Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sona

Pages: [1] 2
1
Tech Clinic / yoog
« on: July 03, 2009, 09:20:50 AM »
Yes! Thank you!

2
Tech Clinic / yoog
« on: July 02, 2009, 01:33:10 PM »
For internet explorer, it is still showing yoog as the default search engine.  Mozilla is fine, no sign of yoog.

3
Tech Clinic / yoog
« on: July 01, 2009, 07:54:58 PM »
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www28.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www28.yoog.com/search.php?q=" removed from keyword.URL
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\user.js moved successfully.
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www14.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: "http://www14.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www8.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www8.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www15.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www7.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www7.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www13.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www13.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www3.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www3.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www10.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www10.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www11.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www11.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www2.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www2.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www26.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www26.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www5.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www5.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www1.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www1.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www9.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www9.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www6.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www6.yoog.com/search.php?q=" removed from keyword.URL
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
========== FILES ==========
File/Folder C:\Program Files (x86)\IEToolbar not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsadzgalore.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsadsoftinc.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsBrowserOpt.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\searchplugins\Yoog.xml not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsBrowserDc.dll not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\nsdcads.dll not found.
File/Folder C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\Yoog Search.xml not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox\components\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Windows\system32\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Program Files (x86)\mozilla firefox\components\zvakwomxas.dll not found.
File/Folder C:\Windows\system32\zawcukanoit.exe not found.
File/Folder C:\Windows\System32\lkvwtxiako.dll not found.
File/Folder C:\Windows\system32\zvakwomxas.dll not found.
File/Folder C:\Windows\system32\dgbzetddjouspgzqz.dll not found.
File/Folder C:\Windows\System32\nsn*.dll not found.
File/Folder C:\Windows\nmwi*.exe not found.
File/Folder C:\Windows\system32\nsx*.dll not found.
File/Folder C:\Windows\system32\nsj*.dll not found.
File/Folder C:\Windows\system32\nsv*.dll not found.
File/Folder C:\Windows\system32\nsf*.dll not found.
File/Folder C:\Windows\mutfp*.exe not found.
File/Folder C:\Windows\obwu*.exe not found.
File/Folder C:\Windows\ntaj*.exe not found.
File/Folder C:\Windows\nwuhr*.exe not found.
File/Folder C:\Windows\System32\nss*.dll not found.
File/Folder C:\Windows\system32\*-uninst.exe not found.
File/Folder C:\Windows\system32\*-remove.exe not found.
File/Folder C:\Windows\system32\nsr*.dll not found.
File/Folder C:\Windows\reax*.exe not found.
File/Folder C:\Windows\giptf*.exe not found.
File/Folder C:\Windows\tkoo*.exe not found.
File/Folder C:\Windows\axjth*.exe not found.
File/Folder C:\Windows\ertbg*.exe not found.
File/Folder C:\Windows\jnnmp*.exe not found.
File/Folder C:\Windows\bprxe*.exe not found.
File/Folder C:\Windows\xwisg*.exe not found.
File/Folder C:\Windows\jpng*.exe not found.
File/Folder C:\Windows\fhsv*.exe not found.
File/Folder C:\Windows\dfmqc*.exe not found.
File/Folder C:\Windows\wgfp*.exe not found.
File/Folder C:\Windows\gweq*.exe not found.
File/Folder C:\Windows\pxwis*.exe not found.
File/Folder C:\Windows\fcvmq*.exe not found.
File/Folder C:\Windows\System32\hfkxlchuhv.dll not found.
File/Folder C:\Windows\System32\nst*.dll not found.
File/Folder C:\Windows\dmkv*.exe not found.
File/Folder C:\Windows\system32\nseE*.dll not found.
File/Folder C:\Windows\System32\nsk*.dll not found.
