« previous next »
Pages: [1]

Author Topic: Yoog, too!  (Read 1039 times)

Offline jbj4ever

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Yoog, too!
« on: May 20, 2009, 09:45:53 PM »
I am obviously not the only one trying to get Yoog off my computer.  It seems as each case is different so I hope you'll excuse me if I shouldn't be posting a new topic... feel free to move me around or direct me to another post.

I use Firefox, but also have IE installed.  I am currently running F-Secure Online Scan with the firefox plugin.  Don't know the results yet.  Please advise me what to do and post for your help.

I need it!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Yoog, too!
« Reply #1 on: May 20, 2009, 10:02:02 PM »
Can you post the results of the F-Secure Online Scan when it's done

In addition:
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

After you post the above, can you refrain from installing or running any more scanners till I get a chance to look at some logs please
« Last Edit: May 20, 2009, 10:02:53 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jbj4ever

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Yoog, too!
« Reply #2 on: May 20, 2009, 10:19:14 PM »
Below is the log.  I don't have the F-Secure log for you... I closed it out before I received your reply.  It found 6 items and "fixed" them.  

Thanks for your help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:38 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1228876803\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\Becki Reeder\Application Data\Smilebox\SmileboxTray.exe
C:\Documents and Settings\Becki Reeder\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
C:\Program Files\Common Files\AOL\1228876803\ee\AOLDesktop.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\AolTbServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081105
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081105
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: trueads search enhancer - {8A84CF65-17F4-7DB2-BCC4-920F566EAD97} - C:\WINDOWS\system32\gcxxkhwkng.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: trueads - {ea876c95-fcf7-c89d-3ec3-32a3626778f0} - C:\WINDOWS\system32\nsb673.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1228876803\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Becki Reeder\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Becki Reeder\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (User 'Default user')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12103 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Yoog, too!
« Reply #3 on: May 20, 2009, 10:42:01 PM »
Well, maybe we'll run F-Secure later and see if we can get a log from it
DON'T do it now

For now, can you do the following please
Download and Save to your desktop
[color=\"#FF0000\"]OTS.exe[/color] by OldTimer

Double click on OTS.exe to run it
Under Additionaly Scans click the button labelled "Extras"
Also, put a tick beside>> Reg - Disabled MS Config Items
So now all the following will be ticked
    Reg - Disabled MS Config Items
    Reg - File Associations
    Reg - Protocol Filters
    Reg - Protocol Handlers
    Reg - Security Center Settings
    Reg - Winsock2 Catalogs
    Reg - Uninstall List
    Evnt - EventViewer Logs (Last 10 Errors)

Afterwards: Click the button [color=\"#0000FF\"]Run Scan[/color]

Let this scan finish, when done, it will open a log
Can you copy and paste that log back here please
A copy of the log will also be on your desktop>>OTS.txt

NOTE: If you do get an error posting this log, please Upload it in a reply
Simply using the UPLOAD>Browse.. buttons on the bottom right of the reply box

Also, I'm stepping out for about an Hour, the scan with OTS.exe will only take about 5 minutes
I'll take a look as soon as I get back
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jbj4ever

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Yoog, too!
« Reply #4 on: May 20, 2009, 10:51:22 PM »
Here is the OTS log file.  Thanks again...

