Author Topic: yoog (Read 6843 times)

sona · « **on:** May 13, 2009, 07:00:47 PM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> yoog has invaded my mozilla and i need help

guestolo · « **Reply #1 on:** May 13, 2009, 08:31:24 PM »

Download [color=\"#FF0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Double click on OTListIt2.exe to Run it
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

sona · « **Reply #2 on:** May 14, 2009, 04:22:48 PM »

[quote name=\'sona\' post=\'462427\' date=\'May 13 2009, 08:00 PM\']

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> yoog has invaded my mozilla and i need help[/quote]

Please help me out

sona · « **Reply #3 on:** May 14, 2009, 08:24:51 PM »

[quote name=\'guestolo\' post=\'462432\' date=\'May 13 2009, 09:31 PM\']Download [color=\"#ff0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Double click on OTListIt2.exe to Run it
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

[/quote]

ok

sona · « **Reply #4 on:** May 14, 2009, 08:39:39 PM »

[quote name=\'guestolo\' post=\'462432\' date=\'May 13 2009, 09:31 PM\']Download [color=\"#ff0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Double click on OTListIt2.exe to Run it
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

[/quote]

having trouble posting log. tried to attach and still won't let me

guestolo · « **Reply #5 on:** May 15, 2009, 12:22:20 AM »

You only posted the top part of the log, I need to see both logs
Try the following, run OTListit2 again, this time
when the log opens in a text file, click on FORMAT at the top menu bar, then UNCHECK WORD WRAP
After you unchecked word wrap

Do the following:
Click EDIT at the top menubar
and then SELECT ALL
Then EDIT and select COPY
Come back here and PASTE to your reply

Don't forget about EXTRA.txt, a copy of it should be on your desktop
Open the file and copy/paste the whole contents back here too

sona · « **Reply #6 on:** May 15, 2009, 10:22:08 PM »

OTListIt logfile created on: 5/15/2009 11:18:26 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 51.84% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.85 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=\"orange\"]========== Processes (SafeList) ==========[/color]

PRC - [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2009/02/11 12:25:12 | 00,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\wEmail Removedexe
PRC - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/03/21 23:19:57 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/04/11 12:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/02/11 12:25:11 | 00,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.5\shellmon.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2008/10/18 18:38:02 | 00,347,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2008/04/16 23:18:12 | 02,516,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2009/05/15 23:18:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\home\Downloads\OTListIt2(2).exe

[color=\"orange\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2008/06/27 11:53:06 | 00,089,088 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV - [2007/12/11 16:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\sysnative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/05/05 18:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/03/18 20:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\sysnative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/19 21:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 22:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
SRV - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/09/11 07:53:00 | 00,279,040 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

[color=\"orange\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2008/03/27 16:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/02/29 19:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/01/12 04:18:55 | 01,522,168 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV - [2009/03/18 16:44:07 | 00,332,848 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\BHDrvx64.sys -- (BHDrvx64 [System | Running])
DRV - [2009/03/18 16:44:07 | 00,582,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\ccHPx64.sys -- (ccHP [System | Running])
DRV - [2008/01/20 22:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
DRV - [2008/09/04 13:48:00 | 00,064,000 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,131,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/03/27 16:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 20:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2009/01/29 17:50:10 | 00,396,848 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSvia64.sys -- (IDSVia64 [System | Running])
DRV - [2008/08/14 06:18:54 | 08,029,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV - [2008/07/15 04:20:42 | 00,126,464 | ---- | M] () -- C:\Windows\sysnative\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\ENG64.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/03/13 10:44:26 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\EX64.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/01/20 22:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV - [2008/08/06 12:26:08 | 00,174,592 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/09/19 21:43:58 | 00,068,096 | ---- | M] () -- C:\Windows\sysnative\drivers\RTSTOR64.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2008/01/20 22:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,476,720 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SRTSP64.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,304 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SRTSPX64.SYS -- (SRTSPX [System | Running])
DRV - [2008/09/11 07:54:44 | 00,465,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV - [2008/01/20 22:47:25 | 00,012,288 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,402,992 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SYMEFA64.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/25 20:40:57 | 00,172,080 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,138,288 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,816 | R--- | M] () -- C:\Windows\sysnative\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009/03/12 04:43:27 | 00,046,640 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,310,320 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/06/19 21:37:42 | 00,325,680 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 22:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV - [2006/11/29 18:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\wanatw64.sys -- (wanatw [On_Demand | Running])
DRV - [2006/10/03 21:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2008/09/26 06:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])

