5-4F7F-ABED-46496EB71C27} = LPORT=6004 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{5F245BFE-A695-4130-B221-AE601CC4878A} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{6ED62D4D-9D6F-4608-A8E8-8D249EC732EE} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{7564F946-F8AD-4966-B914-62B1B0FC43BE} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{7EB49493-CFF8-43C6-9033-CEA8E42C1D3A} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{A4875B76-62A7-48B9-9C29-370D31CE2526} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{F35495F0-04D6-4A36-A289-7D107B6F2B63} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |
[color=\"orange\"]========== Vista Active Application Exception List ==========[/color]
{108C3917-F34F-4858-9C1C-A6BA1773BCBF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{178B623E-669B-459D-919B-8211EF07197C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL SYSTEM INFORMATION | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{1B3396CC-4B13-4328-863B-D4950B3ECE4D} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK POWERDIRECTOR | APP=C:\PROGRAM FILES (X86)\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{2CFE6075-1A79-499B-886F-45FBFAFE6C9C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{2EC3C708-6477-4B8F-BE56-B30C6703385B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{36AE22B5-0384-460B-A70B-794AEDFFA060} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE DIALER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{4BD9519D-5EFD-495F-A464-9241FC15C30E} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{4E605D87-49D2-4979-9E94-39043FEBCED7} = DIR=IN | ACTION=ALLOW | NAME=HP MEDIASMART DVD | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPDVDSMART.EXE |
{5786FA63-CFDE-460E-B1BB-F7AB03DE3413} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\TV\QPSERVICE.EXE |
{63EC1728-C0BD-4365-B524-36278462A911} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART PHOTO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTPHOTO.EXE |
{6492207D-00BB-48A5-ABFB-13A3D2A4DFD9} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MEDIA RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\TSMAGENT.EXE |
{677A9E7F-FD1D-43F0-BEAB-44071522252E} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{6D943CDE-DE54-4A03-9B49-0EE9172860A8} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK MEDIA SERVICE | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\KERNEL\CLML\CLMLSVC.EXE |
{6DDDECE2-F9AC-41B6-955B-E1F90A578A07} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART VIDEO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTVIDEO.EXE |
{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{794C808C-B7F9-481D-B203-24D8833E64A7} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{7F44E620-322E-4632-BD47-E922A0D64CE0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL SHARED COMPONENTS | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1238453836\EE\AOLSOFTWARE.EXE |
{8062A63B-4E36-496C-A1F1-86DE15E0F489} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL TOPSPEED | APP=C:\PROGRAM FILES (X86)\
Post by: sona on May 15, 2009, 10:26:33 PM
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.93 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.89 Gb Free Space | 71.39% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
[color=\"orange\"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=\"orange\"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List
[color=\"orange\"]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]
[color=\"orange\"]========== Vista Active Open Ports Exception List ==========[/color]
{0E6B12A4-FB68-4E30-903A-11CEEA104F34} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{1BD1C519-DEFF-40EA-850C-8DB70C4C159E} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |
{261E635B-2E0A-4D64-99D9-3F69319A2305} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{34CCAAB4-67F5-4097-BFBC-87C331A816CE} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |
{54693961-F3A5-4F7F-ABED-46496EB71C27} = LPORT=6004 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{5F245BFE-A695-4130-B221-AE601CC4878A} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{6ED62D4D-9D6F-4608-A8E8-8D249EC732EE} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{7564F946-F8AD-4966-B914-62B1B0FC43BE} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{7EB49493-CFF8-43C6-9033-CEA8E42C1D3A} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{A4875B76-62A7-48B9-9C29-370D31CE2526} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{F35495F0-04D6-4A36-A289-7D107B6F2B63} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |
[color=\"orange\"]========== Vista Active Application Exception List ==========[/color]
{108C3917-F34F-4858-9C1C-A6BA1773BCBF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{178B623E-669B-459D-919B-8211EF07197C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL SYSTEM INFORMATION | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{1B3396CC-4B13-4328-863B-D4950B3ECE4D} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK POWERDIRECTOR | APP=C:\PROGRAM FILES (X86)\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{2CFE6075-1A79-499B-886F-45FBFAFE6C9C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{2EC3C708-6477-4B8F-BE56-B30C6703385B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{36AE22B5-0384-460B-A70B-794AEDFFA060} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE DIALER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{4BD9519D-5EFD-495F-A464-9241FC15C30E} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{4E605D87-49D2-4979-9E94-39043FEBCED7} = DIR=IN | ACTION=ALLOW | NAME=HP MEDIASMART DVD | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPDVDSMART.EXE |
{5786FA63-CFDE-460E-B1BB-F7AB03DE3413} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\TV\QPSERVICE.EXE |
{63EC1728-C0BD-4365-B524-36278462A911} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART PHOTO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTPHOTO.EXE |
{6492207D-00BB-48A5-ABFB-13A3D2A4DFD9} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MEDIA RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\TSMAGENT.EXE |
{677A9E7F-FD1D-43F0-BEAB-44071522252E} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{6D943CDE-DE54-4A03-9B49-0EE9172860A8} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK MEDIA SERVICE | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\KERNEL\CLML\CLMLSVC.EXE |
{6DDDECE2-F9AC-41B6-955B-E1F90A578A07} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART VIDEO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTVIDEO.EXE |
{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{794C808C-B7F9-481D-B203-24D8833E64A7} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{7F44E620-322E-4632-BD47-E922A0D64CE0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL SHARED COMPONENTS | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1238453836\EE\AOLSOFTWARE.EXE |
{8062A63B-4E36-496C-A1F1-86DE15E0F489} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL TOPSPEED | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\TOPSPEED\3.0\AOLTPSD3.EXE |
{86FFAD59-F68C-4EF6-8B1A-F7FA9E7C3A32} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLACSD.EXE |
{873B2146-51AF-4795-B09E-DBEEC48F1DB8} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL SYSTEM INFORMATION | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{8BFB4B39-1012-4269-B464-B18DF96B8F64} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK MEDIA SERVICE | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\KERNEL\CLML\CLMLSVC.EXE |
{95E263DF-A783-43C9-9AAE-48CF9B48818A} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\TV\QP.EXE |
{A0011D3C-46F3-480A-A531-A6B775CD78A6} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLACSD.EXE |
{A7A1EBDD-154A-44BD-8988-8438D02E0A7C} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART PHOTO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTPHOTO.EXE |
{AC0BE277-DCD9-4A3D-80AA-9BF4A4D9CF5F} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | [email protected],-28545 |
{B0958F27-BECB-4E6F-9B65-CD79ADE43343} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL SHARED COMPONENTS | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1238453836\EE\AOLSOFTWARE.EXE |