code]
OTS logfile created on: 5/20/2009 10:45:45 PM - Run 1
OTS by OldTimer - Version 3.0.2.4     Folder = C:\Documents and Settings\Becki Reeder\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.36 Mb Total Physical Memory | 293.14 Mb Available Physical Memory | 28.90% Memory free
2.38 Gb Paging File | 1.33 Gb Available in Paging File | 55.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.73 Gb Total Space | 32.24 Gb Free Space | 49.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D32K5JC1
Current User Name: Becki Reeder
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
adobe_updater.exe -> C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe -> [2009/03/17 21:59:41 | 02,521,464 | ---- | M] (Adobe Systems Incorporated)
agent.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe -> [2006/09/11 05:40:30 | 00,992,176 | ---- | M] (Macrovision Corporation)
aolacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC)
aoldesktop.exe -> C:\Program Files\Common Files\AOL\1228876803\ee\AOLDesktop.exe -> [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC)
aolsoftware.exe -> C:\Program Files\Common Files\AOL\1228876803\ee\AOLSoftware.exe -> [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC)
aoltbserver.exe -> c:\program files\aol toolbar\AolTbServer.exe -> [2008/07/07 15:36:06 | 00,140,640 | ---- | M] (AOL LLC)
apmsgfwd.exe -> C:\Program Files\DellTPad\ApMsgFwd.exe -> [2008/02/21 16:24:54 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
apntex.exe -> C:\Program Files\DellTPad\Apntex.exe -> [2008/02/21 16:24:54 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> C:\Program Files\DellTPad\Apoint.exe -> [2008/02/21 16:24:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
bcmwltry.exe -> C:\WINDOWS\System32\bcmwltry.exe -> [2008/06/29 21:42:14 | 01,961,984 | ---- | M] (Dell Inc.)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/04/29 21:00:09 | 00,307,704 | ---- | M] (Mozilla Corporation)
flipshareservice.exe -> C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -> [2008/11/13 14:17:38 | 00,439,616 | ---- | M] ()
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/11/05 11:12:36 | 00,029,744 | ---- | M] (Google)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/11/05 11:12:36 | 00,029,744 | ---- | M] (Google)
hidfind.exe -> C:\Program Files\DellTPad\HidFind.exe -> [2008/02/21 16:25:06 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
hijackthis.exe -> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -> [2009/05/20 22:14:16 | 00,396,288 | ---- | M] (Trend Micro Inc.)
hkcmd.exe -> C:\WINDOWS\System32\hkcmd.exe -> [2008/02/21 19:06:20 | 00,166,424 | ---- | M] (Intel Corporation)
hpoevm08.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> [2003/04/09 18:49:36 | 00,286,720 | ---- | M] (Hewlett-Packard Co.)
hpohmr08.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/09 19:21:38 | 00,147,456 | ---- | M] (Hewlett-Packard Co.)
hposts08.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe -> [2003/04/09 18:59:24 | 00,311,296 | ---- | M] (Hewlett-Packard Co.)
hpotdd01.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/09 19:11:12 | 00,028,672 | ---- | M] (Hewlett-Packard)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation)
igfxpers.exe -> C:\WINDOWS\System32\igfxpers.exe -> [2008/02/21 19:06:24 | 00,137,752 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> C:\WINDOWS\System32\igfxsrvc.exe -> [2008/02/21 19:06:34 | 00,252,440 | ---- | M] (Intel Corporation)
igfxtray.exe -> C:\WINDOWS\System32\igfxtray.exe -> [2008/02/21 19:06:34 | 00,141,848 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
isuspm.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation)
isuspm.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/16 22:33:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/03/16 22:33:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
lxrautorun.exe -> C:\Documents and Settings\Becki Reeder\Local Settings\Application Data\Lexar Media\LxrAutorun.exe -> [2007/03/07 10:51:52 | 00,024,576 | ---- | M] ()
lxrsii1s.exe -> C:\WINDOWS\System32\LxrSII1s.exe -> [2007/03/07 10:51:52 | 00,049,152 | ---- | M] ()
mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2007/08/15 13:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 13:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2007/07/18 13:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
o2flash.exe -> C:\WINDOWS\System32\DRIVERS\o2flash.exe -> [2008/08/26 19:39:38 | 00,071,512 | ---- | M] (O2Micro International)
ots.exe -> C:\Documents and Settings\Becki Reeder\Desktop\OTS.exe -> [2009/05/20 22:43:36 | 00,504,320 | ---- | M] (OldTimer Tools)
pdvddxsrv.exe -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> [2008/05/23 15:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.)
picaboomain.exe -> C:\Program Files\Picaboo\Picaboo\PicabooMain.exe -> [2009/02/05 12:39:44 | 00,606,208 | ---- | M] (Picaboo)
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> [2008/02/22 13:43:38 | 01,245,184 | ---- | M] (Dell Inc.)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2008/02/21 16:21:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.)
smileboxtray.exe -> C:\Documents and Settings\Becki Reeder\Application Data\Smilebox\SmileboxTray.exe -> [2009/04/24 04:11:36 | 00,254,600 | ---- | M] (Smilebox, Inc.)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2008/04/14 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wltray.exe -> C:\WINDOWS\System32\WLTRAY.exe -> [2008/06/29 21:42:40 | 02,220,032 | ---- | M] (Dell Inc.)
wltrysvc.exe -> C:\WINDOWS\System32\WLTRYSVC.EXE -> [2008/06/29 21:42:42 | 00,024,064 | ---- | M] ()
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AOL ACS) AOL Connectivity Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -> [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2005/09/23 14:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2005/09/23 14:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation)
(FlipShare Service) FlipShare Service [Win32_Own | Auto | Running] -> C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -> [2008/11/13 14:17:38 | 00,439,616 | ---- | M] ()
