Author Topic: yoog (Read 6869 times)

sona · « **Reply #20 on:** May 16, 2009, 08:05:29 PM »

OTListIt logfile created on: 5/16/2009 9:04:25 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 58.86% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 203.25 Gb Free Space | 71.16% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=\"orange\"]========== Processes (SafeList) ==========[/color]

PRC - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/10 16:27:07 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files (x86)\LimeWire\LimeWire.exe
PRC - [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/03/21 23:19:57 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
PRC - [2008/04/11 12:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/05/16 21:03:39 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\home\Downloads\OTListIt2(6).exe

[color=\"orange\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2008/06/27 11:53:06 | 00,089,088 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV - [2007/12/11 16:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\sysnative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/05/05 18:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/03/18 20:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\sysnative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/19 21:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 22:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
SRV - [2008/09/23 15:18:52 | 00,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/09/11 07:53:00 | 00,279,040 | ---- | M] () -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 22:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

[color=\"orange\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2008/03/27 16:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/02/29 19:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/01/12 04:18:55 | 01,522,168 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV - [2009/03/18 16:44:07 | 00,332,848 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\BHDrvx64.sys -- (BHDrvx64 [System | Running])
DRV - [2009/03/18 16:44:07 | 00,582,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\ccHPx64.sys -- (ccHP [System | Running])
DRV - [2008/01/20 22:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
DRV - [2008/09/04 13:48:00 | 00,064,000 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,131,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/03/27 16:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 20:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2009/01/29 17:50:10 | 00,396,848 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSvia64.sys -- (IDSVia64 [System | Running])
DRV - [2008/08/14 06:18:54 | 08,029,792 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV - [2008/07/15 04:20:42 | 00,126,464 | ---- | M] () -- C:\Windows\sysnative\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2009/03/13 10:44:26 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\ENG64.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/03/13 10:44:26 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.040\EX64.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/01/20 22:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV - [2008/08/06 12:26:08 | 00,174,592 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/09/19 21:43:58 | 00,068,096 | ---- | M] () -- C:\Windows\sysnative\drivers\RTSTOR64.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2008/01/20 22:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,476,720 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SRTSP64.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,304 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SRTSPX64.SYS -- (SRTSPX [System | Running])
DRV - [2008/09/11 07:54:44 | 00,465,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV - [2008/01/20 22:47:25 | 00,012,288 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,402,992 | ---- | M] () -- C:\Windows\sysnative\drivers\NISx64\1005000.087\SYMEFA64.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/25 20:40:57 | 00,172,080 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,138,288 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,032,816 | R--- | M] () -- C:\Windows\sysnative\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009/03/12 04:43:27 | 00,046,640 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Stopped])
DRV - [2009/03/12 04:43:27 | 00,310,320 | ---- | M] () -- C:\Windows\sysnative\Drivers\NISx64\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/06/19 21:37:42 | 00,325,680 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 22:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\sysnative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV - [2006/11/29 18:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\wanatw64.sys -- (wanatw [On_Demand | Running])
DRV - [2006/10/03 21:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2008/09/26 06:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])

[color=\"orange\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"orange\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"orange\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="

FF - user.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/10/18 19:46:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/13 22:38:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/05/16 14:20:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/05/12 17:34:56 | 00,000,000 | ---D | M]

[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 18:33:16 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/12 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\yk9dkhpe.default\extensions
[2009/05/16 14:22:13 | 00,000,247 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
[2009/05/16 14:23:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/05/12 17:34:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 23:20:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe" (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (CyberLink Corp.)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU" ()
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: Email Removed ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/16 11:07:41 | 00,000,000 | ---D | M]