{BA219E16-CDC6-4EB5-9EF8-747F5B195C36} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{BA7A722C-81F1-4CCA-B51D-34ECD0B05E60} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{C7157DE2-341F-4F9E-86E0-7CCC179922FE} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART VIDEO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTVIDEO.EXE |
{C7448AEA-AC8C-4EEC-9165-449A374A7022} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MUSIC | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTMUSIC.EXE |
{CB384D7B-AB5F-4AC1-9898-A256218ADECC} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MUSIC | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTMUSIC.EXE |
{CBCF7518-D8E3-4F5D-96FF-5CF0D38445A9} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{CDF2259D-EBAD-4B10-915F-BA8AE2457544} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE DIALER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{D031DF02-F078-419E-BDC8-FBD6C23F20B1} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | [email protected],-28546 |
{D1ED5C44-9E21-4856-B344-B3F4C7F12B59} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{D2EFFAEE-D2A5-4597-92C8-41AA27D90048} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MEDIA RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\TSMAGENT.EXE |
{D964441E-3DD7-4572-8DC6-7E48B7BE176B} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{F24C897B-6138-4256-B6A4-92A2FA45A183} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL TOPSPEED | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\TOPSPEED\3.0\AOLTPSD3.EXE |
{F5CBBEF8-DB4E-4F73-9AE3-793BEE9A0D45} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | [email protected],-28543 |
[color=\"orange\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(tm) 6 Update 12
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(tm) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Email Removed Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DAE01A4C-A343-18A6-77B8-B6C1FD56612C}" = Search Assistant Trueads
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"16d86614-22d1-e813-5d68-50ed066caf49" = Contextual Application Trueads
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BFGC" = Big Fish Games Client
"BFG-Cooking Dash" = Cooking Dash
"BFG-Diner Dash Flo on the Go" = Diner Dash Flo on the Go
"BFG-Fitness Dash" = Fitness Dash
"BFG-Magic Ball 3" = Magic Ball 3
"BFG-My Tribe" = My Tribe
"BFG-Virtual Villagers" = Virtual Villagers: A New Home
"BFG-Virtual Villagers - The Lost Children" = Virtual Villagers: The Lost Children
"BFG-Virtual Villagers - The Secret City" = Virtual Villagers: The Secret City
"BFG-Westward III" = Westward III: Gold Rush
"BFG-Zuma Deluxe" = Zuma Deluxe
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire PRO 5.1.2
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NIS" = Norton Internet Security
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ULTIMATER" = Microsoft Office Ultimate 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
[color=\"orange\"]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 5/11/2009 4:31:29 PM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application TVAgent.exe, version 2.0.1.924, time stamp 0x48da0ed1,
faulting module MSVCR71.dll, version 7.10.3052.4, time stamp 0x3e561eac, exception
code 0xc0000005, fault offset 0x00010428, process id 0xbf8, application start time
0x01c9d275f286a95d.
Error - 5/12/2009 2:35:05 AM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e791, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791adec,
exception code 0xc0000005, fault offset 0x000000000001f7fa, process id 0x700, application
start time 0x01c9d275efea6b0d.
Error - 5/12/2009 2:27:54 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/12/2009 2:35:52 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/12/2009 2:48:21 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/12/2009 2:51:29 PM | Computer Name = home-PC | Source = System Restore | ID = 8209
Description =
Error - 5/12/2009 3:00:10 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/12/2009 3:03:07 PM | Computer Name = home-PC | Source = System Restore | ID = 8209
Description =
Error - 5/12/2009 3:17:10 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/12/2009 3:19:52 PM | Computer Name = home-PC | Source = System Restore | ID = 8209
Description =
[ System Events ]
Error - 5/11/2009 4:14:50 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/11/2009 4:20:33 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 2:27:34 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 2:35:26 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 2:47:28 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 2:59:46 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 3:16:04 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 3:25:06 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 4:11:03 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
Error - 5/13/2009 3:56:03 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Post by: guestolo on May 15, 2009, 11:07:33 PM
# When the Control Panel window opens click on the Uninstall a program option
under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following:
Search Assistant Trueads
and
Contextual Application Trueads
If you are prompted for a verification code, type it in and follow the prompts
If you can't type in the code, try and copy/paste the code
Reboot the computer afterwards
Back in Windows
Right click on OTListit2.exe and choose to "Run as Administrator"
Copy the contents of the paths below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
[color=\"#0000FF\"]:OTLI
O2 - BHO: (trueads search enhancer) - {3CDE6E37-E66E-AEAA-2448-F2F550B799E2} - C:\Windows\SysWow64\fmsjnmqveusjfoq.dll ()
O2 - BHO: (trueads) - {d02bd486-56a6-aea3-c9fb-3352a78d8400} - C:\Windows\SysWow64\nsr2778.dll ()
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
:files
C:\Program Files (x86)\mozilla firefox\components\0cbb38e2-ac28-5efc-b550-f24254030a0b.dll
C:\Program Files (x86)\mozilla firefox\components\fmsjnmqveusjfoq.dll
C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe
C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe
C:\Windows\System32\fmsjnmqveusjfoq.dll
C:\Windows\System32\nsr2778.dll
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
:commands
[emptytemp]
[Reboot][/color]
- Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTListIt2
Back in Windows
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Recap: Post the log from OTListit2
and the report from MBAM
a copy of OTListit's log of what was cleaned/removed will be placed on desktop
It will be a text file with date of scan as it's name
Keep me informed how things are running please
Post by: sona on May 15, 2009, 11:54:12 PM
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CDE6E37-E66E-AEAA-2448-F2F550B799E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CDE6E37-E66E-AEAA-2448-F2F550B799E2}\ not found.
File C:\Windows\SysWow64\fmsjnmqveusjfoq.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d02bd486-56a6-aea3-c9fb-3352a78d8400}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d02bd486-56a6-aea3-c9fb-3352a78d8400}\ not found.
File C:\Windows\SysWow64\nsr2778.dll not found.
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\user.js moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\mozilla firefox\components\0cbb38e2-ac28-5efc-b550-f24254030a0b.dll not found.
File\Folder C:\Program Files (x86)\mozilla firefox\components\fmsjnmqveusjfoq.dll not found.
File\Folder C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe not found.
File\Folder C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe not found.
File\Folder C:\Windows\System32\fmsjnmqveusjfoq.dll not found.
File\Folder C:\Windows\System32\nsr2778.dll not found.
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-16--00-39-36.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET778F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET9C2F.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05162009_005043
Files moved on Reboot...
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-16--00-39-36.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET778F.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET9C2F.tmp not found!