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/21 04:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-010708-104812) Google Desktop Manager 5.7.801.7324 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/11/05 11:12:36 | 00,029,744 | ---- | M] (Google)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/05/06 07:28:26 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 07:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 10:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/16 22:33:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LxrSII1s) Lexar Secure II [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\LxrSII1s.exe -> [2007/03/07 10:51:52 | 00,049,152 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2007/11/07 10:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2007/08/15 13:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 13:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2007/07/18 13:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 10:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(O2FLASH) O2FLASH [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\o2flash.exe -> [2008/08/26 19:39:38 | 00,071,512 | ---- | M] (O2Micro International)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\HPZipm12.exe -> [2003/03/09 22:31:02 | 00,065,795 | ---- | M] (HP)
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2007/07/11 10:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\WLTRYSVC.EXE -> [2008/06/29 21:42:42 | 00,024,064 | ---- | M] ()
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(61883) 61883 Unit Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\61883.sys -> [2008/04/14 01:16:22 | 00,048,128 | ---- | M] (Microsoft Corporation)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/14 07:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -> [2008/02/21 16:24:52 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.)
(APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(Avc) AVC Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\avc.sys -> [2008/04/14 01:16:22 | 00,038,912 | ---- | M] (Microsoft Corporation)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -> [2008/06/29 21:42:26 | 01,287,552 | ---- | M] (Broadcom Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 20:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DLABMFSM) DLABMFSM [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLABMFSM.SYS -> [2007/07/23 16:04:58 | 00,037,360 | ---- | M] (Roxio)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLABOIOM.SYS -> [2007/07/23 16:04:52 | 00,032,848 | ---- | M] (Roxio)
(DLACDBHM) DLACDBHM [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -> [2007/07/23 15:49:44 | 00,014,576 | ---- | M] (Roxio)
(DLADResM) DLADResM [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLADResM.SYS -> [2007/07/23 16:05:20 | 00,009,104 | ---- | M] (Roxio)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS -> [2007/07/23 16:04:50 | 00,108,752 | ---- | M] (Roxio)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS -> [2007/07/23 16:04:54 | 00,027,216 | ---- | M] (Roxio)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLAPoolM.SYS -> [2007/07/23 16:04:52 | 00,016,304 | ---- | M] (Roxio)
(DLARTL_M) DLARTL_M [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -> [2007/07/23 15:49:44 | 00,030,064 | ---- | M] (Roxio)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS -> [2007/07/23 16:04:56 | 00,093,552 | ---- | M] (Roxio)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS -> [2007/07/23 16:04:56 | 00,098,448 | ---- | M] (Roxio)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2007/07/23 15:55:44 | 00,099,808 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -> [2007/07/23 15:43:42 | 00,052,000 | ---- | M] (Roxio)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2003/03/09 22:31:00 | 00,051,024 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2003/03/09 22:31:02 | 00,016,080 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2003/03/09 22:31:02 | 00,021,456 | ---- | M] (HP)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -> [2008/02/21 19:06:38 | 05,776,928 | ---- | M] (Intel Corporation)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iaStor.sys -> [2008/03/17 16:54:30 | 00,305,176 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2008/02/21 16:21:58 | 04,625,408 | ---- | M] (Realtek Semiconductor Corp.)
(LxrSII1d) Secure II Driver [Kernel | Auto | Running] -> C:\WINDOWS\System32\Drivers\LxrSII1d.sys -> [2007/03/07 10:51:52 | 00,072,672 | ---- | M] ()
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfeavfk.sys -> [2007/11/22 07:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfebopk.sys -> [2007/11/22 07:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\mfehidk.sys -> [2007/11/22 07:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\mferkdk.sys -> [2007/11/22 07:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfesmfk.sys -> [2007/12/02 13:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\Mpfp.sys -> [2007/07/13 07:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(MSDV) Microsoft DV Camera and VCR [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\msdv.sys -> [2008/04/14 01:16:10 | 00,051,200 | ---- | M] (Microsoft Corporation)
(O2MDRDR) O2MDRDR [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\o2media.sys -> [2008/08/26 19:39:42 | 00,051,288 | ---- | M] (O2Micro )
(O2SDRDR) O2SDRDR [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\o2sd.sys -> [2008/08/26 19:39:48 | 00,043,608 | ---- | M] (O2Micro )
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008/06/16 05:00:00 | 00,044,944 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -> [2008/02/21 19:28:14 | 00,105,856 | ---- | M] (Realtek Semiconductor Corporation                           )
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/14 07:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\usbaapl.sys -> [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081105 ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081105 ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [IAOLTBSearch Class] -> [2008/07/07 15:36:06 | 01,275,232 | ---- | M] (AOL LLC)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081105 ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerm...tf8&oe=utf8 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www27.yoog.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [IAOLTBSearch Class] -> [2008/07/07 15:36:06 | 01,275,232 | ---- | M] (AOL LLC)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\prefs.js ->