[color=\"orange\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/05/16 11:03:54 | 00,001,708 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/16 00:57:21 | 00,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes
[2009/05/16 00:57:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/16 00:57:19 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/16 00:57:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/16 00:57:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/16 00:57:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/05/16 00:50:43 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/15 18:15:13 | 00,012,756 | ---- | C] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 17:39:26 | 00,011,090 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 16:25:09 | 00,014,809 | ---- | C] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:44 | 00,673,152 | ---- | C] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:42 | 00,602,247 | ---- | C] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:54 | 00,467,718 | ---- | C] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:39 | 00,705,880 | ---- | C] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:05 | 00,524,416 | ---- | C] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:29 | 00,586,106 | ---- | C] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:07 | 00,519,581 | ---- | C] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:09:26 | 00,011,945 | ---- | C] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | C] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/12 16:44:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/05/10 19:13:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2009/05/09 22:13:13 | 00,019,789 | ---- | C] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 18:09:00 | 00,015,334 | ---- | C] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 13:03:10 | 00,012,893 | ---- | C] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 20:35:56 | 00,014,344 | ---- | C] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | C] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | C] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:26 | 00,055,454 | ---- | C] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 21:18:32 | 00,012,519 | ---- | C] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | C] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | C] () -- C:\Users\home\Documents\DAD1.docx
[2009/04/29 23:38:33 | 00,011,601 | ---- | C] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:46:13 | 00,014,523 | ---- | C] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/29 21:27:22 | 00,011,102 | ---- | C] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:36 | 00,011,681 | ---- | C] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/27 21:03:56 | 00,012,528 | ---- | C] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/27 17:08:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/04/27 17:05:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/04/26 22:19:39 | 00,012,611 | ---- | C] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 16:08:07 | 00,012,797 | ---- | C] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 16:48:48 | 00,012,658 | ---- | C] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:15 | 00,015,676 | ---- | C] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:31:12 | 00,183,296 | ---- | C] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | C] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 13:56:11 | 00,011,743 | ---- | C] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx
[2006/11/02 08:34:27 | 00,000,336 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[color=\"orange\"]========== Files - Modified Within 30 Days ==========[/color]

[2009/05/16 21:01:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/16 14:23:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/16 14:23:18 | 42,228,32640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/16 11:03:54 | 00,001,708 | ---- | M] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/05/16 00:57:19 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/15 22:45:03 | 00,012,756 | ---- | M] () -- C:\Users\home\Documents\com140 persuasive memo514.docx
[2009/05/15 19:44:54 | 00,011,090 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 review speech 513.docx
[2009/05/14 18:58:16 | 00,014,809 | ---- | M] () -- C:\Users\home\Documents\gen105longshortgoals513.docx
[2009/05/12 22:32:50 | 00,673,152 | ---- | M] () -- C:\Users\home\Documents\IMG00026.jpg
[2009/05/12 22:31:46 | 00,602,247 | ---- | M] () -- C:\Users\home\Documents\IMG00027.jpg
[2009/05/12 22:06:56 | 00,467,718 | ---- | M] () -- C:\Users\home\Documents\IMG00019.jpg
[2009/05/12 22:06:44 | 00,705,880 | ---- | M] () -- C:\Users\home\Documents\IMG00018.jpg
[2009/05/12 22:06:07 | 00,524,416 | ---- | M] () -- C:\Users\home\Documents\IMG00021.jpg
[2009/05/12 22:05:32 | 00,586,106 | ---- | M] () -- C:\Users\home\Documents\IMG00024.jpg
[2009/05/12 22:05:13 | 00,519,581 | ---- | M] () -- C:\Users\home\Documents\IMG00029.jpg
[2009/05/12 21:49:01 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhome.job
[2009/05/12 21:17:34 | 00,011,945 | ---- | M] () -- C:\Users\home\Documents\com140 dq1 512.docx
[2009/05/12 20:05:02 | 00,016,079 | ---- | M] () -- C:\Users\home\Documents\wp negative message.docx
[2009/05/12 17:35:00 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/10 23:33:36 | 00,019,789 | ---- | M] () -- C:\Users\home\Documents\com 140 Negative Message Assignment510.docx
[2009/05/08 23:20:41 | 00,015,334 | ---- | M] () -- C:\Users\home\Documents\com 140 email58.docx
[2009/05/08 23:11:04 | 00,012,893 | ---- | M] () -- C:\Users\home\Documents\checkpoint com140 different kinds of messages.docx
[2009/05/06 22:35:23 | 00,014,344 | ---- | M] () -- C:\Users\home\Documents\checkpoint gen10556.docx
[2009/05/06 20:27:57 | 00,010,369 | ---- | M] () -- C:\Users\home\Documents\There are a few ways that you can guard against plagiarism.docx
[2009/05/06 16:17:36 | 00,009,867 | ---- | M] () -- C:\Users\home\Documents\009451397677.docx
[2009/05/04 21:21:27 | 00,055,454 | ---- | M] () -- C:\Users\home\Documents\commaspliceand commas.docx
[2009/05/03 23:17:51 | 00,012,519 | ---- | M] () -- C:\Users\home\Documents\com105 checkpoint week3 53.docx
[2009/05/03 13:51:10 | 00,013,633 | ---- | M] () -- C:\Users\home\Documents\starwars.docx
[2009/05/02 19:02:09 | 00,011,229 | ---- | M] () -- C:\Users\home\Documents\DAD1.docx
[2009/05/01 22:08:18 | 00,014,523 | ---- | M] () -- C:\Users\home\Documents\com140 table week 3 51.docx
[2009/04/30 23:15:36 | 00,011,601 | ---- | M] () -- C:\Users\home\Documents\gen105 checkpoint 430.docx
[2009/04/29 21:31:17 | 00,011,102 | ---- | M] () -- C:\Users\home\Documents\com140 dq2 429.docx
[2009/04/29 19:30:37 | 00,011,681 | ---- | M] () -- C:\Users\home\Documents\com 140 pq 429.docx
[2009/04/28 22:26:07 | 00,012,528 | ---- | M] () -- C:\Users\home\Documents\dq week 3 #1.docx
[2009/04/28 16:29:03 | 00,000,336 | ---- | M] () -- C:\Windows\win.ini
[2009/04/26 22:19:39 | 00,012,611 | ---- | M] () -- C:\Users\home\Documents\writepoint42609.docx
[2009/04/25 21:44:03 | 00,012,797 | ---- | M] () -- C:\Users\home\Documents\online resources day7.docx
[2009/04/24 17:46:36 | 00,012,658 | ---- | M] () -- C:\Users\home\Documents\Hi Anthony checkpoint gen 105.docx
[2009/04/23 20:58:16 | 00,015,676 | ---- | M] () -- C:\Users\home\Documents\appendix b 4-23-09.docm
[2009/04/22 22:37:52 | 00,183,296 | ---- | M] () -- C:\Users\home\Documents\C. DelvailleTime.doc
[2009/04/20 16:19:07 | 00,311,447 | ---- | M] () -- C:\Users\home\Documents\gen105_week2_reading1.pdf
[2009/04/17 16:45:27 | 00,011,743 | ---- | M] () -- C:\Users\home\Documents\Riverview Computer Cafe.docx