Registry entries deleted on Reboot...
Post by: sona on May 16, 2009, 12:01:24 AM
Database version: 2139
Windows 6.0.6001 Service Pack 1
5/16/2009 1:00:44 AM
mbam-log-2009-05-16 (01-00-44).txt
Scan type: Quick Scan
Objects scanned: 68637
Time elapsed: 1 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Post by: guestolo on May 16, 2009, 12:07:29 AM
In addition: Can you delete OTListit2.txt file on desktop we created earlier
* Close all windows and Right click on OTListIt2.exe and choose to "Run as Administrator"
* Click Run Scan and let the program run uninterrupted
* It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.
This time, just post back the log that opens>>OTListIt2.txt
Post by: sona on May 16, 2009, 06:55:10 AM
Database version: 2139
Windows 6.0.6001 Service Pack 1
5/16/2009 7:54:06 AM
mbam-log-2009-05-16 (07-54-06).txt
Scan type: Quick Scan
Objects scanned: 68532
Time elapsed: 1 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Post by: sona on May 16, 2009, 06:58:41 AM
Post by: guestolo on May 16, 2009, 08:41:29 AM
Quote
In addition: Can you delete OTListit2.txt file on desktop we created earlier
* Close all windows and Right click on OTListIt2.exe and choose to "Run as Administrator"
* Click Run Scan and let the program run uninterrupted
* It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.
This time, just post back the log that opens>>OTListIt2.txt
Can you still do that part please
Is Norton's already expired?
Post by: sona on May 16, 2009, 10:01:06 AM
Is Norton's already expired?[/quote]
I deleted the ot list. Yes it expired today.
Post by: guestolo on May 16, 2009, 10:05:12 AM
Ensure that you delete the text files created by OTListit2 that are on your desktop
If you haven't already deleted OTListit2.exe on desktop, do so now
Then do this step:
REDownload [color=\"#FF0000\"]OTListIt2[/color] (http://\"http://oldtimer.geekstogo.com/OTListIt2.exe\")[/url] by OldTimer to your Desktop.
- Close all windows and Right click on OTListIt2.exe and "Run as Administrator"
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.
Post by: sona on May 16, 2009, 01:38:54 PM
Database version: 2139
Windows 6.0.6001 Service Pack 1
5/16/2009 2:38:05 PM
mbam-log-2009-05-16 (14-38-05).txt
Scan type: Quick Scan
Objects scanned: 68625
Time elapsed: 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Post by: sona on May 16, 2009, 01:40:06 PM
Post by: guestolo on May 16, 2009, 02:52:14 PM
Why do you keep posting a log from Malwarebytes Anti-Malware??
I'm very confused
I'm going to ask you the next instructions for the THIRD time now
This will be the last time I ask for this
REDownload [color=\"#FF0000\"]OTListIt2[/color] (http://\"http://oldtimer.geekstogo.com/OTListIt2.exe\")[/url] by OldTimer to your Desktop.
- Close all windows and Right click on OTListIt2.exe and "Run as Administrator"
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.
Post by: sona on May 16, 2009, 08:05:29 PM
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.93 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 58.86% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.25 Gb Free Space | 71.16% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
[color=\"orange\"]========== Processes (SafeList) ==========[/color]
PRC - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/10 16:27:07 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files (x86)\LimeWire\LimeWire.exe
PRC - [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/03/21 23:19:57 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
PRC - [2008/04/11 12:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/05/16 21:03:39 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\home\Downloads\OTListIt2(6).exe
[color=\"orange\"]========== Win32 Services (SafeList) ==========[/color]
SRV - [2008/06/27 11:53:06 | 00,089,088 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV - [2007/12/11 16:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\sysnative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/05/05 18:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/03/18 20:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\sysnative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/19 21:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 22:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
SRV - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/09/11 07:53:00 | 00,279,040 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[color=\"orange\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2008/03/27 16:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/02/29 19:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/01/12 04:18:55 | 01,522,168 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV - [2009/03/18 16:44:07 | 00,332,848 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\BHDrvx64.sys -- (BHDrvx64 [System | Running])
DRV - [2009/03/18 16:44:07 | 00,582,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\ccHPx64.sys -- (ccHP [System | Running])
DRV - [2008/01/20 22:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
DRV - [2008/09/04 13:48:00 | 00,064,000 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,131,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/03/27 16:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 20:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2009/01/29 17:50:10 | 00,396,848 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSvia64.sys -- (IDSVia64 [System | Running])
DRV - [2008/08/14 06:18:54 | 08,029,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV - [2008/07/15 04:20:42 | 00,126,464 | ---- | M] () -- C:\Windows\sysnative\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\ENG64.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/03/13 10:44:26 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\EX64.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/01/20 22:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV - [2008/08/06 12:26:08 | 00,174,592 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/09/19 21:43:58 | 00,068,096 | ---- | M] () -- C:\Windows\sysnative\drivers\RTSTOR64.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2008/01/20 22:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,476,720 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SRTSP64.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,304 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SRTSPX64.SYS -- (SRTSPX [System | Running])
DRV - [2008/09/11 07:54:44 | 00,465,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV - [2008/01/20 22:47:25 | 00,012,288 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,402,992 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SYMEFA64.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/25 20:40:57 | 00,172,080 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,138,288 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,816 | R--- | M] () -- C:\Windows\sysnative\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009/03/12 04:43:27 | 00,046,640 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,310,320 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/06/19 21:37:42 | 00,325,680 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 22:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV - [2006/11/29 18:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\wanatw64.sys -- (wanatw [On_Demand | Running])
DRV - [2006/10/03 21:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2008/09/26 06:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])
[color=\"orange\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"orange\"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/ (http://\"http://www27.yoog.com/\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=\"orange\"]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/10/18 19:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/13 22:38:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/05/16 14:20:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/05/12 17:34:56 | 00,000,000 | ---D | M]
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 18:33:16 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\yk9dkhpe.default\extensions
[2009/05/16 14:22:13 | 00,000,247 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
[2009/05/16 14:23:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/05/12 17:34:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 23:20:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe" (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (CyberLink Corp.)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU" ()
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: Email Removed ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab\") (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab\") (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab\") (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab\") (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/16 11:07:41 | 00,000,000 | ---D | M]
[color=\"orange\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2009/05/16 11:03:54 | 00,001,708 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/16 00:57:21 | 00,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes
[2009/05/16 00:57:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/16 00:57:19 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/16 00:57:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/16 00:57:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/16 00:57:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/05/16 00:50:43 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/15 18:15:13 | 00,012,756 | ---- | C] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 17:39:26 | 00,011,090 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 16:25:09 | 00,014,809 | ---- | C] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:44 | 00,673,152 | ---- | C] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:42 | 00,602,247 | ---- | C] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:54 | 00,467,718 | ---- | C] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:39 | 00,705,880 | ---- | C] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:05 | 00,524,416 | ---- | C] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:29 | 00,586,106 | ---- | C] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:07 | 00,519,581 | ---- | C] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:09:26 | 00,011,945 | ---- | C] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | C] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/12 16:44:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/05/10 19:13:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2009/05/09 22:13:13 | 00,019,789 | ---- | C] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 18:09:00 | 00,015,334 | ---- | C] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 13:03:10 | 00,012,893 | ---- | C] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 20:35:56 | 00,014,344 | ---- | C] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | C] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | C] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:26 | 00,055,454 | ---- | C] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 21:18:32 | 00,012,519 | ---- | C] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | C] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | C] () -- C:\Users\home\Documents\DAD1.docx
[2009/04/29 23:38:33 | 00,011,601 | ---- | C] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:46:13 | 00,014,523 | ---- | C] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/29 21:27:22 | 00,011,102 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:36 | 00,011,681 | ---- | C] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/27 21:03:56 | 00,012,528 | ---- | C] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/27 17:08:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/04/27 17:05:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/04/26 22:19:39 | 00,012,611 | ---- | C] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 16:08:07 | 00,012,797 | ---- | C] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 16:48:48 | 00,012,658 | ---- | C] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:15 | 00,015,676 | ---- | C] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:31:12 | 00,183,296 | ---- | C] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | C] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 13:56:11 | 00,011,743 | ---- | C] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
[2006/11/02 08:34:27 | 00,000,336 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[color=\"orange\"]========== Files - Modified Within 30 Days ==========[/color]
[2009/05/16 21:01:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/16 14:23:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/16 14:23:18 | 42,228,32640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/16 11:03:54 | 00,001,708 | ---- | M] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/16 00:57:19 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/15 22:45:03 | 00,012,756 | ---- | M] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 19:44:54 | 00,011,090 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 18:58:16 | 00,014,809 | ---- | M] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:50 | 00,673,152 | ---- | M] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:46 | 00,602,247 | ---- | M] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:56 | 00,467,718 | ---- | M] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:44 | 00,705,880 | ---- | M] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:07 | 00,524,416 | ---- | M] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:32 | 00,586,106 | ---- | M] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:13 | 00,519,581 | ---- | M] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:49:01 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhome.job
[2009/05/12 21:17:34 | 00,011,945 | ---- | M] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | M] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/10 23:33:36 | 00,019,789 | ---- | M] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 23:20:41 | 00,015,334 | ---- | M] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 23:11:04 | 00,012,893 | ---- | M] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 22:35:23 | 00,014,344 | ---- | M] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | M] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | M] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:27 | 00,055,454 | ---- | M] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 23:17:51 | 00,012,519 | ---- | M] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | M] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | M] () -- C:\Users\home\Documents\DAD1.docx
[2009/05/01 22:08:18 | 00,014,523 | ---- | M] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/30 23:15:36 | 00,011,601 | ---- | M] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:31:17 | 00,011,102 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:37 | 00,011,681 | ---- | M] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/28 22:26:07 | 00,012,528 | ---- | M] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/28 16:29:03 | 00,000,336 | ---- | M] () -- C:\Windows\win.ini
[2009/04/26 22:19:39 | 00,012,611 | ---- | M] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 21:44:03 | 00,012,797 | ---- | M] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 17:46:36 | 00,012,658 | ---- | M] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:16 | 00,015,676 | ---- | M] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:37:52 | 00,183,296 | ---- | M] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | M] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 16:45:27 | 00,011,743 | ---- | M] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
[color=\"orange\"]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:61A065F2
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:D3A8AA31
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3A6BC948
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:A2B9AD4B
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:A1D3FEF0
< End of report >
Post by: guestolo on May 17, 2009, 11:53:34 AM
RIGHT CLICK on OTListIt2.exe on destkop and choose to "Run As Administrator"
Copy the contents of the paths below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
[color=\"#0000FF\"]:OTLI
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/ (http://\"http://www27.yoog.com/\")
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
:files
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
@C:\ProgramData\Temp:1F96ED45
@C:\ProgramData\Temp:C0A2E219
@C:\ProgramData\Temp:22741C1F
@C:\ProgramData\Temp:60C897F3
@C:\ProgramData\Temp:16B49C20
@C:\ProgramData\Temp:61A065F2
@C:\ProgramData\Temp:D3A8AA31
@C:\ProgramData\Temp:3A6BC948
@C:\ProgramData\Temp:A2B9AD4B
@C:\ProgramData\Temp:A1D3FEF0
:commands
[emptytemp]
[Reboot][/color]
- Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Close all Browser windows, including this one
- Then Click the red Run Fix button.
- Let the program run unhindered, reboot when it is done
- Then post a new OTL2 log
Post by: sona on May 18, 2009, 01:40:17 PM
========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\user.js moved successfully.
========== FILES ==========
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml moved successfully.
ADS C:\ProgramData\Temp:1F96ED45 deleted successfully.
ADS C:\ProgramData\Temp:C0A2E219 deleted successfully.
ADS C:\ProgramData\Temp:22741C1F deleted successfully.
ADS C:\ProgramData\Temp:60C897F3 deleted successfully.
ADS C:\ProgramData\Temp:16B49C20 deleted successfully.
ADS C:\ProgramData\Temp:61A065F2 deleted successfully.
ADS C:\ProgramData\Temp:D3A8AA31 deleted successfully.
ADS C:\ProgramData\Temp:3A6BC948 deleted successfully.
ADS C:\ProgramData\Temp:A2B9AD4B deleted successfully.
ADS C:\ProgramData\Temp:A1D3FEF0 deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\hsperfdata_home\2536 scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--13-25-02.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET9CEA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET9C7D.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05182009_143015
Files moved on Reboot...
File C:\Users\home\AppData\Local\Temp\hsperfdata_home\2536 not found!
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--13-25-02.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET9CEA.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET9C7D.tmp not found!
Registry entries deleted on Reboot...
Second log posted
========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
========== FILES ==========
File\Folder C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found.
File\Folder C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml not found.
Unable to delete ADS C:\ProgramData\Temp:1F96ED45 .
Unable to delete ADS C:\ProgramData\Temp:C0A2E219 .
Unable to delete ADS C:\ProgramData\Temp:22741C1F .
Unable to delete ADS C:\ProgramData\Temp:60C897F3 .
Unable to delete ADS C:\ProgramData\Temp:16B49C20 .
Unable to delete ADS C:\ProgramData\Temp:61A065F2 .