browser.search.defaultenginename -> "Yoog Search" ->
browser.search.defaulturl -> "http://www27.yoog.com/search.php?q=" ->
browser.search.selectedEngine -> "Yoog Search" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www27.yoog.com/" ->
extensions.enabledItems -> {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.13.7.1 ->
extensions.enabledItems -> [email protected]:1.00 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> [email protected]:1.0.0.071303000006 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->
keyword.URL -> "http://www27.yoog.com/search.php?q=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\user.js ->
browser.startup.homepage -> "http://www27.yoog.com/" ->
browser.search.defaultenginename -> "Yoog Search" ->
browser.search.defaulturl -> "http://www27.yoog.com/search.php?q=" ->
browser.search.selectedEngine -> "Yoog Search" ->
keyword.URL -> "http://www27.yoog.com/search.php?q=" ->
keyword.enabled -> true ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  ->
HKLM\software\mozilla\Firefox\extensions\\[email protected] -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/03/16 22:33:56 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/05/16 12:01:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/04/29 21:00:18 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Extensions -> [2008/12/09 21:32:06 | 00,000,335 | ---- | M] ()
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/12/09 21:32:06 | 00,000,335 | ---- | M] ()
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Extensions\[email protected] -> [2008/12/09 21:32:06 | 00,000,335 | ---- | M] ()
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Firefox\Profiles\baabzowu.default\extensions -> [2009/05/20 21:30:25 | 00,097,948 | ---- | M] ()
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Firefox\Profiles\baabzowu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/05/20 21:30:25 | 00,097,948 | ---- | M] ()
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Firefox\Profiles\baabzowu.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} -> [2009/05/20 21:30:25 | 00,097,948 | ---- | M] ()
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Firefox\Profiles\baabzowu.default\extensions\[email protected] -> [2009/05/20 21:30:25 | 00,097,948 | ---- | M] ()
 -> C:\Documents and Settings\Becki Reeder\Application Data\mozilla\Firefox\Profiles\baabzowu.default\extensions\[email protected] -> [2009/05/20 21:30:25 | 00,097,948 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\searchplugins\ -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\searchplugins -> [2009/05/18 22:34:34 | 00,000,000 | ---D | M]
aol-search.xml -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\searchplugins\aol-search.xml -> [2008/12/09 22:04:09 | 00,001,724 | ---- | M] ()
Yoog Search.xml -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\searchplugins\Yoog Search.xml -> [2009/05/20 21:30:26 | 00,000,247 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/04/29 21:00:18 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/04/29 21:00:18 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009/04/29 21:00:18 | 09,756,664 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/05/16 12:01:46 | 00,000,000 | ---D | M]
5db0f599-3124-c520-78fe-d8a01acf5814.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\5db0f599-3124-c520-78fe-d8a01acf5814.dll -> [2009/04/29 10:06:18 | 00,680,960 | ---- | M] ( )
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/04/29 21:00:08 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/04/29 21:00:08 | 00,134,648 | ---- | M] (Mozilla Foundation)
gcxxkhwkng.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\gcxxkhwkng.dll -> [2009/05/14 10:53:46 | 00,463,360 | ---- | M] ()
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/04/29 21:00:18 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/16 22:33:54 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npLegitCheckPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npLegitCheckPlugin.dll -> [2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/04/29 21:00:13 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2008/12/09 22:17:25 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2008/12/09 22:17:25 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2008/12/09 22:17:25 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2008/12/09 22:17:25 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2008/12/09 22:17:25 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2008/12/09 22:17:25 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2008/12/09 22:17:25 | 00,143,360 | ---- | M] (Apple Inc.)
npsnapfish.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npsnapfish.dll -> [2008/09/15 12:52:06 | 00,376,832 | ---- | M] ( )
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2008/12/09 22:17:25 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2008/12/09 12:42:29 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/10/30 01:00:50 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/10/30 01:00:50 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/10/30 01:00:50 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/10/30 01:00:50 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/10/30 01:00:50 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/10/30 01:00:50 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2008/10/30 01:00:50 | 00,000,792 | ---- | M] ()
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [AOL Toolbar Loader] -> [2008/07/07 15:36:06 | 01,275,232 | ---- | M] (AOL LLC)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2007/11/09 13:09:08 | 00,058,688 | ---- | M] (McAfee, Inc.)