[color=\"orange\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"orange\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"orange\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/10/18 19:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/13 22:38:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/05/12 17:34:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/05/12 17:34:56 | 00,000,000 | ---D | M]

[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 18:33:16 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\yk9dkhpe.default\extensions
[2009/05/15 22:44:03 | 00,000,247 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
[2009/05/15 07:45:28 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/05/12 17:34:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 23:20:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/29 09:55:50 | 00,676,864 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\components\0cbb38e2-ac28-5efc-b550-f24254030a0b.dll
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/04/29 10:16:38 | 00,423,424 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\components\fmsjnmqveusjfoq.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (trueads search enhancer) - {3CDE6E37-E66E-AEAA-2448-F2F550B799E2} - C:\Windows\SysWow64\fmsjnmqveusjfoq.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (trueads) - {d02bd486-56a6-aea3-c9fb-3352a78d8400} - C:\Windows\SysWow64\nsr2778.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe" (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (CyberLink Corp.)
O4 - HKCU..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\Email RemovedEXE" -b (AOL, LLC.)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU" ()
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: Email Removed ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/12 17:34:59 | 00,000,000 | ---D | M]

[color=\"orange\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/05/15 18:15:13 | 00,012,756 | ---- | C] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 17:39:26 | 00,011,090 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 21:35:41 | 00,018,481 | ---- | C] () -- C:\Users\home\Documents\yoog 2.docx
[2009/05/14 21:35:01 | 00,023,269 | ---- | C] () -- C:\Users\home\Documents\yoog.docx
[2009/05/14 16:25:09 | 00,014,809 | ---- | C] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:44 | 00,673,152 | ---- | C] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:42 | 00,602,247 | ---- | C] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:54 | 00,467,718 | ---- | C] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:39 | 00,705,880 | ---- | C] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:05 | 00,524,416 | ---- | C] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:29 | 00,586,106 | ---- | C] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:07 | 00,519,581 | ---- | C] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:09:26 | 00,011,945 | ---- | C] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | C] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/12 16:44:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/05/10 19:13:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2009/05/10 16:05:10 | 00,059,526 | ---- | C] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe
[2009/05/10 16:05:07 | 00,085,660 | ---- | C] () -- C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe
[2009/05/09 22:13:13 | 00,019,789 | ---- | C] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 18:09:00 | 00,015,334 | ---- | C] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 13:03:10 | 00,012,893 | ---- | C] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 20:35:56 | 00,014,344 | ---- | C] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | C] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | C] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:26 | 00,055,454 | ---- | C] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 21:18:32 | 00,012,519 | ---- | C] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | C] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | C] () -- C:\Users\home\Documents\DAD1.docx
[2009/04/29 23:38:33 | 00,011,601 | ---- | C] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:46:13 | 00,014,523 | ---- | C] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/29 21:27:22 | 00,011,102 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:36 | 00,011,681 | ---- | C] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/29 10:16:46 | 00,567,808 | ---- | C] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll
[2009/04/29 09:55:50 | 00,684,032 | ---- | C] () -- C:\Windows\System32\nsr2778.dll
[2009/04/27 21:03:56 | 00,012,528 | ---- | C] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/27 17:08:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/04/27 17:05:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/04/26 22:19:39 | 00,012,611 | ---- | C] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 16:08:07 | 00,012,797 | ---- | C] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 16:48:48 | 00,012,658 | ---- | C] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:15 | 00,015,676 | ---- | C] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:31:12 | 00,183,296 | ---- | C] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | C] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 13:56:11 | 00,011,743 | ---- | C] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
[2006/11/02 08:34:27 | 00,000,336 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[color=\"orange\"]========== Files - Modified Within 30 Days ==========[/color]

[2009/05/15 22:45:03 | 00,012,756 | ---- | M] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 19:44:54 | 00,011,090 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/15 16:08:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/15 07:45:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/15 07:45:15 | 42,228,32640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/14 21:35:42 | 00,018,481 | ---- | M] () -- C:\Users\home\Documents\yoog 2.docx
[2009/05/14 21:35:01 | 00,023,269 | ---- | M] () -- C:\Users\home\Documents\yoog.docx
[2009/05/14 18:58:16 | 00,014,809 | ---- | M] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:50 | 00,673,152 | ---- | M] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:46 | 00,602,247 | ---- | M] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:56 | 00,467,718 | ---- | M] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:44 | 00,705,880 | ---- | M] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:07 | 00,524,416 | ---- | M] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:32 | 00,586,106 | ---- | M] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:13 | 00,519,581 | ---- | M] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:49:01 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhome.job
[2009/05/12 21:17:34 | 00,011,945 | ---- | M] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | M] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/10 23:33:36 | 00,019,789 | ---- | M] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/10 16:05:10 | 00,059,526 | ---- | M] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe
[2009/05/10 16:05:07 | 00,085,660 | ---- | M] () -- C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe
[2009/05/08 23:20:41 | 00,015,334 | ---- | M] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 23:11:04 | 00,012,893 | ---- | M] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 22:35:23 | 00,014,344 | ---- | M] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | M] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | M] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:27 | 00,055,454 | ---- | M] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 23:17:51 | 00,012,519 | ---- | M] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | M] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | M] () -- C:\Users\home\Documents\DAD1.docx
[2009/05/01 22:08:18 | 00,014,523 | ---- | M] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/30 23:15:36 | 00,011,601 | ---- | M] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:31:17 | 00,011,102 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:37 | 00,011,681 | ---- | M] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/29 10:16:46 | 00,567,808 | ---- | M] () -- C:\Windows\System32\fmsjnmqveusjfoq.dll
[2009/04/29 09:55:50 | 00,684,032 | ---- | M] () -- C:\Windows\System32\nsr2778.dll
[2009/04/28 22:26:07 | 00,012,528 | ---- | M] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/28 16:29:03 | 00,000,336 | ---- | M] () -- C:\Windows\win.ini
[2009/04/26 22:19:39 | 00,012,611 | ---- | M] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 21:44:03 | 00,012,797 | ---- | M] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 17:46:36 | 00,012,658 | ---- | M] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:16 | 00,015,676 | ---- | M] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:37:52 | 00,183,296 | ---- | M] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | M] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 16:45:27 | 00,011,743 | ---- | M] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx

[color=\"orange\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:61A065F2
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:D3A8AA31
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3A6BC948
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:A2B9AD4B
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:A1D3FEF0
< End of report >

OTListIt Extras logfile created on: 5/14/2009 9:31:55 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.89 Gb Free Space | 71.39% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=\"orange\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"orange\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

[color=\"orange\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

[color=\"orange\"]========== Vista Active Open Ports Exception List ==========[/color]

{0E6B12A4-FB68-4E30-903A-11CEEA104F34} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{1BD1C519-DEFF-40EA-850C-8DB70C4C159E} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |
{261E635B-2E0A-4D64-99D9-3F69319A2305} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{34CCAAB4-67F5-4097-BFBC-87C331A816CE} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |
{54693961-F3A5-4F7F-ABED-46496EB71C27} = LPORT=6004 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{5F245BFE-A695-4130-B221-AE601CC4878A} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{6ED62D4D-9D6F-4608-A8E8-8D249EC732EE} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{7564F946-F8AD-4966-B914-62B1B0FC43BE} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{7EB49493-CFF8-43C6-9033-CEA8E42C1D3A} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{A4875B76-62A7-48B9-9C29-370D31CE2526} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{F35495F0-04D6-4A36-A289-7D107B6F2B63} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |

[color=\"orange\"]========== Vista Active Application Exception List ==========[/color]