Unable to delete ADS C:\ProgramData\Temp:D3A8AA31 .
Unable to delete ADS C:\ProgramData\Temp:3A6BC948 .
Unable to delete ADS C:\ProgramData\Temp:A2B9AD4B .
Unable to delete ADS C:\ProgramData\Temp:A1D3FEF0 .
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--14-31-50.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET2A88.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET95D8.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05182009_143702
Files moved on Reboot...
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--14-31-50.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET2A88.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET95D8.tmp not found!
Registry entries deleted on Reboot...
Post by: guestolo on May 18, 2009, 01:45:07 PM
Do a System Scan and save logfile
Post the new log that opens
In addition, let me know how things are now running
Post by: sona on May 18, 2009, 02:04:23 PM
Scan saved at 3:03:06 PM, on 5/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12753 bytes
Things are running fine
Post by: guestolo on May 18, 2009, 03:21:51 PM
- Right click on OTListIt2.exe to "Run as Administrator"
- Click the Cleanup! button
- Select Yes to reboot Now
Take care sona
If you have any problems within the next couple days post back in this topic
Post by: guestolo on May 18, 2009, 03:37:15 PM
Do the above, do you want to try a free solution of AntiVirus software?
Post by: sona on May 18, 2009, 05:26:57 PM
Post by: guestolo on May 18, 2009, 10:16:47 PM
Which do you prefer to have installed?
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html\")
Whichever you decide that you like, download and save the installer to desktop
DO NOT install it yet, but let me know which one you decided on
You ONLY want one AV software installed
Post by: sona on May 19, 2009, 04:32:39 AM
Which do you prefer to have installed?
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html\")
Whichever you decide that you like, download and save the installer to desktop
DO NOT install it yet, but let me know which one you decided on
You ONLY want one AV software installed[/quote]
I will go with the Avira.
Post by: guestolo on May 19, 2009, 10:11:34 AM
Next:
Download and save to your Desktop, the NORTON REMOVAL TOOL (http://\"http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&ssfromlink=true&sprt_cid=1a13409b-29db-4397-a286-9dec49f8e252&seg=hho&ct=us&lg=en&docurl=20080828154508EN\")
From STEP 2 from the link, DON'T run it yet
1. Click the Start button to open your Start Menu.
2. When the Start Menu opens click on the Control Panel menu option.
3. When the Control Panel window opens click on the Uninstall a program option under the Programs category. If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall Norton Internet Security
Reboot when the uninstallation is complete
Norton can be tough to remove completely, I've even had users who can't access the Internet after removal
Now the next step
Right click the Norton Removal tool you downloaded earlier and choose to "Run as Administrator"
Follow all the prompts, if asked for a verification code when running the tool, type it in and continue
Reboot when prompted, if not prompted, reboot the computer anyways
Back in Windows
Ensure that the Vista Firewall is ON
1. Open Windows Firewall by clicking the Start button >clicking Control Panel, clicking Security, and then clicking Windows Firewall.
2. Click Turn Windows Firewall on or off. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Click On (recommended), and then click OK.
Right click on the Avira installer and choose to "Run As Administrator"
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time
NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it
A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"
Quarantine or delete everything it finds
When the scan is finished
Reboot the computer
Back in Windows
Can you post all the following back please
Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
Post by: sona on May 20, 2009, 08:21:37 PM
Post by: sona on May 26, 2009, 10:15:51 AM
Report file date: Tuesday, May 26, 2009 10:29
Scanning for 1426566 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-PC
Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 13:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26
ANTIVIR2.VDF : 7.1.4.0 2336768 Bytes 5/20/2009 14:27:41
ANTIVIR3.VDF : 7.1.4.19 199680 Bytes 5/26/2009 14:27:42
Engineversion : 8.2.0.168
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/26/2009 14:27:52
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 5/26/2009 14:27:51
AESCN.DLL : 8.1.2.3 127347 Bytes 5/26/2009 14:27:50
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 5/26/2009 14:27:49
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 5/26/2009 14:27:47
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56
AEGEN.DLL : 8.1.1.44 348532 Bytes 5/26/2009 14:27:44
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 5/26/2009 14:27:43
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: Tuesday, May 26, 2009 10:29
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '0' Module(s) have been scanned
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '0' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '0' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'TSMAgent.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TVSched.exe' - '1' Module(s) have been scanned
Scan process 'TVCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '0' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '0' Module(s) have been scanned
Scan process 'SmartMenu.exe' - '0' Module(s) have been scanned
Scan process 'sttray64.exe' - '0' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned
Scan process 'igfxpers.exe' - '0' Module(s) have been scanned
Scan process 'hkcmd.exe' - '0' Module(s) have been scanned
Scan process 'igfxtray.exe' - '0' Module(s) have been scanned
Scan process 'BLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'agr64svc.exe' - '0' Module(s) have been scanned
Scan process 'AESTSr64.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'wlanext.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'hpservice.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '37' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\HP\BIN\EndProcess.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
C:\Program Files (x86)\Hewlett-Packard\HP TCS\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
C:\Users\home\Documents\LimeWire\Saved\chuck willis extended live version.snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\free style explosion.wma
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\jada and alchemist - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\the best of louis jordan.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
Begin scan in 'D:\' <RECOVERY>
Beginning disinfection:
C:\HP\BIN\EndProcess.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
[NOTE] The file was moved to '4a80070b.qua'!
C:\Program Files (x86)\Hewlett-Packard\HP TCS\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
[NOTE] The file was moved to '4a900702.qua'!
C:\Users\home\Documents\LimeWire\Saved\chuck willis extended live version.snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a910705.qua'!
C:\Users\home\Documents\LimeWire\Saved\free style explosion.wma
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a81070f.qua'!
C:\Users\home\Documents\LimeWire\Saved\jada and alchemist - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a8006fe.qua'!
C:\Users\home\Documents\LimeWire\Saved\the best of louis jordan.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a810705.qua'!
End of the scan: Tuesday, May 26, 2009 11:11
Used time: 40:03 Minute(s)
The scan has been done completely.
27938 Scanned directories
481280 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
481272 Files not concerned
3770 Archives were scanned
2 Warnings
8 Notes
Post by: guestolo on May 26, 2009, 12:45:06 PM
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Close down all browser windows
Uninstall the following:
Javaâ„¢ 6 Update 12
Javaâ„¢ 6 Update 7
In addition, if you didn't purposely install the next one, uninstall it also
Viewpoint Media Player
Reboot the computer after any/all of the above are removed
Back in Windows
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "JRE 6 Update 13".
- Click the "Download" button to the right.