{8A84CF65-17F4-7DB2-BCC4-920F566EAD97} [HKLM] -> C:\WINDOWS\System32\gcxxkhwkng.dll [trueads search enhancer] -> [2009/05/14 10:53:52 | 00,571,392 | ---- | M] ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/05/05 18:17:57 | 00,259,696 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/04/15 20:17:10 | 00,668,656 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/05/05 18:17:57 | 00,470,512 | ---- | M] (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/09 10:56:48 | 00,098,304 | ---- | M] (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/16 22:33:53 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/16 22:33:56 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{ea876c95-fcf7-c89d-3ec3-32a3626778f0} [HKLM] -> C:\WINDOWS\System32\nsb673.dll [trueads] -> [2009/04/29 10:06:16 | 00,686,592 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/05/05 18:17:57 | 00,259,696 | ---- | M] (Google Inc.)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [AOL Toolbar] -> [2008/07/07 15:36:06 | 01,275,232 | ---- | M] (AOL LLC)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/05/05 18:17:57 | 00,259,696 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/05/05 18:17:57 | 00,259,696 | ---- | M] (Google Inc.)
WebBrowser\\"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL Toolbar\aoltb.dll [AOL Toolbar] -> [2008/07/07 15:36:06 | 01,275,232 | ---- | M] (AOL LLC)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/02/21 16:21:46 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2008/02/21 16:24:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI" -> C:\WINDOWS\System32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY.exe] -> [2008/06/29 21:42:40 | 02,220,032 | ---- | M] (Dell Inc.)
"Dell QuickSet" -> C:\Program Files\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2008/02/22 13:43:38 | 01,245,184 | ---- | M] (Dell Inc.)
"dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2008/03/11 13:44:42 | 00,016,384 | ---- | M] ( )
"ECenter" -> C:\Dell\E-Center\EULALauncher.exe [C:\Dell\E-Center\EULALauncher.exe] -> [2008/02/28 14:59:48 | 00,017,920 | ---- | M] ( )
"Google Desktop Search" ->  ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
"HostManager" -> C:\Program Files\Common Files\AOL\1228876803\ee\AOLSoftware.exe [C:\Program Files\Common Files\AOL\1228876803\ee\AOLSoftware.exe] -> [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC)
"HotKeysCmds" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2008/02/21 19:06:20 | 00,166,424 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINDOWS\System32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2008/02/21 19:06:34 | 00,141,848 | ---- | M] (Intel Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
"NeroFilterCheck" -> C:\WINDOWS\System32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2006/01/12 16:40:44 | 00,155,648 | ---- | M] (Nero AG)
"PDVDDXSrv" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2008/05/23 15:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.)
"Persistence" -> C:\WINDOWS\System32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2008/02/21 19:06:24 | 00,137,752 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/11/04 11:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.EXE [RTHDCPL.EXE] -> [2008/02/21 16:21:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/16 22:33:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ISUSPM" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation)
"LxrAutorun" -> C:\Documents and Settings\Becki Reeder\Local Settings\Application Data\Lexar Media\LxrAutorun.exe [C:\Documents and Settings\Becki Reeder\Local Settings\Application Data\Lexar Media\LxrAutorun.exe] -> [2007/03/07 10:51:52 | 00,024,576 | ---- | M] ()
"SmileboxTray" -> C:\Documents and Settings\Becki Reeder\Application Data\Smilebox\SmileboxTray.exe ["C:\Documents and Settings\Becki Reeder\Application Data\Smilebox\SmileboxTray.exe"] -> [2009/04/24 04:11:36 | 00,254,600 | ---- | M] (Smilebox, Inc.)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/11/05 11:12:34 | 00,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/09 19:21:38 | 00,147,456 | ---- | M] (Hewlett-Packard Co.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/09 19:11:12 | 00,028,672 | ---- | M] (Hewlett-Packard)
< Becki Reeder Startup Folder > -> C:\Documents and Settings\Becki Reeder\Start Menu\Programs\Startup ->
C:\Documents and Settings\Becki Reeder\Start Menu\Programs\Startup\AOL Desktop.lnk -> C:\Program Files\Common Files\AOL\Launch\aollaunch.exe -> [2008/06/24 13:34:51 | 00,041,824 | ---- | M] (AOL LLC)
C:\Documents and Settings\Becki Reeder\Start Menu\Programs\Startup\LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe -> [2009/03/10 15:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC)
C:\Documents and Settings\Becki Reeder\Start Menu\Programs\Startup\Picaboo.lnk -> C:\Program Files\Picaboo\Picaboo\PicabooMain.exe -> [2009/02/05 12:39:44 | 00,606,208 | ---- | M] (Picaboo)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar Search -> C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html [C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html] -> [2008/05/22 09:44:38 | 00,000,747 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 12:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 12:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 12:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_Email Removed [*] -> Out of zone range - ( 5 ) ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_12] ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/11/05 11:12:39 | 00,111,616 | ---- | M] (Google)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\Explorer.exe -> [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2008/02/21 19:06:22 | 00,208,896 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\1228876803\ee\AOLDesktop.exe" -> C:\Program Files\Common Files\AOL\1228876803\ee\AOLDesktop.exe [C:\Program Files\Common Files\AOL\1228876803\ee\AOLDesktop.exe:*:Enabled:AOL Desktop] -> [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\1228876803\ee\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1228876803\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1228876803\ee\aolsoftware.exe:*:Enabled:AOL
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Yoog, too!
« Reply #5 on: May 20, 2009, 11:57:52 PM »
Close down all browser windows, access your Add and Remove Programs and remove if you can
Contextual Application Trueads
and also Search Assistant Trueads
If either asks to type a verification code, do so, if you aren't able to type in the code
Try to copy/paste it