[color=\"orange\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:61A065F2
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:D3A8AA31
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3A6BC948
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:A2B9AD4B
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:A1D3FEF0
< End of report >

guestolo · « **Reply #21 on:** May 17, 2009, 11:53:34 AM »

Follow the instructions closely please

RIGHT CLICK on OTListIt2.exe on destkop and choose to "Run As Administrator"
Copy the contents of the paths below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[color=\"#0000FF\"]:OTLI
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true

:files
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml
@C:\ProgramData\Temp:1F96ED45
@C:\ProgramData\Temp:C0A2E219
@C:\ProgramData\Temp:22741C1F
@C:\ProgramData\Temp:60C897F3
@C:\ProgramData\Temp:16B49C20
@C:\ProgramData\Temp:61A065F2
@C:\ProgramData\Temp:D3A8AA31
@C:\ProgramData\Temp:3A6BC948
@C:\ProgramData\Temp:A2B9AD4B
@C:\ProgramData\Temp:A1D3FEF0

:commands
[emptytemp]
[Reboot][/color]

Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Close all Browser windows, including this one
Then Click the red Run Fix button.
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log

sona · « **Reply #22 on:** May 18, 2009, 01:40:17 PM »

First log posted, then deleted by User
========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\user.js moved successfully.
========== FILES ==========
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml moved successfully.
ADS C:\ProgramData\Temp:1F96ED45 deleted successfully.
ADS C:\ProgramData\Temp:C0A2E219 deleted successfully.
ADS C:\ProgramData\Temp:22741C1F deleted successfully.
ADS C:\ProgramData\Temp:60C897F3 deleted successfully.
ADS C:\ProgramData\Temp:16B49C20 deleted successfully.
ADS C:\ProgramData\Temp:61A065F2 deleted successfully.
ADS C:\ProgramData\Temp:D3A8AA31 deleted successfully.
ADS C:\ProgramData\Temp:3A6BC948 deleted successfully.
ADS C:\ProgramData\Temp:A2B9AD4B deleted successfully.
ADS C:\ProgramData\Temp:A1D3FEF0 deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\hsperfdata_home\2536 scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--13-25-02.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET9CEA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET9C7D.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05182009_143015

Files moved on Reboot...
File C:\Users\home\AppData\Local\Temp\hsperfdata_home\2536 not found!
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--13-25-02.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET9CEA.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET9C7D.tmp not found!

Registry entries deleted on Reboot...

Second log posted
========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
========== FILES ==========
File\Folder C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found.
File\Folder C:\Users\home\AppData\Roaming\Mozilla\FireFox\Profiles\yk9dkhpe.default\searchplugins\Yoog Search.xml not found.
Unable to delete ADS C:\ProgramData\Temp:1F96ED45 .
Unable to delete ADS C:\ProgramData\Temp:C0A2E219 .
Unable to delete ADS C:\ProgramData\Temp:22741C1F .
Unable to delete ADS C:\ProgramData\Temp:60C897F3 .
Unable to delete ADS C:\ProgramData\Temp:16B49C20 .
Unable to delete ADS C:\ProgramData\Temp:61A065F2 .
Unable to delete ADS C:\ProgramData\Temp:D3A8AA31 .
Unable to delete ADS C:\ProgramData\Temp:3A6BC948 .
Unable to delete ADS C:\ProgramData\Temp:A2B9AD4B .
Unable to delete ADS C:\ProgramData\Temp:A1D3FEF0 .
========== COMMANDS ==========
File delete failed. C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--14-31-50.log scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\JET2A88.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET95D8.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05182009_143702

Files moved on Reboot...
C:\Users\home\AppData\Local\Temp\CMLS--2009-05-18--14-31-50.log moved successfully.
File C:\Users\home\AppData\Local\Temp\JET2A88.tmp not found!
C:\Users\home\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
File C:\Windows\temp\JET95D8.tmp not found!

Registry entries deleted on Reboot...

guestolo · « **Reply #23 on:** May 18, 2009, 01:45:07 PM »

Can you Right click on Hijackthis shortcut on your desktop and choose to "Run as Administrator"
Do a System Scan and save logfile
Post the new log that opens

In addition, let me know how things are now running

sona · « **Reply #24 on:** May 18, 2009, 02:04:23 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:06 PM, on 5/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\aol\1238453836\ee\aolsoftware.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1238453836\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S18EC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12753 bytes

Things are running fine

guestolo · « **Reply #25 on:** May 18, 2009, 03:21:51 PM »

OTListIt2.exe

Right click on OTListIt2.exe to "Run as Administrator"
Click the Cleanup! button
Select Yes to reboot Now

I'll leave this topic open for a couple days, after which time I'll assume that everything is still ok and then lock it
Take care sona

If you have any problems within the next couple days post back in this topic

guestolo · « **Reply #26 on:** May 18, 2009, 03:37:15 PM »

So sorry, I forgot about Norton Internet Security expiring
Do the above, do you want to try a free solution of AntiVirus software?

sona · « **Reply #27 on:** May 18, 2009, 05:26:57 PM »

guestolo · « **Reply #28 on:** May 18, 2009, 10:16:47 PM »

Take a look at either of these 2 free AV software
Which do you prefer to have installed?
Avast Home Edition by ALWIL

Avira AntiVir Personal Edition Classic
Whichever you decide that you like, download and save the installer to desktop
DO NOT install it yet, but let me know which one you decided on
You ONLY want one AV software installed

sona · « **Reply #29 on:** May 19, 2009, 04:32:39 AM »

[quote name=\'guestolo\' post=\'462684\' date=\'May 18 2009, 11:16 PM\']Take a look at either of these 2 free AV software
Which do you prefer to have installed?
Avast Home Edition by ALWIL

Avira AntiVir Personal Edition Classic
Whichever you decide that you like, download and save the installer to desktop
DO NOT install it yet, but let me know which one you decided on
You ONLY want one AV software installed[/quote]

I will go with the Avira.

guestolo · « **Reply #30 on:** May 19, 2009, 10:11:34 AM »

Ok, I'll assume at this point you have the Avira free installer saved to desktop, don't run it yet

Next:
Download and save to your Desktop, the NORTON REMOVAL TOOL

From STEP 2 from the link, DON'T run it yet

1. Click the Start button to open your Start Menu.

2. When the Start Menu opens click on the Control Panel menu option.

3. When the Control Panel window opens click on the Uninstall a program option under the Programs category. If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.