- In the Window that opens, beside PLATFORM: in the drop down menu select Windows x64>>Check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop Right click on jre-6u13-windows-x64-p.exe and choose to "Run as Administrator" to install the newest version.
I think that Avira, as many other scanners do, selected 2 files for quarantine that can be used maliciously
Or legit
In your case, they are probably legit, but let's get a second opinion
==============================================
# Click on the Start button in the Lower left screen of Windows
# Click on the Control Panel menu option.
# When the control panel opens you can either be in Classic View or Control Panel Home view:
If you are in the Classic View do the following:
# Double-click on the Folder Options icon.
#Click on the View tab.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files
If you are in the Control Panel Home view do the following:
#Click on the Appearance and Personalization link.
#Click on Show Hidden Files or Folders.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files
Apply and OK it
================================================================
I can't remember where Avira holds it infected backups in Vista, I believe it's this folder
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
It may just put the Infected folder in your user account, I'm not sure
go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Browse to the file
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a80070b.qua
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page
Do the same for the next file
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a900702.qua
Once you have scanned those files
You can go back and Hide System Files/Folders and Protected Operating Files by reversing the steps we did earlier
Post by: denbo11 on May 28, 2009, 09:07:13 AM
First i went to add and remove programs and completly uninstalled Mozzila Firefox including Thunderbird. then i went to search files and typed in mozzila,firefox,thunderbird.
even after uninstalling them i still had a couple of files in my C.drive-documents and settings-all users-Mozilla. this i deleted then emptied the recycle bin. then run another search in all files and folders to make sure there was nothing showing. re booted typed in mozilla in the IE search bar downloaded the latest version, installed and now everything is back to the way it was befour.
Although i am no computor buff i did ask my webmaster about it and it was he that told me what to do. It worked for me so im sure it will for you. All i can say is that i will not be useing Lime wire again.
I do wish you luck please let me know if it has worked for you also.
Post by: sona on June 15, 2009, 08:04:33 PM
[quote name=\'guestolo\' post=\'463072\' date=\'May 26 2009, 01:45 PM\']Can we do the following
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Close down all browser windows
Uninstall the following:
Javaâ„¢ 6 Update 12
Javaâ„¢ 6 Update 7
In addition, if you didn't purposely install the next one, uninstall it also
Viewpoint Media Player
Reboot the computer after any/all of the above are removed
Back in Windows
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "JRE 6 Update 13".
- Click the "Download" button to the right.
- In the Window that opens, beside PLATFORM: in the drop down menu select Windows x64>>Check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop Right click on jre-6u13-windows-x64-p.exe and choose to "Run as Administrator" to install the newest version.
I think that Avira, as many other scanners do, selected 2 files for quarantine that can be used maliciously
Or legit
In your case, they are probably legit, but let's get a second opinion
==============================================
# Click on the Start button in the Lower left screen of Windows
# Click on the Control Panel menu option.
# When the control panel opens you can either be in Classic View or Control Panel Home view:
If you are in the Classic View do the following:
# Double-click on the Folder Options icon.
#Click on the View tab.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files
If you are in the Control Panel Home view do the following:
#Click on the Appearance and Personalization link.
#Click on Show Hidden Files or Folders.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files
Apply and OK it
================================================================
I can't remember where Avira holds it infected backups in Vista, I believe it's this folder
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
It may just put the Infected folder in your user account, I'm not sure
go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Browse to the file
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a80070b.qua
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page
Do the same for the next file
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a900702.qua
Once you have scanned those files
You can go back and Hide System Files/Folders and Protected Operating Files by reversing the steps we did earlier[/quote]
Post by: guestolo on June 15, 2009, 08:27:10 PM
Are you still having problems with Yoog?
Post by: sona on June 15, 2009, 09:26:19 PM
Are you still having problems with Yoog?[/quote]
no problems with yoog
Post by: sona on June 17, 2009, 09:24:46 AM
http://www.virustotal.com/analisis/22cef0d...deba-1245120286 (http://\"http://www.virustotal.com/analisis/22cef0d4c7dfbc56dd8a64a3feee27c41fce32f0699ac8b0ac401d8f04cedeba-1245120286\")
Post by: sona on June 20, 2009, 06:49:50 PM
Post by: guestolo on June 20, 2009, 07:50:09 PM
Can you do the following:
Please download [color=\"blue\"]OTS.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTS.exe\")[/url] to your Desktop.
- Close ALL OTHER PROGRAMS.
- RIGHT-Click on OTS.exe and choose Run as Administrator.
- Under Additional Scans (purple bar) click "Extras".
- Check the box next to Include 64bit scans (on the left side of the gray toolbar)
- Do not change any other settings.
- Now click the Run Scan button on the left side of the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete, Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Post by: sona on June 20, 2009, 09:44:02 PM
Post by: guestolo on June 20, 2009, 09:45:51 PM
In a reply box, click on Browse.... on the bottom right
browse to the log and select it, then click the UPLOAD button
Post by: sona on June 20, 2009, 10:01:49 PM
In a reply box, click on Browse.... on the bottom right
browse to the log and select it, then click the UPLOAD button[/quote]
Hope this is right!
Post by: guestolo on June 20, 2009, 10:29:56 PM
In your Search engine?
Post by: sona on June 30, 2009, 07:09:18 AM
Post by: guestolo on July 01, 2009, 03:04:48 PM
- Download [color=\"#FF0000\"]OTL[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] to your desktop.
- Double click on the icon to run it.
- Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, paste in the entire contents of the Code box below, starting with :OTL, not including the work code
Code: [Select]
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www3.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www5.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www6.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www7.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www8.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www9.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www10.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www11.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www13.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www14.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www15.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www26.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www28.yoog.com/
FF - prefs.js..browser.search.defaulturl: "http://www28.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www28.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www28.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www28.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..keyword.URL: "http://www14.yoog.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www14.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www8.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www8.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www8.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www8.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www5.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www7.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www7.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www7.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www7.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www13.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www13.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www3.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www3.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www3.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www3.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www10.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www10.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www11.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www11.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www11.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www11.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www2.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www2.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www2.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www2.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www26.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www26.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www26.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www26.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www5.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www5.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www5.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www5.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www1.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www1.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www6.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www6.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www6.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www6.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
:Files
%ProgramFiles%\IEToolbar
%ProgramFiles%\Mozilla Firefox\components\nsadzgalore.dll
%ProgramFiles%\Mozilla Firefox\components\nsadsoftinc.dll
%ProgramFiles%\Mozilla Firefox\components\nsBrowserOpt.dll
%ProgramFiles%\Mozilla Firefox\searchplugins\Yoog.xml
%ProgramFiles%\Mozilla Firefox\components\nsBrowserDc.dll
%ProgramFiles%\Mozilla Firefox\components\nsdcads.dll
%APPDATA%\Mozilla\Firefox\Profiles\Yoog Search.xml /s
%PROGRAMFILES%\Mozilla Firefox\components\mexmgzdhgnvqilpib.dll
%SystemRoot%\system32\mexmgzdhgnvqilpib.dll
%PROGRAMFILES%\mozilla firefox\components\zvakwomxas.dll
%SystemRoot%\system32\zawcukanoit.exe
%SystemRoot%\System32\lkvwtxiako.dll
%SystemRoot%\system32\zvakwomxas.dll
%SystemRoot%\system32\dgbzetddjouspgzqz.dll
%SystemRoot%\System32\nsn*.dll
%SystemRoot%\nmwi*.exe
%SystemRoot%\system32\nsx*.dll
%SystemRoot%\system32\nsj*.dll
%SystemRoot%\system32\nsv*.dll
%systemroot%\system32\nsf*.dll
%systemroot%\mutfp*.exe
%systemroot%\obwu*.exe
%systemroot%\ntaj*.exe
%systemroot%\nwuhr*.exe
%systemroot%\System32\nss*.dll
%SystemRoot%\system32\*-uninst.exe
%SystemRoot%\system32\*-remove.exe
%systemroot%\system32\nsr*.dll
%systemroot%\reax*.exe
%systemroot%\giptf*.exe
%systemroot%\tkoo*.exe
%systemroot%\axjth*.exe
%systemroot%\ertbg*.exe
%systemroot%\jnnmp*.exe
%systemroot%\bprxe*.exe
%systemroot%\xwisg*.exe
%systemroot%\jpng*.exe
%systemroot%\fhsv*.exe
%systemroot%\dfmqc*.exe
%systemroot%\wgfp*.exe
%systemroot%\gweq*.exe
%systemroot%\pxwis*.exe
%systemroot%\fcvmq*.exe
%systemroot%\System32\hfkxlchuhv.dll
%systemroot%\System32\nst*.dll
%systemroot%\dmkv*.exe
%systemroot%\system32\nseE*.dll
%systemroot%\System32\nsk*.dll
%systemroot%\system32\mexmgzdhgnvqilpib.dll
%systemroot%\system32\ibgyxrpdcrlay.dll
%systemroot%\system32\ympweffizcodl.exe
%systemroot%\kdiue732.txt
%systemroot%\system32\jmcvcflmiugsrfia.exe
%PROGRAMFILES%\VnrBlock
%PROGRAMFILES%\iCheck
%systemroot%\tvilp*.exe
%systemroot%\itqot*.exe
%systemroot%\system32\wskuofzpxkxdb.exe
%systemroot%\tutvo*.exe
%systemroot%\hsep*.exe
%systemroot%\system32\pihtwcdtsghokinvg.dll
%systemroot%\system32\juluypfvhofv.dll
%systemroot%\system32\nsi*.dll
%systemroot%\system32\nsl*.dll
%systemroot%\system32\gchnamepziopknko.dll
%systemroot%\system32\pihtwcdtsghokinvg.dll
%systemroot%\system32\yprhhrqubcbujp.exe
%systemroot%\system32\ucicolizrhssr.dll
%systemroot%\system32\hiwdrlnk.exe
%systemroot%\System32\nsg*.dll
%systemroot%\System32\jifgoojjyhmkthcfk.dll
%USERPROFILE%\Start Menu\Programs\Startup\runit_32.lnk
%PROGRAMFILES%\runit
%systemroot%\System32\dsygtypzdloyoxivg.exe
%systemroot%\System32\qdfggdhhofhhylbfx.exe
%ProgramFiles%\mozilla firefox\components\????????-????-????-????-????????????.dll
%systemroot%\System32\????????-????-????-????-????????????.exe
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0d2e786-354b-fea1-8de7-883e7524e6d2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f20e8516-7d08-c1e3-e689-96d39bb42220}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad7781e6-d262-25f8-389d-967a6d974748}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B188763A-902C-98E9-780E-DAA0BF25BBFD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c18a538-eb55-9029-1fdb-37769fbefee2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58b39041-fe10-d989-5b61-50d6fe664b48}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994b5fb4-0103-44a6-b6b3-c73572b362bc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8217294-fa91-dd4d-ba56-4561001b63c8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{670b520c-3f08-4d72-94a5-047740c07766}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f9a905-789c-d4b1-d5d6-336920981691}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff6579-e7fe-8225-43c1-3fe7864edc62}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8217e11-e93b-fc21-7455-fea561f86263}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlhbxrcsmhodrzf]
:Commands
[purity]
[emptytemp]
[Reboot]- Close down ALL browser windows that are open, especially Firefox
- Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
- Let the program run unhindered, reboot the PC when it is done
- The fix should only take a few minutes to run. If it appears to freeze then try it again.
Post back the log that opens on startup, keep me informed of any problems
A copy of the log can also be found in the following folder>>C:\_OTL\MovedFiles
Post by: sona on July 01, 2009, 07:54:58 PM
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www28.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www28.yoog.com/search.php?q=" removed from keyword.URL
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\user.js moved successfully.
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www14.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: "http://www14.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www8.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www8.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www15.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www7.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www7.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www13.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www13.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www3.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www3.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www10.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www10.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www11.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www11.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www2.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www2.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www26.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www26.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www5.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www5.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www1.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www1.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www9.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www9.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www6.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www6.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
========== FILES ==========
File/Folder C:\Program Files (x86)\IEToolbar not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsadzgalore.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsadsoftinc.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsBrowserOpt.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\searchplugins\Yoog.xml not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsBrowserDc.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsdcads.dll not found.
File/Folder C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\Yoog Search.xml not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Windows\system32\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Program Files (x86)\mozilla firefox\components\zvakwomxas.dll not found.
File/Folder C:\Windows\system32\zawcukanoit.exe not found.
File/Folder C:\Windows\System32\lkvwtxiako.dll not found.
File/Folder C:\Windows\system32\zvakwomxas.dll not found.
File/Folder C:\Windows\system32\dgbzetddjouspgzqz.dll not found.
File/Folder C:\Windows\System32\nsn*.dll not found.
File/Folder C:\Windows\nmwi*.exe not found.
File/Folder C:\Windows\system32\nsx*.dll not found.
File/Folder C:\Windows\system32\nsj*.dll not found.
File/Folder C:\Windows\system32\nsv*.dll not found.
File/Folder C:\Windows\system32\nsf*.dll not found.
File/Folder C:\Windows\mutfp*.exe not found.
File/Folder C:\Windows\obwu*.exe not found.