Carry on with the following
Start OTS.exe. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the [color=\"#2E8B57\"]Run Fix[/color] button.
Code: [Select]
[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe
YN -> iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www27.yoog.com/
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\prefs.js
YN -> browser.search.defaultenginename -> "Yoog Search"
YN -> browser.search.defaulturl -> "http://www27.yoog.com/search.php?q="
YN -> browser.search.selectedEngine -> "Yoog Search"
YN -> browser.startup.homepage -> "http://www27.yoog.com/"
YN -> keyword.URL -> "http://www27.yoog.com/search.php?q="
< FireFox Settings [User.js] > -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\user.js
YN -> browser.startup.homepage -> "http://www27.yoog.com/"
YN -> browser.search.defaultenginename -> "Yoog Search"
YN -> browser.search.defaulturl -> "http://www27.yoog.com/search.php?q="
YN -> browser.search.selectedEngine -> "Yoog Search"
YN -> keyword.URL -> "http://www27.yoog.com/search.php?q="
YN -> keyword.enabled -> true
< FireFox SearchPlugins [User Folders] > ->
NY -> Yoog Search.xml -> C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\searchplugins\Yoog Search.xml
< FireFox Components [Program Folders] > ->
NY -> 5db0f599-3124-c520-78fe-d8a01acf5814.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\5db0f599-3124-c520-78fe-d8a01acf5814.dll
NY -> gcxxkhwkng.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\gcxxkhwkng.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
NY -> {8A84CF65-17F4-7DB2-BCC4-920F566EAD97} [HKLM] -> C:\WINDOWS\System32\gcxxkhwkng.dll [trueads search enhancer]
NY -> {ea876c95-fcf7-c89d-3ec3-32a3626778f0} [HKLM] -> C:\WINDOWS\System32\nsb673.dll [trueads]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE]
[Files/Folders - Created Within 30 Days]
NY -> gcxxkhwkng.dll-uninst.exe -> C:\WINDOWS\System32\gcxxkhwkng.dll-uninst.exe
NY -> 5e890e5e-31ea-f604-de60-5edcfd8153ed.exe -> C:\WINDOWS\System32\5e890e5e-31ea-f604-de60-5edcfd8153ed.exe
NY -> gcxxkhwkng.dll -> C:\WINDOWS\System32\gcxxkhwkng.dll
NY -> nsb673.dll -> C:\WINDOWS\System32\nsb673.dll
[Empty Temp Folders]
[Start Explorer]
[Reboot]The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jbj4ever