Uninstall Norton Internet Security

Reboot when the uninstallation is complete

Norton can be tough to remove completely, I've even had users who can't access the Internet after removal
Now the next step
Right click the Norton Removal tool you downloaded earlier and choose to "Run as Administrator"
Follow all the prompts, if asked for a verification code when running the tool, type it in and continue
Reboot when prompted, if not prompted, reboot the computer anyways

Back in Windows
Ensure that the Vista Firewall is ON
1. Open Windows Firewall by clicking the Start button >clicking Control Panel, clicking Security, and then clicking Windows Firewall.
2. Click Turn Windows Firewall on or off. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Click On (recommended), and then click OK.

Right click on the Avira installer and choose to "Run As Administrator"
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows
Can you post all the following back please

Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"

sona · « **Reply #31 on:** May 20, 2009, 08:21:37 PM »

I see the info you posted. I will work on it Thursday, my day off.

sona · « **Reply #32 on:** May 26, 2009, 10:15:51 AM »

Avira AntiVir Personal
Report file date: Tuesday, May 26, 2009 10:29

Scanning for 1426566 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-PC

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 13:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26
ANTIVIR2.VDF : 7.1.4.0 2336768 Bytes 5/20/2009 14:27:41
ANTIVIR3.VDF : 7.1.4.19 199680 Bytes 5/26/2009 14:27:42
Engineversion : 8.2.0.168
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/26/2009 14:27:52
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 5/26/2009 14:27:51
AESCN.DLL : 8.1.2.3 127347 Bytes 5/26/2009 14:27:50
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 5/26/2009 14:27:49
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 5/26/2009 14:27:47
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56
AEGEN.DLL : 8.1.1.44 348532 Bytes 5/26/2009 14:27:44
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 5/26/2009 14:27:43
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Tuesday, May 26, 2009 10:29

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '0' Module(s) have been scanned
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '0' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '0' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'TSMAgent.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TVSched.exe' - '1' Module(s) have been scanned
Scan process 'TVCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '0' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '0' Module(s) have been scanned
Scan process 'SmartMenu.exe' - '0' Module(s) have been scanned
Scan process 'sttray64.exe' - '0' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned
Scan process 'igfxpers.exe' - '0' Module(s) have been scanned
Scan process 'hkcmd.exe' - '0' Module(s) have been scanned
Scan process 'igfxtray.exe' - '0' Module(s) have been scanned
Scan process 'BLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'agr64svc.exe' - '0' Module(s) have been scanned
Scan process 'AESTSr64.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'wlanext.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'hpservice.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '37' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\HP\BIN\EndProcess.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
C:\Program Files (x86)\Hewlett-Packard\HP TCS\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
C:\Users\home\Documents\LimeWire\Saved\chuck willis extended live version.snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\free style explosion.wma
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\jada and alchemist - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Users\home\Documents\LimeWire\Saved\the best of louis jordan.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\HP\BIN\EndProcess.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
[NOTE] The file was moved to '4a80070b.qua'!
C:\Program Files (x86)\Hewlett-Packard\HP TCS\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
[NOTE] The file was moved to '4a900702.qua'!
C:\Users\home\Documents\LimeWire\Saved\chuck willis extended live version.snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a910705.qua'!
C:\Users\home\Documents\LimeWire\Saved\free style explosion.wma
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a81070f.qua'!
C:\Users\home\Documents\LimeWire\Saved\jada and alchemist - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a8006fe.qua'!
C:\Users\home\Documents\LimeWire\Saved\the best of louis jordan.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a810705.qua'!

End of the scan: Tuesday, May 26, 2009 11:11
Used time: 40:03 Minute(s)

The scan has been done completely.

27938 Scanned directories
481280 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
481272 Files not concerned
3770 Archives were scanned
2 Warnings
8 Notes

guestolo · « **Reply #33 on:** May 26, 2009, 12:45:06 PM »

Can we do the following
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Close down all browser windows
Uninstall the following:
Javaâ„¢ 6 Update 12
Javaâ„¢ 6 Update 7
In addition, if you didn't purposely install the next one, uninstall it also
Viewpoint Media Player

Reboot the computer after any/all of the above are removed

Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "JRE 6 Update 13".
Click the "Download" button to the right.
In the Window that opens, beside PLATFORM: in the drop down menu select Windows x64>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop Right click on jre-6u13-windows-x64-p.exe and choose to "Run as Administrator" to install the newest version.

Once that is installed
I think that Avira, as many other scanners do, selected 2 files for quarantine that can be used maliciously
Or legit
In your case, they are probably legit, but let's get a second opinion
==============================================
# Click on the Start button in the Lower left screen of Windows
# Click on the Control Panel menu option.
# When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

# Double-click on the Folder Options icon.
#Click on the View tab.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files

If you are in the Control Panel Home view do the following:

#Click on the Appearance and Personalization link.
#Click on Show Hidden Files or Folders.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files

Apply and OK it
================================================================
I can't remember where Avira holds it infected backups in Vista, I believe it's this folder
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
It may just put the Infected folder in your user account, I'm not sure

go to this link
http://www.virustotal.com/flash/index_en.html
Browse to the file

C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a80070b.qua
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

Do the same for the next file
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a900702.qua

Once you have scanned those files
You can go back and Hide System Files/Folders and Protected Operating Files by reversing the steps we did earlier

denbo11 · « **Reply #34 on:** May 28, 2009, 09:07:13 AM »

YOOG has taken over both IE and Firefox? This happened to me yesterday after downloading files from Limewire. This is what i did to remove it. First i uninstalled limewire (only because this is how i got infected)
First i went to add and remove programs and completly uninstalled Mozzila Firefox including Thunderbird. then i went to search files and typed in mozzila,firefox,thunderbird.
even after uninstalling them i still had a couple of files in my C.drive-documents and settings-all users-Mozilla. this i deleted then emptied the recycle bin. then run another search in all files and folders to make sure there was nothing showing. re booted typed in mozilla in the IE search bar downloaded the latest version, installed and now everything is back to the way it was befour.
Although i am no computor buff i did ask my webmaster about it and it was he that told me what to do. It worked for me so im sure it will for you. All i can say is that i will not be useing Lime wire again.
I do wish you luck please let me know if it has worked for you also.

sona · « **Reply #35 on:** June 15, 2009, 08:04:33 PM »

java is only showing JRE 6 update 14. Should I download that instead?

[quote name=\'guestolo\' post=\'463072\' date=\'May 26 2009, 01:45 PM\']Can we do the following
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Close down all browser windows
Uninstall the following:
Javaâ„¢ 6 Update 12
Javaâ„¢ 6 Update 7
In addition, if you didn't purposely install the next one, uninstall it also
Viewpoint Media Player

Reboot the computer after any/all of the above are removed

Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "JRE 6 Update 13".
Click the "Download" button to the right.
In the Window that opens, beside PLATFORM: in the drop down menu select Windows x64>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop Right click on jre-6u13-windows-x64-p.exe and choose to "Run as Administrator" to install the newest version.

Once that is installed
I think that Avira, as many other scanners do, selected 2 files for quarantine that can be used maliciously
Or legit
In your case, they are probably legit, but let's get a second opinion
==============================================
# Click on the Start button in the Lower left screen of Windows
# Click on the Control Panel menu option.
# When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

# Double-click on the Folder Options icon.
#Click on the View tab.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files

If you are in the Control Panel Home view do the following:

#Click on the Appearance and Personalization link.
#Click on Show Hidden Files or Folders.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide extensions for known file types.
#Remove the checkmark from the checkbox labeled Hide protected operating system files

Apply and OK it
================================================================
I can't remember where Avira holds it infected backups in Vista, I believe it's this folder
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
It may just put the Infected folder in your user account, I'm not sure

go to this link
http://www.virustotal.com/flash/index_en.html
Browse to the file

C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a80070b.qua
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

Do the same for the next file
C:\Users\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a900702.qua

Once you have scanned those files
You can go back and Hide System Files/Folders and Protected Operating Files by reversing the steps we did earlier[/quote]

guestolo · « **Reply #36 on:** June 15, 2009, 08:27:10 PM »

Update 14 is fine
Are you still having problems with Yoog?

sona · « **Reply #37 on:** June 15, 2009, 09:26:19 PM »

[quote name=\'guestolo\' post=\'463499\' date=\'Jun 15 2009, 09:27 PM\']Update 14 is fine
Are you still having problems with Yoog?[/quote]

no problems with yoog

sona · « **Reply #38 on:** June 17, 2009, 09:24:46 AM »

http://www.virustotal.com/analisis/6e1a51c...c107-1245120073

http://www.virustotal.com/analisis/22cef0d...deba-1245120286

sona · « **Reply #39 on:** June 20, 2009, 06:49:50 PM »

I just noticed yoog is on my internet explorer

News:

Author Topic: yoog (Read 6869 times)