File/Folder C:\Windows\ntaj*.exe not found.
File/Folder C:\Windows\nwuhr*.exe not found.
File/Folder C:\Windows\System32\nss*.dll not found.
File/Folder C:\Windows\system32\*-uninst.exe not found.
File/Folder C:\Windows\system32\*-remove.exe not found.
File/Folder C:\Windows\system32\nsr*.dll not found.
File/Folder C:\Windows\reax*.exe not found.
File/Folder C:\Windows\giptf*.exe not found.
File/Folder C:\Windows\tkoo*.exe not found.
File/Folder C:\Windows\axjth*.exe not found.
File/Folder C:\Windows\ertbg*.exe not found.
File/Folder C:\Windows\jnnmp*.exe not found.
File/Folder C:\Windows\bprxe*.exe not found.
File/Folder C:\Windows\xwisg*.exe not found.
File/Folder C:\Windows\jpng*.exe not found.
File/Folder C:\Windows\fhsv*.exe not found.
File/Folder C:\Windows\dfmqc*.exe not found.
File/Folder C:\Windows\wgfp*.exe not found.
File/Folder C:\Windows\gweq*.exe not found.
File/Folder C:\Windows\pxwis*.exe not found.
File/Folder C:\Windows\fcvmq*.exe not found.
File/Folder C:\Windows\System32\hfkxlchuhv.dll not found.
File/Folder C:\Windows\System32\nst*.dll not found.
File/Folder C:\Windows\dmkv*.exe not found.
File/Folder C:\Windows\system32\nseE*.dll not found.
File/Folder C:\Windows\System32\nsk*.dll not found.
File/Folder C:\Windows\system32\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Windows\system32\ibgyxrpdcrlay.dll not found.
File/Folder C:\Windows\system32\ympweffizcodl.exe not found.
File/Folder C:\Windows\kdiue732.txt not found.
File/Folder C:\Windows\system32\jmcvcflmiugsrfia.exe not found.
File/Folder C:\Program Files (x86)\VnrBlock not found.
File/Folder C:\Program Files (x86)\iCheck not found.
File/Folder C:\Windows\tvilp*.exe not found.
File/Folder C:\Windows\itqot*.exe not found.
File/Folder C:\Windows\system32\wskuofzpxkxdb.exe not found.
File/Folder C:\Windows\tutvo*.exe not found.
File/Folder C:\Windows\hsep*.exe not found.
File/Folder C:\Windows\system32\pihtwcdtsghokinvg.dll not found.
File/Folder C:\Windows\system32\juluypfvhofv.dll not found.
DllUnregisterServer procedure not found in C:\Windows\system32\nsi.dll
C:\Windows\system32\nsi.dll NOT unregistered.
File move failed. C:\Windows\system32\nsi.dll scheduled to be moved on reboot.
File/Folder C:\Windows\system32\nsl*.dll not found.
File/Folder C:\Windows\system32\gchnamepziopknko.dll not found.
File/Folder C:\Windows\system32\pihtwcdtsghokinvg.dll not found.
File/Folder C:\Windows\system32\yprhhrqubcbujp.exe not found.
File/Folder C:\Windows\system32\ucicolizrhssr.dll not found.
File/Folder C:\Windows\system32\hiwdrlnk.exe not found.
File/Folder C:\Windows\System32\nsg*.dll not found.
File/Folder C:\Windows\System32\jifgoojjyhmkthcfk.dll not found.
File/Folder C:\Users\home\Start Menu\Programs\Startup\runit_32.lnk not found.
File/Folder C:\Program Files (x86)\runit not found.
File/Folder C:\Windows\System32\dsygtypzdloyoxivg.exe not found.
File/Folder C:\Windows\System32\qdfggdhhofhhylbfx.exe not found.
File/Folder C:\Program Files (x86)\mozilla firefox\components\????????-????-????-????-????????????.dll not found.
File/Folder C:\Windows\System32\????????-????-????-????-????????????.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0d2e786-354b-fea1-8de7-883e7524e6d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0d2e786-354b-fea1-8de7-883e7524e6d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f20e8516-7d08-c1e3-e689-96d39bb42220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20e8516-7d08-c1e3-e689-96d39bb42220}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ad7781e6-d262-25f8-389d-967a6d974748} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad7781e6-d262-25f8-389d-967a6d974748}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B188763A-902C-98E9-780E-DAA0BF25BBFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B188763A-902C-98E9-780E-DAA0BF25BBFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c18a538-eb55-9029-1fdb-37769fbefee2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c18a538-eb55-9029-1fdb-37769fbefee2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58b39041-fe10-d989-5b61-50d6fe664b48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58b39041-fe10-d989-5b61-50d6fe664b48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994b5fb4-0103-44a6-b6b3-c73572b362bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{994b5fb4-0103-44a6-b6b3-c73572b362bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8217294-fa91-dd4d-ba56-4561001b63c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8217294-fa91-dd4d-ba56-4561001b63c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{670b520c-3f08-4d72-94a5-047740c07766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{670b520c-3f08-4d72-94a5-047740c07766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f9a905-789c-d4b1-d5d6-336920981691}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78f9a905-789c-d4b1-d5d6-336920981691}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff6579-e7fe-8225-43c1-3fe7864edc62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78ff6579-e7fe-8225-43c1-3fe7864edc62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8217e11-e93b-fc21-7455-fea561f86263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8217e11-e93b-fc21-7455-fea561f86263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlhbxrcsmhodrzf\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: home
File delete failed. C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 115230645 bytes
->Java cache emptied: 17118336 bytes
->FireFox cache emptied: 87809001 bytes
->Google Chrome cache emptied: 137545201 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 2832700 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 343.87 mb
OTL by OldTimer - Version 3.0.6.1 log created on 07012009_204855
Files\Folders moved on Reboot...
DllUnregisterServer procedure not found in C:\Windows\system32\nsi.dll
C:\Windows\system32\nsi.dll NOT unregistered.
File move failed. C:\Windows\system32\nsi.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Post by: guestolo on July 01, 2009, 08:23:41 PM
Quote
keep me informed of any problems
Any problems? Any sign of yoog?
Post by: sona on July 02, 2009, 01:33:10 PM
Post by: guestolo on July 02, 2009, 10:02:59 PM
I'm running Internet Explorer 8, should be similiar to version 7
Open IE
Beside the Search bar, should be a drop down arrow (magnify glass)
In the drop down box
Select "Manage Search Engines"
Highlight "Yoog" and Remove it
Highlight your preferred Search engine and set to default
Close IE and reboot
Reopen IE, does that help you out?
Post by: sona on July 03, 2009, 09:20:50 AM