File/Folder C:\Windows\system32\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Windows\system32\ibgyxrpdcrlay.dll not found.
File/Folder C:\Windows\system32\ympweffizcodl.exe not found.
File/Folder C:\Windows\kdiue732.txt not found.
File/Folder C:\Windows\system32\jmcvcflmiugsrfia.exe not found.
File/Folder C:\Program Files (x86)\VnrBlock not found.
File/Folder C:\Program Files (x86)\iCheck not found.
File/Folder C:\Windows\tvilp*.exe not found.
File/Folder C:\Windows\itqot*.exe not found.
File/Folder C:\Windows\system32\wskuofzpxkxdb.exe not found.
File/Folder C:\Windows\tutvo*.exe not found.
File/Folder C:\Windows\hsep*.exe not found.
File/Folder C:\Windows\system32\pihtwcdtsghokinvg.dll not found.
File/Folder C:\Windows\system32\juluypfvhofv.dll not found.
DllUnregisterServer procedure not found in C:\Windows\system32\nsi.dll
C:\Windows\system32\nsi.dll NOT unregistered.
File move failed. C:\Windows\system32\nsi.dll scheduled to be moved on reboot.
File/Folder C:\Windows\system32\nsl*.dll not found.
File/Folder C:\Windows\system32\gchnamepziopknko.dll not found.
File/Folder C:\Windows\system32\pihtwcdtsghokinvg.dll not found.
File/Folder C:\Windows\system32\yprhhrqubcbujp.exe not found.
File/Folder C:\Windows\system32\ucicolizrhssr.dll not found.
File/Folder C:\Windows\system32\hiwdrlnk.exe not found.
File/Folder C:\Windows\System32\nsg*.dll not found.
File/Folder C:\Windows\System32\jifgoojjyhmkthcfk.dll not found.
File/Folder C:\Users\home\Start Menu\Programs\Startup\runit_32.lnk not found.
File/Folder C:\Program Files (x86)\runit not found.
File/Folder C:\Windows\System32\dsygtypzdloyoxivg.exe not found.
File/Folder C:\Windows\System32\qdfggdhhofhhylbfx.exe not found.
File/Folder C:\Program Files (x86)\mozilla firefox\components\????????-????-????-????-????????????.dll not found.
File/Folder C:\Windows\System32\????????-????-????-????-????????????.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0d2e786-354b-fea1-8de7-883e7524e6d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0d2e786-354b-fea1-8de7-883e7524e6d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f20e8516-7d08-c1e3-e689-96d39bb42220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20e8516-7d08-c1e3-e689-96d39bb42220}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ad7781e6-d262-25f8-389d-967a6d974748} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad7781e6-d262-25f8-389d-967a6d974748}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B188763A-902C-98E9-780E-DAA0BF25BBFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B188763A-902C-98E9-780E-DAA0BF25BBFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c18a538-eb55-9029-1fdb-37769fbefee2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c18a538-eb55-9029-1fdb-37769fbefee2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58b39041-fe10-d989-5b61-50d6fe664b48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58b39041-fe10-d989-5b61-50d6fe664b48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994b5fb4-0103-44a6-b6b3-c73572b362bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{994b5fb4-0103-44a6-b6b3-c73572b362bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8217294-fa91-dd4d-ba56-4561001b63c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8217294-fa91-dd4d-ba56-4561001b63c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{670b520c-3f08-4d72-94a5-047740c07766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{670b520c-3f08-4d72-94a5-047740c07766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f9a905-789c-d4b1-d5d6-336920981691}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78f9a905-789c-d4b1-d5d6-336920981691}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff6579-e7fe-8225-43c1-3fe7864edc62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78ff6579-e7fe-8225-43c1-3fe7864edc62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8217e11-e93b-fc21-7455-fea561f86263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8217e11-e93b-fc21-7455-fea561f86263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlhbxrcsmhodrzf\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: home
File delete failed. C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 115230645 bytes
->Java cache emptied: 17118336 bytes
->FireFox cache emptied: 87809001 bytes
->Google Chrome cache emptied: 137545201 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 2832700 bytes
 
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 343.87 mb
 
 
OTL by OldTimer - Version 3.0.6.1 log created on 07012009_204855

Files\Folders moved on Reboot...
DllUnregisterServer procedure not found in C:\Windows\system32\nsi.dll
C:\Windows\system32\nsi.dll NOT unregistered.
File move failed. C:\Windows\system32\nsi.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

4
Tech Clinic / yoog
« on: June 30, 2009, 07:09:18 AM »
I went to use Internet Explorer, which is not the main search engine I use and noticed in the search box that yoog is listed as the search engine. I did not click on it. I just closed internet explorer. I use mozilla firefox for my searches, which is fine.

5
Tech Clinic / yoog
« on: June 20, 2009, 10:01:49 PM »
[quote name=\'guestolo\' post=\'463593\' date=\'Jun 20 2009, 10:45 PM\']See if you can just Upload the log
In a reply box, click on Browse.... on the bottom right
browse to the log and select it, then click the UPLOAD button[/quote]

Hope this is right!

6
Tech Clinic / yoog
« on: June 20, 2009, 09:44:02 PM »
Trying to post log, but having a hard time. I removed the word wrap check under format. I copy and paste and hit add reply and it vanishes.

7
Tech Clinic / yoog
« on: June 20, 2009, 06:49:50 PM »
I just noticed yoog is on my internet explorer

8
Tech Clinic / yoog
« on: June 17, 2009, 09:24:46 AM »
http://www.virustotal.com/analisis/6e1a51c...c107-1245120073

http://www.virustotal.com/analisis/22cef0d...deba-1245120286

9
Tech Clinic / yoog
« on: June 15, 2009, 09:26:19 PM »
[quote name=\'guestolo\' post=\'463499\' date=\'Jun 15 2009, 09:27 PM\']Update 14 is fine
Are you still having problems with Yoog?[/quote]

no problems with yoog

10
Tech Clinic / yoog
« on: June 15, 2009, 08:04:33 PM »
java is only showing JRE 6 update 14. Should I download that instead?

[quote name=\'guestolo\' post=\'463072\' date=\'May 26 2009, 01:45 PM\']Can we do the following
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Close down all browser windows
Uninstall the following:
Javaâ„¢ 6 Update 12
 Javaâ„¢ 6 Update 7
In addition, if you didn't purposely install the next one, uninstall it also
Viewpoint Media Player


Reboot the computer after any/all of the above are removed

Back in Windows
[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "JRE 6 Update 13".
  • Click the "Download" button to the right.
  • In the Window that opens, beside PLATFORM: in the drop down menu select Windows x64>>Check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Then from your desktop Right click  on jre-6u13-windows-x64-p.exe and choose to "Run as Administrator" to install the newest version.
Once that is installed
I think that Avira, as many other scanners do, selected 2 files for quarantine that can be used maliciously
Or legit
In your case, they are probably legit, but let's get a second opinion
==============================================
# Click on the Start button in the Lower left screen of Windows
# Click on the Control Panel menu option.
# When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

# Double-click on the Folder Options icon.
 #Click on the View tab.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files

If you are in the Control Panel Home view do the following:

#Click on the Appearance and Personalization link.
#Click on Show Hidden Files or Folders.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files

Apply and OK it
================================================================
I can't remember where Avira holds it infected backups in Vista, I believe it's this folder
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
It may just put the Infected folder in your user account, I'm not sure

go to this link
http://www.virustotal.com/flash/index_en.html
Browse to the file

C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a80070b.qua
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

Do the same for the next file
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a900702.qua

Once you have scanned those files
You can go back and Hide System Files/Folders and Protected Operating Files by reversing the steps we did earlier[/quote]

11
Tech Clinic / yoog
« on: May 26, 2009, 10:15:51 AM »
Avira AntiVir Personal
Report file date: Tuesday, May 26, 2009  10:29

Scanning for 1426566 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows Vista 64 Bit
Windows version : (Service Pack 1)  [6.0.6001]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : HOME-PC