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Yoog, too!
« Reply #6 on: May 21, 2009, 12:20:40 AM »
Let me say this:  I was so excited to NOT see Yoog when I rebooted and opened Firefox to access this post.  The log is posted below.  (Is it the power of suggestion or is it possible that my connection is faster now?)  

[Processes - Safe List]
No active process named firefox.exe was found!
No active process named iexplore.exe was found!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: "http://www27.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
User.js: "http://www27.yoog.com/" removed from browser.startup.homepage
User.js: "Yoog Search" removed from browser.search.defaultenginename
User.js: "http://www27.yoog.com/search.php?q=" removed from browser.search.defaulturl
User.js: "Yoog Search" removed from browser.search.selectedEngine
User.js: "http://www27.yoog.com/search.php?q=" removed from keyword.URL
User.js: true removed from keyword.enabled
C:\Documents and Settings\Becki Reeder\Application Data\Mozilla\FireFox\Profiles\baabzowu.default\searchplugins\Yoog Search.xml moved successfully.
File C:\PROGRAM FILES\MOZILLA FIREFOX\components\5db0f599-3124-c520-78fe-d8a01acf5814.dll not found.
File C:\PROGRAM FILES\MOZILLA FIREFOX\components\gcxxkhwkng.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A84CF65-17F4-7DB2-BCC4-920F566EAD97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A84CF65-17F4-7DB2-BCC4-920F566EAD97}\ not found.
File C:\WINDOWS\System32\gcxxkhwkng.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea876c95-fcf7-c89d-3ec3-32a3626778f0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea876c95-fcf7-c89d-3ec3-32a3626778f0}\ not found.
File C:\WINDOWS\System32\nsb673.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
[Files/Folders - Created Within 30 Days]
File C:\WINDOWS\System32\gcxxkhwkng.dll-uninst.exe not found!
File C:\WINDOWS\System32\5e890e5e-31ea-f604-de60-5edcfd8153ed.exe not found!
File C:\WINDOWS\System32\gcxxkhwkng.dll not found!
File C:\WINDOWS\System32\nsb673.dll not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Becki Reeder\Local Settings\Temp\CMLS--2009-05-18--22-37-08.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Becki Reeder\Local Settings\Temp\~DF4916.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_CpN6tVRQkbRfsoq scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_DVAggL2CE0GzqrW scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_BzqosPeqNndScb7 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_E3YXgbjVWlIXgFR scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZpMwqNrwdeVPIMr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTS by OldTimer - Version 3.0.2.4 fix logfile created on 05212009_001015