{108C3917-F34F-4858-9C1C-A6BA1773BCBF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{178B623E-669B-459D-919B-8211EF07197C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL SYSTEM INFORMATION | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{1B3396CC-4B13-4328-863B-D4950B3ECE4D} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK POWERDIRECTOR | APP=C:\PROGRAM FILES (X86)\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{2CFE6075-1A79-499B-886F-45FBFAFE6C9C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{2EC3C708-6477-4B8F-BE56-B30C6703385B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{36AE22B5-0384-460B-A70B-794AEDFFA060} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE DIALER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{4BD9519D-5EFD-495F-A464-9241FC15C30E} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{4E605D87-49D2-4979-9E94-39043FEBCED7} = DIR=IN | ACTION=ALLOW | NAME=HP MEDIASMART DVD | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPDVDSMART.EXE |
{5786FA63-CFDE-460E-B1BB-F7AB03DE3413} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\TV\QPSERVICE.EXE |
{63EC1728-C0BD-4365-B524-36278462A911} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART PHOTO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTPHOTO.EXE |
{6492207D-00BB-48A5-ABFB-13A3D2A4DFD9} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MEDIA RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\TSMAGENT.EXE |
{677A9E7F-FD1D-43F0-BEAB-44071522252E} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{6D943CDE-DE54-4A03-9B49-0EE9172860A8} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK MEDIA SERVICE | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\KERNEL\CLML\CLMLSVC.EXE |
{6DDDECE2-F9AC-41B6-955B-E1F90A578A07} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART VIDEO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTVIDEO.EXE |
{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{794C808C-B7F9-481D-B203-24D8833E64A7} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{7F44E620-322E-4632-BD47-E922A0D64CE0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL SHARED COMPONENTS | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1238453836\EE\AOLSOFTWARE.EXE |
{8062A63B-4E36-496C-A1F1-86DE15E0F489} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL TOPSPEED | APP=C:\PROGRAM FILES (X86)\

sona · « **Reply #7 on:** May 15, 2009, 10:26:33 PM »

OTListIt Extras logfile created on: 5/14/2009 9:31:55 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.89 Gb Free Space | 71.39% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=\"orange\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"orange\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

[color=\"orange\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

[color=\"orange\"]========== Vista Active Open Ports Exception List ==========[/color]

{0E6B12A4-FB68-4E30-903A-11CEEA104F34} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{1BD1C519-DEFF-40EA-850C-8DB70C4C159E} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |
{261E635B-2E0A-4D64-99D9-3F69319A2305} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{34CCAAB4-67F5-4097-BFBC-87C331A816CE} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |
{54693961-F3A5-4F7F-ABED-46496EB71C27} = LPORT=6004 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{5F245BFE-A695-4130-B221-AE601CC4878A} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{6ED62D4D-9D6F-4608-A8E8-8D249EC732EE} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{7564F946-F8AD-4966-B914-62B1B0FC43BE} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{7EB49493-CFF8-43C6-9033-CEA8E42C1D3A} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{A4875B76-62A7-48B9-9C29-370D31CE2526} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{F35495F0-04D6-4A36-A289-7D107B6F2B63} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |

[color=\"orange\"]========== Vista Active Application Exception List ==========[/color]

{108C3917-F34F-4858-9C1C-A6BA1773BCBF} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{178B623E-669B-459D-919B-8211EF07197C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL SYSTEM INFORMATION | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{1B3396CC-4B13-4328-863B-D4950B3ECE4D} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK POWERDIRECTOR | APP=C:\PROGRAM FILES (X86)\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{2CFE6075-1A79-499B-886F-45FBFAFE6C9C} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{2EC3C708-6477-4B8F-BE56-B30C6703385B} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{36AE22B5-0384-460B-A70B-794AEDFFA060} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE DIALER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{4BD9519D-5EFD-495F-A464-9241FC15C30E} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WEmail RemovedEXE |
{4E605D87-49D2-4979-9E94-39043FEBCED7} = DIR=IN | ACTION=ALLOW | NAME=HP MEDIASMART DVD | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPDVDSMART.EXE |
{5786FA63-CFDE-460E-B1BB-F7AB03DE3413} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\TV\QPSERVICE.EXE |
{63EC1728-C0BD-4365-B524-36278462A911} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART PHOTO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTPHOTO.EXE |
{6492207D-00BB-48A5-ABFB-13A3D2A4DFD9} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MEDIA RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\TSMAGENT.EXE |
{677A9E7F-FD1D-43F0-BEAB-44071522252E} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{6D943CDE-DE54-4A03-9B49-0EE9172860A8} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK MEDIA SERVICE | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\KERNEL\CLML\CLMLSVC.EXE |
{6DDDECE2-F9AC-41B6-955B-E1F90A578A07} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART VIDEO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTVIDEO.EXE |
{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{794C808C-B7F9-481D-B203-24D8833E64A7} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{7F44E620-322E-4632-BD47-E922A0D64CE0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL SHARED COMPONENTS | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1238453836\EE\AOLSOFTWARE.EXE |
{8062A63B-4E36-496C-A1F1-86DE15E0F489} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL TOPSPEED | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\TOPSPEED\3.0\AOLTPSD3.EXE |
{86FFAD59-F68C-4EF6-8B1A-F7FA9E7C3A32} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLACSD.EXE |
{873B2146-51AF-4795-B09E-DBEEC48F1DB8} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL SYSTEM INFORMATION | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{8BFB4B39-1012-4269-B464-B18DF96B8F64} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK MEDIA SERVICE | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\KERNEL\CLML\CLMLSVC.EXE |
{95E263DF-A783-43C9-9AAE-48CF9B48818A} = DIR=IN | ACTION=ALLOW | NAME=QUICK PLAY | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\TV\QP.EXE |
{A0011D3C-46F3-480A-A531-A6B775CD78A6} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLACSD.EXE |
{A7A1EBDD-154A-44BD-8988-8438D02E0A7C} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART PHOTO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTPHOTO.EXE |
{AC0BE277-DCD9-4A3D-80AA-9BF4A4D9CF5F} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | [email protected],-28545 |
{B0958F27-BECB-4E6F-9B65-CD79ADE43343} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL SHARED COMPONENTS | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1238453836\EE\AOLSOFTWARE.EXE |
{BA219E16-CDC6-4EB5-9EF8-747F5B195C36} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{BA7A722C-81F1-4CCA-B51D-34ECD0B05E60} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
{C7157DE2-341F-4F9E-86E0-7CCC179922FE} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART VIDEO | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTVIDEO.EXE |
{C7448AEA-AC8C-4EEC-9165-449A374A7022} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MUSIC | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\HPTOUCHSMARTMUSIC.EXE |
{CB384D7B-AB5F-4AC1-9898-A256218ADECC} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MUSIC | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\TOUCHSMART\MEDIA\HPTOUCHSMARTMUSIC.EXE |
{CBCF7518-D8E3-4F5D-96FF-5CF0D38445A9} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{CDF2259D-EBAD-4B10-915F-BA8AE2457544} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL CONNECTIVITY SERVICE DIALER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{D031DF02-F078-419E-BDC8-FBD6C23F20B1} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | [email protected],-28546 |
{D1ED5C44-9E21-4856-B344-B3F4C7F12B59} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{D2EFFAEE-D2A5-4597-92C8-41AA27D90048} = DIR=IN | ACTION=ALLOW | NAME=HP TOUCHSMART MEDIA RESIDENT PROGRAM | APP=C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\MEDIA\DVD\TSMAGENT.EXE |
{D964441E-3DD7-4572-8DC6-7E48B7BE176B} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{F24C897B-6138-4256-B6A4-92A2FA45A183} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL TOPSPEED | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\TOPSPEED\3.0\AOLTPSD3.EXE |
{F5CBBEF8-DB4E-4F73-9AE3-793BEE9A0D45} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | [email protected],-28543 |

[color=\"orange\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(tm) 6 Update 12
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(tm) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Email Removed Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DAE01A4C-A343-18A6-77B8-B6C1FD56612C}" = Search Assistant Trueads
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"16d86614-22d1-e813-5d68-50ed066caf49" = Contextual Application Trueads
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BFGC" = Big Fish Games Client
"BFG-Cooking Dash" = Cooking Dash
"BFG-Diner Dash Flo on the Go" = Diner Dash Flo on the Go
"BFG-Fitness Dash" = Fitness Dash
"BFG-Magic Ball 3" = Magic Ball 3
"BFG-My Tribe" = My Tribe
"BFG-Virtual Villagers" = Virtual Villagers: A New Home
"BFG-Virtual Villagers - The Lost Children" = Virtual Villagers: The Lost Children
"BFG-Virtual Villagers - The Secret City" = Virtual Villagers: The Secret City
"BFG-Westward III" = Westward III: Gold Rush
"BFG-Zuma Deluxe" = Zuma Deluxe
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire PRO 5.1.2
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NIS" = Norton Internet Security
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ULTIMATER" = Microsoft Office Ultimate 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games

[color=\"orange\"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/11/2009 4:31:29 PM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application TVAgent.exe, version 2.0.1.924, time stamp 0x48da0ed1,
faulting module MSVCR71.dll, version 7.10.3052.4, time stamp 0x3e561eac, exception
code 0xc0000005, fault offset 0x00010428, process id 0xbf8, application start time
0x01c9d275f286a95d.

Error - 5/12/2009 2:35:05 AM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e791, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791adec,
exception code 0xc0000005, fault offset 0x000000000001f7fa, process id 0x700, application
start time 0x01c9d275efea6b0d.

Error - 5/12/2009 2:27:54 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2009 2:35:52 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2009 2:48:21 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2009 2:51:29 PM | Computer Name = home-PC | Source = System Restore | ID = 8209
Description =

Error - 5/12/2009 3:00:10 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2009 3:03:07 PM | Computer Name = home-PC | Source = System Restore | ID = 8209
Description =

Error - 5/12/2009 3:17:10 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2009 3:19:52 PM | Computer Name = home-PC | Source = System Restore | ID = 8209
Description =

[ System Events ]
Error - 5/11/2009 4:14:50 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/11/2009 4:20:33 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 2:27:34 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 2:35:26 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 2:47:28 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 2:59:46 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 3:16:04 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 3:25:06 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 4:11:03 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 5/13/2009 3:56:03 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

< End of report >

guestolo · « **Reply #8 on:** May 15, 2009, 11:07:33 PM »

Click on the Start>>Control Panel

# When the Control Panel window opens click on the Uninstall a program option
under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.

Uninstall the following:
Search Assistant Trueads
and
Contextual Application Trueads
If you are prompted for a verification code, type it in and follow the prompts
If you can't type in the code, try and copy/paste the code

Reboot the computer afterwards
Back in Windows

Right click on OTListit2.exe and choose to "Run as Administrator"
Copy the contents of the paths below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[color=\"#0000FF\"]:OTLI
O2 - BHO: (trueads search enhancer) - {3CDE6E37-E66E-AEAA-2448-F2F550B799E2} - C:\Windows\SysWow64\fmsjnmqveusjfoq.dll ()
O2 - BHO: (trueads) - {d02bd486-56a6-aea3-c9fb-3352a78d8400} - C:\Windows\SysWow64\nsr2778.dll ()
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true

:files
C:\Program Files (x86)\mozilla firefox\components\0cbb38e2-ac28-5efc-b550-f24254030a0b.dll
C:\Program Files (x86)\mozilla firefox\components\fmsjnmqveusjfoq.dll
C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe
C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe
C:\Windows\System32\fmsjnmqveusjfoq.dll
C:\Windows\System32\nsr2778.dll
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml

:commands
[emptytemp]
[Reboot][/color]

Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTListIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Back in Windows
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Recap: Post the log from OTListit2
and the report from MBAM
a copy of OTListit's log of what was cleaned/removed will be placed on desktop
It will be a text file with date of scan as it's name
Keep me informed how things are running please

sona · « **Reply #9 on:** May 15, 2009, 11:54:12 PM »

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CDE6E37-E66E-AEAA-2448-F2F550B799E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CDE6E37-E66E-AEAA-2448-F2F550B799E2}\ not found.
File C:\Windows\SysWow64\fmsjnmqveusjfoq.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d02bd486-56a6-aea3-c9fb-3352a78d8400}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d02bd486-56a6-aea3-c9fb-3352a78d8400}\ not found.
File C:\Windows\SysWow64\nsr2778.dll not found.
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\user.js moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\mozilla firefox\components\0cbb38e2-ac28-5efc-b550-f24254030a0b.dll not found.
File\Folder C:\Program Files (x86)\mozilla firefox\components\fmsjnmqveusjfoq.dll not found.
File\Folder C:\Windows\System32\fmsjnmqveusjfoq.dll-uninst.exe not found.
File\Folder C:\Windows\System32\16d86614-22d1-e813-5d68-50ed066caf49.exe not found.
File\Folder C:\Windows\System32\fmsjnmqveusjfoq.dll not found.
File\Folder C:\Windows\System32\nsr2778.dll not found.
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-16--00-39-36.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET778F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET9C2F.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05162009_005043

Files moved on Reboot...
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-16--00-39-36.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET778F.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET9C2F.tmp not found!

Registry entries deleted on Reboot...

sona · « **Reply #10 on:** May 16, 2009, 12:01:24 AM »

Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 6.0.6001 Service Pack 1

5/16/2009 1:00:44 AM
mbam-log-2009-05-16 (01-00-44).txt

Scan type: Quick Scan
Objects scanned: 68637
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

guestolo · « **Reply #11 on:** May 16, 2009, 12:07:29 AM »

Can you let me know how things are now running
In addition: Can you delete OTListit2.txt file on desktop we created earlier

* Close all windows and Right click on OTListIt2.exe and choose to "Run as Administrator"
* Click Run Scan and let the program run uninterrupted
* It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.

This time, just post back the log that opens>>OTListIt2.txt

sona · « **Reply #12 on:** May 16, 2009, 06:55:10 AM »

Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 6.0.6001 Service Pack 1

5/16/2009 7:54:06 AM
mbam-log-2009-05-16 (07-54-06).txt

Scan type: Quick Scan
Objects scanned: 68532
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sona · « **Reply #13 on:** May 16, 2009, 06:58:41 AM »

Thank you! Everything seems to be back to normal now. I need to purchase protection software due to my free trial of Norton Internet security expiring. Is there any particular one you would suggest?

guestolo · « **Reply #14 on:** May 16, 2009, 08:41:29 AM »

Quote

In addition: Can you delete OTListit2.txt file on desktop we created earlier

* Close all windows and Right click on OTListIt2.exe and choose to "Run as Administrator"
* Click Run Scan and let the program run uninterrupted
* It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.

This time, just post back the log that opens>>OTListIt2.txt

Can you still do that part please
Is Norton's already expired?

sona · « **Reply #15 on:** May 16, 2009, 10:01:06 AM »

[quote name=\'guestolo\' post=\'462539\' date=\'May 16 2009, 09:41 AM\']Can you still do that part please
Is Norton's already expired?[/quote]

I deleted the ot list. Yes it expired today.

guestolo · « **Reply #16 on:** May 16, 2009, 10:05:12 AM »

I don't think your reading exactly what I wanted you to do
Ensure that you delete the text files created by OTListit2 that are on your desktop
If you haven't already deleted OTListit2.exe on desktop, do so now

Then do this step:

REDownload [color=\"#FF0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Right click on OTListIt2.exe and "Run as Administrator"
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.

Only post back here the log that opens, I don't need to see the other log saved to desktop

sona · « **Reply #17 on:** May 16, 2009, 01:38:54 PM »

Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 6.0.6001 Service Pack 1

5/16/2009 2:38:05 PM
mbam-log-2009-05-16 (14-38-05).txt

Scan type: Quick Scan
Objects scanned: 68625
Time elapsed: 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sona · « **Reply #18 on:** May 16, 2009, 01:40:06 PM »

Yoog is still coming up under mozilla

guestolo · « **Reply #19 on:** May 16, 2009, 02:52:14 PM »

Sona, unless you start reading what I'm posting to you, I'm not sure if I can help
Why do you keep posting a log from Malwarebytes Anti-Malware??
I'm very confused

I'm going to ask you the next instructions for the THIRD time now
This will be the last time I ask for this
REDownload [color=\"#FF0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Right click on OTListIt2.exe and "Run as Administrator"
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt.

Only post back here the log that opens, I don't need to see the other log saved to desktop

News:

Author Topic: yoog (Read 6843 times)