Version information:
BUILD.DAT       : 9.0.0.394     17962 Bytes   4/17/2009 11:20:00
AVSCAN.EXE      : 9.0.3.5      466689 Bytes   4/17/2009 13:57:30
AVSCAN.DLL      : 9.0.3.0       40705 Bytes   2/27/2009 15:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes   2/20/2009 16:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes   2/27/2009 15:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  10/27/2008 17:30:36
ANTIVIR1.VDF    : 7.1.2.12    3336192 Bytes   2/11/2009 01:33:26
ANTIVIR2.VDF    : 7.1.4.0     2336768 Bytes   5/20/2009 14:27:41
ANTIVIR3.VDF    : 7.1.4.19     199680 Bytes   5/26/2009 14:27:42
Engineversion   : 8.2.0.168
AEVDF.DLL       : 8.1.1.1      106868 Bytes   5/26/2009 14:27:52
AESCRIPT.DLL    : 8.1.2.0      389497 Bytes   5/26/2009 14:27:51
AESCN.DLL       : 8.1.2.3      127347 Bytes   5/26/2009 14:27:50
AERDL.DLL       : 8.1.1.3      438645 Bytes  10/29/2008 23:24:41
AEPACK.DLL      : 8.1.3.16     397686 Bytes   5/26/2009 14:27:49
AEOFFICE.DLL    : 8.1.0.36     196987 Bytes   2/27/2009 01:01:56
AEHEUR.DLL      : 8.1.0.129   1761655 Bytes   5/26/2009 14:27:47
AEHELP.DLL      : 8.1.2.2      119158 Bytes   2/27/2009 01:01:56
AEGEN.DLL       : 8.1.1.44     348532 Bytes   5/26/2009 14:27:44
AEEMU.DLL       : 8.1.0.9      393588 Bytes   10/9/2008 19:32:40
AECORE.DLL      : 8.1.6.9      176500 Bytes   5/26/2009 14:27:43
AEBB.DLL        : 8.1.0.3       53618 Bytes   10/9/2008 19:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12/12/2008 13:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes   12/5/2008 15:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes   1/20/2009 19:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes   12/5/2008 15:32:09
AVARKT.DLL      : 9.0.0.3      292609 Bytes   3/24/2009 20:05:41
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes   1/30/2009 15:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes   1/28/2009 20:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes    2/2/2009 13:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes   12/5/2008 15:32:10
RCIMAGE.DLL     : 9.0.0.21    2438401 Bytes    2/9/2009 16:45:45
RCTEXT.DLL      : 9.0.37.0      86785 Bytes   4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Tuesday, May 26, 2009  10:29

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '0' Module(s) have been scanned
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '0' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '0' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'TSMAgent.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TVSched.exe' - '1' Module(s) have been scanned
Scan process 'TVCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '0' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '0' Module(s) have been scanned
Scan process 'SmartMenu.exe' - '0' Module(s) have been scanned
Scan process 'sttray64.exe' - '0' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned
Scan process 'igfxpers.exe' - '0' Module(s) have been scanned
Scan process 'hkcmd.exe' - '0' Module(s) have been scanned
Scan process 'igfxtray.exe' - '0' Module(s) have been scanned
Scan process 'BLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'agr64svc.exe' - '0' Module(s) have been scanned
Scan process 'AESTSr64.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'wlanext.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'hpservice.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\HP\BIN\EndProcess.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApp.A application
C:\Program Files (x86)\Hewlett-Packard\HP TCS\SetACL.exe
    [DETECTION] Contains recognition pattern of the APPL/ACLSet application
C:\Users\home\Documents\LimeWire\Saved\chuck willis extended live version.snd
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\free style explosion.wma
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\jada and alchemist - greatest hits.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\the best of louis jordan.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\HP\BIN\EndProcess.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApp.A application
    [NOTE]      The file was moved to '4a80070b.qua'!
C:\Program Files (x86)\Hewlett-Packard\HP TCS\SetACL.exe
    [DETECTION] Contains recognition pattern of the APPL/ACLSet application
    [NOTE]      The file was moved to '4a900702.qua'!
C:\Users\home\Documents\LimeWire\Saved\chuck willis extended live version.snd
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    [NOTE]      The file was moved to '4a910705.qua'!
C:\Users\home\Documents\LimeWire\Saved\free style explosion.wma
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    [NOTE]      The file was moved to '4a81070f.qua'!
C:\Users\home\Documents\LimeWire\Saved\jada and alchemist - greatest hits.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    [NOTE]      The file was moved to '4a8006fe.qua'!
C:\Users\home\Documents\LimeWire\Saved\the best of louis jordan.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    [NOTE]      The file was moved to '4a810705.qua'!


End of the scan: Tuesday, May 26, 2009  11:11
Used time: 40:03 Minute(s)

The scan has been done completely.

  27938 Scanned directories
 481280 Files were scanned
      6 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      6 Files were moved to quarantine
      0 Files were renamed
      2 Files cannot be scanned
 481272 Files not concerned
   3770 Archives were scanned
      2 Warnings
      8 Notes

12
Tech Clinic / yoog
« on: May 20, 2009, 08:21:37 PM »
I see the info you posted. I will work on it Thursday, my day off.

13
Tech Clinic / yoog
« on: May 19, 2009, 04:32:39 AM »
[quote name=\'guestolo\' post=\'462684\' date=\'May 18 2009, 11:16 PM\']Take a look at either of these 2 free AV software
Which do you prefer to have installed?
Avast Home Edition by ALWIL

Avira AntiVir Personal Edition Classic
Whichever you decide that you like, download and save the installer to desktop
DO NOT install it yet, but let me know which one you decided on
You ONLY want one AV software installed[/quote]

I will go with the Avira.

14
Tech Clinic / yoog
« on: May 18, 2009, 05:26:57 PM »
yes

15
Tech Clinic / yoog
« on: May 18, 2009, 02:04:23 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:06 PM, on 5/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12753 bytes


Things are running fine

16
Tech Clinic / yoog
« on: May 18, 2009, 01:40:17 PM »
First log posted, then deleted by User
========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\user.js moved successfully.
========== FILES ==========
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml moved successfully.
ADS C:\ProgramData\Temp:1F96ED45 deleted successfully.
ADS C:\ProgramData\Temp:C0A2E219 deleted successfully.
ADS C:\ProgramData\Temp:22741C1F deleted successfully.
ADS C:\ProgramData\Temp:60C897F3 deleted successfully.
ADS C:\ProgramData\Temp:16B49C20 deleted successfully.
ADS C:\ProgramData\Temp:61A065F2 deleted successfully.
ADS C:\ProgramData\Temp:D3A8AA31 deleted successfully.
ADS C:\ProgramData\Temp:3A6BC948 deleted successfully.
ADS C:\ProgramData\Temp:A2B9AD4B deleted successfully.
ADS C:\ProgramData\Temp:A1D3FEF0 deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\hsperfdata_home\2536 scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--13-25-02.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET9CEA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET9C7D.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05182009_143015

Files moved on Reboot...
File C:\Users\home\AppData\Local\Temp\hsperfdata_home\2536 not found!
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--13-25-02.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET9CEA.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET9C7D.tmp not found!

Registry entries deleted on Reboot...

Second log posted
========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
========== FILES ==========
File\Folder C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found.
File\Folder C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml not found.
Unable to delete ADS C:\ProgramData\Temp:1F96ED45 .
Unable to delete ADS C:\ProgramData\Temp:C0A2E219 .
Unable to delete ADS C:\ProgramData\Temp:22741C1F .
Unable to delete ADS C:\ProgramData\Temp:60C897F3 .
Unable to delete ADS C:\ProgramData\Temp:16B49C20 .
Unable to delete ADS C:\ProgramData\Temp:61A065F2 .
Unable to delete ADS C:\ProgramData\Temp:D3A8AA31 .
Unable to delete ADS C:\ProgramData\Temp:3A6BC948 .
Unable to delete ADS C:\ProgramData\Temp:A2B9AD4B .
Unable to delete ADS C:\ProgramData\Temp:A1D3FEF0 .
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--14-31-50.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET2A88.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET95D8.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
 
OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05182009_143702

Files moved on Reboot...
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--14-31-50.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET2A88.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET95D8.tmp not found!

Registry entries deleted on Reboot...

17
Tech Clinic / yoog
« on: May 16, 2009, 08:05:29 PM »
OTListIt logfile created on: 5/16/2009 9:04:25 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.8     Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.93 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 58.86% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.25 Gb Free Space | 71.16% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
 
[color=\"orange\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/10 16:27:07 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files (x86)\LimeWire\LimeWire.exe
PRC - [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/03/21 23:19:57 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
PRC - [2008/04/11 12:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/05/16 21:03:39 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\home\Downloads\OTListIt2(6).exe
 
[color=\"orange\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2008/06/27 11:53:06 | 00,089,088 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV - [2007/12/11 16:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\sysnative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/05/05 18:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/03/18 20:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\sysnative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/19 21:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 22:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
SRV - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/09/11 07:53:00 | 00,279,040 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
 
[color=\"orange\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2008/03/27 16:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/02/29 19:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/01/12 04:18:55 | 01,522,168 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV - [2009/03/18 16:44:07 | 00,332,848 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\BHDrvx64.sys -- (BHDrvx64 [System | Running])
DRV - [2009/03/18 16:44:07 | 00,582,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\ccHPx64.sys -- (ccHP [System | Running])
DRV - [2008/01/20 22:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
DRV - [2008/09/04 13:48:00 | 00,064,000 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,131,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/03/27 16:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 20:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2009/01/29 17:50:10 | 00,396,848 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSvia64.sys -- (IDSVia64 [System | Running])
DRV - [2008/08/14 06:18:54 | 08,029,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV - [2008/07/15 04:20:42 | 00,126,464 | ---- | M] () -- C:\Windows\sysnative\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\ENG64.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/03/13 10:44:26 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\EX64.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/01/20 22:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV - [2008/08/06 12:26:08 | 00,174,592 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/09/19 21:43:58 | 00,068,096 | ---- | M] () -- C:\Windows\sysnative\drivers\RTSTOR64.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2008/01/20 22:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,476,720 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SRTSP64.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,304 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SRTSPX64.SYS -- (SRTSPX [System | Running])
DRV - [2008/09/11 07:54:44 | 00,465,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV - [2008/01/20 22:47:25 | 00,012,288 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,402,992 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SYMEFA64.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/25 20:40:57 | 00,172,080 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,138,288 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,816 | R--- | M] () -- C:\Windows\sysnative\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009/03/12 04:43:27 | 00,046,640 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,310,320 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/06/19 21:37:42 | 00,325,680 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 22:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV - [2006/11/29 18:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\wanatw64.sys -- (wanatw [On_Demand | Running])
DRV - [2006/10/03 21:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2008/09/26 06:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])
 
[color=\"orange\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"orange\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"orange\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
 
FF - user.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/10/18 19:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/13 22:38:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/05/16 14:20:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/05/12 17:34:56 | 00,000,000 | ---D | M]
 
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 18:33:16 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\yk9dkhpe.default\extensions
[2009/05/16 14:22:13 | 00,000,247 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
[2009/05/16 14:23:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/05/12 17:34:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 23:20:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe" (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (CyberLink Corp.)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU" ()
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: Email Removed ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/16 11:07:41 | 00,000,000 | ---D | M]
 
[color=\"orange\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/05/16 11:03:54 | 00,001,708 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/16 00:57:21 | 00,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes
[2009/05/16 00:57:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/16 00:57:19 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/16 00:57:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/16 00:57:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/16 00:57:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/05/16 00:50:43 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/15 18:15:13 | 00,012,756 | ---- | C] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 17:39:26 | 00,011,090 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 16:25:09 | 00,014,809 | ---- | C] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:44 | 00,673,152 | ---- | C] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:42 | 00,602,247 | ---- | C] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:54 | 00,467,718 | ---- | C] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:39 | 00,705,880 | ---- | C] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:05 | 00,524,416 | ---- | C] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:29 | 00,586,106 | ---- | C] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:07 | 00,519,581 | ---- | C] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:09:26 | 00,011,945 | ---- | C] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | C] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/12 16:44:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/05/10 19:13:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2009/05/09 22:13:13 | 00,019,789 | ---- | C] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 18:09:00 | 00,015,334 | ---- | C] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 13:03:10 | 00,012,893 | ---- | C] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 20:35:56 | 00,014,344 | ---- | C] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | C] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | C] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:26 | 00,055,454 | ---- | C] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 21:18:32 | 00,012,519 | ---- | C] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | C] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | C] () -- C:\Users\home\Documents\DAD1.docx
[2009/04/29 23:38:33 | 00,011,601 | ---- | C] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:46:13 | 00,014,523 | ---- | C] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/29 21:27:22 | 00,011,102 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:36 | 00,011,681 | ---- | C] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/27 21:03:56 | 00,012,528 | ---- | C] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/27 17:08:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/04/27 17:05:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/04/26 22:19:39 | 00,012,611 | ---- | C] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 16:08:07 | 00,012,797 | ---- | C] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 16:48:48 | 00,012,658 | ---- | C] () -- C:\Users\home\Documents\Hi  Anthony checkpoint gen 105.docx
[2009/04/23 20:58:15 | 00,015,676 | ---- | C] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:31:12 | 00,183,296 | ---- | C] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | C] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 13:56:11 | 00,011,743 | ---- | C] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
[2006/11/02 08:34:27 | 00,000,336 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
 
[color=\"orange\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/05/16 21:01:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/16 14:23:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/16 14:23:18 | 42,228,32640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/16 11:03:54 | 00,001,708 | ---- | M] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/16 00:57:19 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/15 22:45:03 | 00,012,756 | ---- | M] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 19:44:54 | 00,011,090 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 18:58:16 | 00,014,809 | ---- | M] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:50 | 00,673,152 | ---- | M] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:46 | 00,602,247 | ---- | M] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:56 | 00,467,718 | ---- | M] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:44 | 00,705,880 | ---- | M] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:07 | 00,524,416 | ---- | M] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:32 | 00,586,106 | ---- | M] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:13 | 00,519,581 | ---- | M] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:49:01 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhome.job
[2009/05/12 21:17:34 | 00,011,945 | ---- | M] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | M] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/10 23:33:36 | 00,019,789 | ---- | M] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 23:20:41 | 00,015,334 | ---- | M] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 23:11:04 | 00,012,893 | ---- | M] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 22:35:23 | 00,014,344 | ---- | M] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | M] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | M] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:27 | 00,055,454 | ---- | M] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 23:17:51 | 00,012,519 | ---- | M] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | M] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | M] () -- C:\Users\home\Documents\DAD1.docx
[2009/05/01 22:08:18 | 00,014,523 | ---- | M] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/30 23:15:36 | 00,011,601 | ---- | M] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:31:17 | 00,011,102 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:37 | 00,011,681 | ---- | M] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/28 22:26:07 | 00,012,528 | ---- | M] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/28 16:29:03 | 00,000,336 | ---- | M] () -- C:\Windows\win.ini
[2009/04/26 22:19:39 | 00,012,611 | ---- | M] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 21:44:03 | 00,012,797 | ---- | M] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 17:46:36 | 00,012,658 | ---- | M] () -- C:\Users\home\Documents\Hi  Anthony checkpoint gen 105.docx
[2009/04/23 20:58:16 | 00,015,676 | ---- | M] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:37:52 | 00,183,296 | ---- | M] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | M] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 16:45:27 | 00,011,743 | ---- | M] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
 
[color=\"orange\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:61A065F2
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:D3A8AA31
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3A6BC948
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:A2B9AD4B
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:A1D3FEF0
< End of report >

18
Tech Clinic / yoog
« on: May 16, 2009, 01:40:06 PM »
Yoog is still coming up under mozilla

19
Tech Clinic / yoog
« on: May 16, 2009, 01:38:54 PM »
Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 6.0.6001 Service Pack 1

5/16/2009 2:38:05 PM
mbam-log-2009-05-16 (14-38-05).txt

Scan type: Quick Scan
Objects scanned: 68625
Time elapsed: 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

20
Tech Clinic / yoog
« on: May 16, 2009, 10:01:06 AM »
[quote name=\'guestolo\' post=\'462539\' date=\'May 16 2009, 09:41 AM\']Can you still do that part please
Is Norton's already expired?[/quote]

I deleted the ot list. Yes it expired today.

Pages: [1] 2