Files moved on Reboot...
C:\Documents and Settings\Becki Reeder\Local Settings\Temp\CMLS--2009-05-18--22-37-08.log moved successfully.
C:\Documents and Settings\Becki Reeder\Local Settings\Temp\~DF4916.tmp moved successfully.
File C:\WINDOWS\temp\mcafee_CpN6tVRQkbRfsoq not found!
File C:\WINDOWS\temp\mcafee_DVAggL2CE0GzqrW not found!
File C:\WINDOWS\temp\mcmsc_BzqosPeqNndScb7 not found!
File C:\WINDOWS\temp\mcmsc_E3YXgbjVWlIXgFR not found!
File C:\WINDOWS\temp\mcmsc_ZpMwqNrwdeVPIMr not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat not found!

Registry entries deleted on Reboot...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Yoog, too!
« Reply #7 on: May 21, 2009, 12:24:59 AM »
Can you still do the following
I see mbam-setup.exe on your desktop, It's the installer for Malwarebytes' Anti-Malware I assume

Here's my typical instructions
You don't have to download it again if you still have the installer

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
       
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With the MBAM log, run a fresh Scan and Save logfile with Hijackthis and post the new log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jbj4ever

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Yoog, too!
« Reply #8 on: May 21, 2009, 01:19:02 AM »
Malwarebytes' Anti-Malware 1.36
Database version: 2161
Windows 5.1.2600 Service Pack 3

5/21/2009 1:18:06 AM
mbam-log-2009-05-21 (01-18-06).txt

Scan type: Quick Scan
Objects scanned: 85217
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Yoog, too!
« Reply #9 on: May 21, 2009, 01:33:30 AM »
I wanted to see a fresh Hijackthis log also, but don't worry about it
Can you do the following instead
Delete the text file that OTS.exe created on desktop>>OTS.txt

Then reopen OTS.exe
Don't tick any options
But click on [color=\"#0000FF\"]Run Scan[/color]

Post the new log that opens, I just want to make sure some files are gone
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »