Author Topic: Back with a Yoog Problem (Read 2107 times)

Andy k · « **on:** June 07, 2009, 05:55:39 PM »

Parent's decided to go against what I told them and used Limewire to successfully get the Yoog problem once again. Thanks for your time

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:52 PM, on 6/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\program files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O18 - Protocol: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - C:\Program Files\MediaMan\CoMProt.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9be064eac8982) (gupdate1c9be064eac8982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10205 bytes

guestolo · « **Reply #1 on:** June 07, 2009, 06:12:28 PM »

Download [color=\"#FF0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Double click on OTListIt2.exe to Run it
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Andy k · « **Reply #2 on:** June 10, 2009, 10:35:33 AM »

[quote name=\'guestolo\' post=\'463353\' date=\'Jun 7 2009, 06:12 PM\']Download [color=\"#ff0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.

Close all windows and Double click on OTListIt2.exe to Run it
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

[/quote]

Hey quest,
I'm having a problem with Old Timer. I tried right clicking and "saving as" to the desktop and it saves it as .exe.htm So I changed the extension to just .exe and it brings up a Dos Prompt box and an error message that give me the option to CLose or Ignore. Both shut down. Just left clicking the OTLISTIT2 gives me a 404, and going to the website that it appears to be hosted at shows it as "coming soon".

Know anywhere else to get it, or am I doing it wrong?

Solarstart · « **Reply #3 on:** June 10, 2009, 11:14:06 AM »

[censored] ya

Andy k · « **Reply #4 on:** June 10, 2009, 07:40:09 PM »

[quote name=\'Conn Conn 25\' post=\'463399\' date=\'Jun 10 2009, 11:14 AM\'][censored] ya[/quote]

I Appreciate the input, my computer works perfectly now.....

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> Also, in your Homo list, you spelled "you're" wrong

guestolo · « **Reply #5 on:** June 10, 2009, 11:21:29 PM »

I seem to be having the same problem

Try the following
Download and Save to your desktop
[color=\"#FF0000\"]OTS.exe[/color] by OldTimer

Right click on OTS.exe and choose to "Run as Administrator"
Under Additional Scans click the button labelled "Extras"
Also, put a tick beside>> Reg - Disabled MS Config Items
So now all the following will be ticked

Afterwards: Click the button [color=\"#0000FF\"]Run Scan[/color]

Let this scan finish, when done, it will open a log
Can you copy and paste that log back here please
A copy of the log will also be on your desktop>>OTS.txt

NOTE: IF you do get an error posting this log, please Upload it in a reply
Simply using the Browse..>> UPLOAD buttons on the bottom right of the reply box

Andy k · « **Reply #6 on:** June 16, 2009, 08:13:28 PM »

Sorry about the delay, I had a pressing matter in Jacksonville. I appreciate your attention!OTS logfile created on: 6/16/2009 9:10:02 PM - Run 1OTS by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\HP_Administrator\DesktopWindows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.42 Mb Total Physical Memory | 251.51 Mb Available Physical Memory | 24.79% Memory free2.38 Gb Paging File | 1.49 Gb Available in Paging File | 62.30% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 224.87 Gb Total Space | 170.95 Gb Free Space | 76.02% Space Free | Partition Type: NTFSDrive D: | 8.00 Gb Total Space | 1.40 Gb Free Space | 17.55% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: YOUR-55E5F9E3D2Current User Name: HP_AdministratorLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 Days [Processes - Safe List]acrotray.exe -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe -> [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)agrsmmsg.exe -> C:\WINDOWS\AGRSMMSG.exe -> [2004/06/29 13:06:38 | 00,088,363 | ---- | M] (Agere Systems)alcmtr.exe -> C:\WINDOWS\ALCMTR.EXE -> [2005/04/12 04:10:22 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.)applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)avgnt.exe -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH)avguard.exe -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH)ehmsas.exe -> C:\WINDOWS\eHome\ehmsas.exe -> [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)ehtray.exe -> C:\WINDOWS\ehome\ehtray.exe -> [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)fcc32.exe -> C:\Program Files\FirstClass\fcc32.exe -> [2008/03/04 17:20:08 | 12,055,912 | ---- | M] (Open Text Inc.)firefox.exe -> C:\program files\mozilla firefox\firefox.exe -> [2009/06/13 07:57:50 | 00,307,704 | ---- | M] (Mozilla Corporation)googleupdate.exe -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/04/15 16:10:51 | 00,133,104 | ---- | M] (Google Inc.)hkcmd.exe -> C:\WINDOWS\System32\hkcmd.exe -> [2005/04/05 17:19:18 | 00,077,824 | ---- | M] (Intel Corporation)hphmon06.exe -> C:\WINDOWS\System32\hphmon06.exe -> [2004/06/07 14:42:30 | 00,659,456 | ---- | M] (Hewlett-Packard)hpsysdrv.exe -> c:\windows\system\hpsysdrv.exe -> [1998/05/07 12:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)igfxpers.exe -> C:\WINDOWS\System32\igfxpers.exe -> [2005/04/05 17:23:14 | 00,114,688 | ---- | M] (Intel Corporation)intuitupdateservice.exe -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.)issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2004/07/28 02:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.)jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)jucheck.exe -> C:\Program Files\Java\jre6\bin\jucheck.exe -> [2009/03/09 05:19:24 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.)jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)kbd.exe -> C:\HP\KBD\KBD.EXE -> [2005/02/02 18:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)limewire.exe -> C:\Program Files\LimeWire\LimeWire.exe -> [2009/03/10 16:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC)lssrvc.exe -> c:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2005/03/17 11:17:34 | 00,038,912 | ---- | M] ()mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)objectdock.exe -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe -> [2007/04/30 20:43:54 | 03,450,608 | ---- | M] (Stardock)ots.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTS.exe -> [2009/06/16 19:59:46 | 00,507,392 | ---- | M] (OldTimer Tools)qttask.exe -> C:\Program Files\QuickTime\QTTask.exe -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2005/04/13 02:21:02 | 14,156,800 | ---- | M] (Realtek Semiconductor Corp.)sched.exe -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) [Win32 Services - Safe List](AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH)(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH)(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/06/05 20:53:02 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.)(gupdate1c9be064eac8982) Google Update Service (gupdate1c9be064eac8982) [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/04/15 16:10:51 | 00,133,104 | ---- | M] (Google Inc.)(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/25 11:39:23 | 00,183,280 | ---- | M] (Google)(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 13:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)(IntuitUpdateService) Intuit Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.)(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2005/03/17 11:17:34 | 00,038,912 | ---- | M] ()(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 14:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\HPZipm12.exe -> [2004/09/29 22:14:36 | 00,069,632 | ---- | M] (HP)(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List](Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\Afc.sys -> [2005/02/22 22:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.)(AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\AFS2K.SYS -> [2004/10/07 21:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.)(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\AGRSM.sys -> [2004/06/29 13:07:18 | 01,268,204 | ---- | M] (Agere Systems)(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2009/05/27 21:13:37 | 00,011,608 | ---- | M] (Avira GmbH)(avgntflt) avgntflt [File_System | On_Demand | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2009/05/27 21:13:39 | 00,052,056 | ---- | M] (Avira GmbH)(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\avipbb.sys -> [2009/05/27 21:13:44 | 00,075,096 | ---- | M] (Avira GmbH)(CXFALCON) Conexant Falcon II NTSC Video Capture [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\cxfalcon.sys -> [2005/04/11 20:22:14 | 00,085,248 | ---- | M] (Conexant Systems, Inc.)(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\e100b325.sys -> [2004/10/14 18:30:46 | 00,155,648 | ---- | M] (Intel Corporation)(fasttx2k) fasttx2k [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -> [2003/12/02 21:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.)(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider)(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2007/03/08 00:20:48 | 00,049,920 | R--- | M] (HP)(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2007/03/08 00:20:49 | 00,016,496 | R--- | M] (HP)(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2007/03/08 00:20:50 | 00,021,568 | R--- | M] (HP)(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -> [2005/04/05 17:46:28 | 00,830,684 | ---- | M] (Intel Corporation)(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2005/04/15 21:05:42 | 02,564,032 | ---- | M] (Realtek Semiconductor Corp.)(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\IrBus.sys -> [2008/04/13 14:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation)(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\PS2.sys -> [2001/06/04 09:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company)(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/02/24 15:35:32 | 00,043,528 | ---- | M] (Sonic Solutions)(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -> [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -> [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH)(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\usbaapl.sys -> [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) [Registry - Safe List]< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerm...tf8&oe=utf8 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.netflix.com/MemberHome -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\prefs.js -> browser.search.defaultenginename -> "Yoog Search" ->browser.search.defaulturl -> "http://www28.yoog.com/search.php?q=" ->browser.search.selectedEngine -> "Yoog Search" ->browser.search.useDBForOrder -> true ->browser.startup.homepage -> "http://www28.yoog.com/" ->extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 ->extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->extensions.enabledItems -> [email protected]:2.22b ->extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.9 ->extensions.enabledItems -> {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.19 ->extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->extensions.enabledItems -> [email protected]:1.0 ->extensions.enabledItems -> [email protected]:1.0.0.071303000004 ->extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 ->keyword.URL -> "http://www28.yoog.com/search.php?q=" ->< FireFox Settings [User.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\user.js -> browser.startup.homepage -> "http://www28.yoog.com/" ->browser.search.selectedEngine -> "Yoog Search" ->keyword.URL -> "http://www28.yoog.com/search.php?q=" ->keyword.enabled -> true ->browser.search.defaultenginename -> "Yoog Search" ->browser.search.defaulturl -> "http://www28.yoog.com/search.php?q=" ->< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\MozillaHKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/07 18:41:37 | 00,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/13 07:57:55 | 00,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/06/13 07:57:54 | 00,000,000 | ---D | M]< FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions -> [2008/12/09 03:04:35 | 00,000,000 | ---D | M] -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/12/09 03:04:35 | 00,000,000 | ---D | M] -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\[email protected] -> [2008/12/09 03:04:35 | 00,000,000 | ---D | M] -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions -> [2009/06/13 07:58:13 | 00,098,988 | ---- | M] () -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2009/06/13 07:58:13 | 00,098,988 | ---- | M] () -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/06/13 07:58:13 | 00,098,988 | ---- | M] () -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/06/13 07:58:13 | 00,098,988 | ---- | M] () -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} -> [2009/06/13 07:58:13 | 00,098,988 | ---- | M] () -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\[email protected] -> [2009/06/13 07:58:13 | 00,098,988 | ---- | M] () -> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\[email protected] -> [2009/06/13 07:58:13 | 00,098,988 | ---- | M] ()< FireFox SearchPlugins [User Folders] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\searchplugins\ -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\searchplugins -> [2009/06/06 13:14:19 | 00,000,000 | ---D | M]userlogos.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\searchplugins\userlogos.xml -> [2009/01/06 09:07:19 | 00,001,447 | ---- | M] ()< FireFox Extensions [Program Folders] > -> -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/06/13 07:57:54 | 09,777,144 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/13 07:57:54 | 09,777,144 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/06/13 07:57:54 | 09,777,144 | ---- | M] (Mozilla Foundation)< FireFox Components [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/06/13 07:57:55 | 00,000,000 | ---D | M]browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/06/13 07:57:49 | 00,023,032 | ---- | M] (Mozilla Foundation)brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/06/13 07:57:50 | 00,134,648 | ---- | M] (Mozilla Foundation)< FireFox Plugins [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/06/13 07:57:54 | 00,000,000 | ---D | M]libdivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\libdivx.dll -> [2009/02/24 15:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)npCouponPrinter.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npCouponPrinter.dll -> [2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.)npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2009/02/24 15:34:14 | 01,337,648 | ---- | M] (DivX,Inc.)npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2009/02/24 15:34:14 | 00,001,607 | ---- | M] ()npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2009/02/24 15:34:22 | 00,098,304 | ---- | M] (DivX, Inc)npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/06/13 07:57:51 | 00,065,528 | ---- | M] (mozilla.org)nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.)npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/06/03 16:21:15 | 00,143,360 | ---- | M] (Apple Inc.)npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/06/03 16:21:15 | 00,143,360 | ---- | M] (Apple Inc.)npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2009/02/24 15:34:22 | 00,000,297 | ---- | M] ()QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/06/03 16:21:15 | 00,004,208 | ---- | M] ()ssldivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ssldivx.dll -> [2009/02/24 15:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)< FireFox SearchPlugins [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2008/12/09 02:32:12 | 00,000,000 | ---D | M]amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/10/30 02:00:50 | 00,001,394 | ---- | M] ()answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/10/30 02:00:50 | 00,002,193 | ---- | M] ()creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/10/30 02:00:50 | 00,001,534 | ---- | M] ()eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/10/30 02:00:50 | 00,002,343 | ---- | M] ()google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/10/30 02:00:50 | 00,001,706 | ---- | M] ()wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/10/30 02:00:50 | 00,001,178 | ---- | M] ()yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2008/10/30 02:00:50 | 00,000,792 | ---- | M] ()< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> Reset Hosts127.0.0.1 localhost< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated){AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated){AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/25 11:39:28 | 00,668,656 | ---- | M] (Google Inc.){DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java™ Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.){E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.){F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> [2003/11/21 15:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company)< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> [2003/11/21 15:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company)WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not foundWebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)WebBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> [2003/11/21 15:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company)< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found"Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)"Adobe Acrobat Speed Launcher" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2009/02/27 16:54:01 | 00,038,768 | ---- | M] (Adobe Systems Incorporated)"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2009/05/13 20:58:04 | 00,177,472 | ---- | M] (Apple Inc.)"avgnt" -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH)"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)"HotKeysCmds" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/04/05 17:19:18 | 00,077,824 | ---- | M] (Intel Corporation)"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2005/02/26 01:34:02 | 00,245,760 | ---- | M] (Hewlett-Packard Company)"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/28 02:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.)"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found"LSBWatcher" -> c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe] -> [2004/10/14 16:54:32 | 00,253,952 | ---- | M] (Hewlett-Packard Company)"Persistence" -> C:\WINDOWS\System32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/04/05 17:23:14 | 00,114,688 | ---- | M] (Intel Corporation)"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)"RTHDCPL" -> C:\WINDOWS\RTHDCPL.EXE [RTHDCPL.EXE] -> [2005/04/13 02:21:02 | 14,156,800 | ---- | M] (Realtek Semiconductor Corp.)"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk -> C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe -> [2007/10/02 14:16:42 | 01,283,608 | ---- | M] (Research In Motion Limited)< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 20:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe -> [2007/04/30 20:43:54 | 03,450,608 | ---- | M] (Stardock)< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDrives" ->

-> File not found\\"NoDriveAutoRun" -> [67108863] -> File not found\\"NoDriveTypeAutoRun" -> [323] -> File not found\\"HonorAutoRunSetting" -> [1] -> File not found\\"NoCDBurning" ->
-> File not found< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"dontdisplaylastusername" ->
-> File not found\\"legalnoticecaption" -> [] -> File not found\\"legalnoticetext" -> [] -> File not found\\"shutdownwithoutlogon" -> [1] -> File not found\\"undockwithoutlogon" -> [1] -> File not found\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found\\"DisableRegistryTools" ->
-> File not found\\"HideLegacyLogonScripts" ->
-> File not found\\"HideLogoffScripts" ->
-> File not found\\"RunLogonScriptSync" -> [1] -> File not found\\"RunStartupScriptSync" ->
-> File not found\\"HideStartupScripts" ->
-> File not found< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun" -> [323] -> File not found\\"NoDrives" ->
-> File not found\\"NoDriveAutoRun" -> [67108863] -> File not found< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"HideLegacyLogonScripts" ->
-> File not found\\"HideLogoffScripts" ->
-> File not found\\"HideStartupScripts" ->
-> File not found\\"RunLogonScriptSync" -> [1] -> File not found\\"RunStartupScriptSync" ->
-> File not found\\"DisableRegistryTools" ->
-> File not found< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation){2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation){92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation){E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Connection Help] -> [2008/10/26 11:49:55 | 00,000,735 | ---- | M] (){E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Connection Help] -> [2008/10/26 11:49:55 | 00,000,735 | ---- | M] (){e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation){FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation){FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> {E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"Script" [HKLM] -> [Reg Error: Key error.] -> File not found{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"ToolTip" [HKLM] -> [Reg Error: Key error.] -> File not foundCmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not foundCmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Connection Help] -> File not foundCmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix"" -> http://< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone.< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7411 domain(s) found. -> 57 domain(s) and sub-domain(s) not assigned to a zone.< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_13] -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_13] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_13] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3F7F3535-F65A-4C0A-91E0-2E428A73C22B}\\DhcpNameServer -> 192.168.1.1 (Intel® PRO/100 VE Network Connection) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/04/05 17:18:22 | 00,131,072 | ---- | M] (Intel Corporation)< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%ProgramFiles%\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes] -> [2009/05/30 12:30:22 | 14,073,640 | ---- | M] (Apple Inc.)"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)"C:\Program Files\BitLord\BitLord.exe" -> C:\Program Files\BitLord\BitLord.exe [C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord] -> [2005/05/06 20:47:08 | 02,224,128 | ---- | M] (www.BitLord.com)"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server] -> [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/05/30 12:30:22 | 14,073,640 | ---- | M] (Apple Inc.)"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/02/20 05:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company)"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2009/03/10 16:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC)"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation)"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> File not found"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion] -> [2005/05/16 20:38:56 | 00,045,056 | ---- | M] (Hewlett-Packard)"C:\Program Files\Verizon\Media Manager\MediaManager.exe" -> C:\Program Files\Verizon\Media Manager\MediaManager.exe [C:\Program Files\Verizon\Media Manager\MediaManager.exe:*:Enabled:Verizon Media Manager] -> [2007/10/19 11:22:26 | 01,400,832 | ---- | M] (Verizon Data Services Inc.)"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 20:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation)< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->"AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found< Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/05/16 21:09:08 | 00,000,100 | ---- | M] ()D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] ()< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{41d10103-c3f3-11dd-815e-0013d405f979}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d10103-c3f3-11dd-815e-0013d405f979}\Shell\{41d10103-c3f3-11dd-815e-0013d405f979}\Shell\\"" -> [AutoRun] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d10103-c3f3-11dd-815e-0013d405f979}\Shell\AutoRun\{41d10103-c3f3-11dd-815e-0013d405f979}\Shell\AutoRun\\"" -> [Auto&Play] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d10103-c3f3-11dd-815e-0013d405f979}\Shell\AutoRun\command\{41d10103-c3f3-11dd-815e-0013d405f979}\Shell\AutoRun\command\\"" -> L:\LaunchU3.exe [L:\LaunchU3.exe -a] -> File not found\{92d34e60-b7d7-11dd-814e-0013d405f979}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92d34e60-b7d7-11dd-814e-0013d405f979}\Shell\{92d34e60-b7d7-11dd-814e-0013d405f979}\Shell\\"" -> [AutoRun] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92d34e60-b7d7-11dd-814e-0013d405f979}\Shell\AutoRun\{92d34e60-b7d7-11dd-814e-0013d405f979}\Shell\AutoRun\\"" -> [Auto&Play] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92d34e60-b7d7-11dd-814e-0013d405f979}\Shell\AutoRun\command\{92d34e60-b7d7-11dd-814e-0013d405f979}\Shell

guestolo · « **Reply #7 on:** June 16, 2009, 10:26:38 PM »

Double-click on OTS.exe to start the program (if you're running Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says Paste fix here, then click the [color=\"#2E8B57\"]Run Fix[/color] button.

Code: [Select]

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> alcmtr.exe -> C:\WINDOWS\ALCMTR.EXE
YN -> limewire.exe -> C:\Program Files\LimeWire\LimeWire.exe
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\prefs.js
YN -> browser.search.defaultenginename -> "Yoog Search"
YN -> browser.search.defaulturl -> "http://www28.yoog.com/search.php?q="
YN -> browser.search.selectedEngine -> "Yoog Search"
YN -> browser.startup.homepage -> "http://www28.yoog.com/"
YN -> keyword.URL -> "http://www28.yoog.com/search.php?q="
< FireFox Settings [User.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\user.js
YN -> browser.startup.homepage -> "http://www28.yoog.com/"
YN -> browser.search.selectedEngine -> "Yoog Search"
YN -> keyword.URL -> "http://www28.yoog.com/search.php?q="
YN -> keyword.enabled -> true
YN -> browser.search.defaultenginename -> "Yoog Search"
YN -> browser.search.defaulturl -> "http://www28.yoog.com/search.php?q="
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
[Empty Temp Folders]
[Start Explorer]
[Reboot]

* If it's finished :-
Click the Ok button and Notepad will open with a log.
Post that information back here please.

* If a reboot is required :-
Click the Yes button to reboot the machine.
After the reboot, OTS will finish moving any files that couldn't be moved during the fix and NotePad will open with the final results.
Post that information back here please.

In addition:
You have Malwarebytes' Anti-Malware installed
Can you open your copy and "Check For Updates"
Then run a Quick Scan
If it finds anything remove selected and post it's log too

Andy k · « **Reply #8 on:** June 17, 2009, 02:13:30 PM »

Malwarebytes' Anti-Malware 1.38
Database version: 2298
Windows 5.1.2600 Service Pack 3

6/17/2009 3:12:51 PM
mbam-log-2009-06-17 (15-12-51).txt

Scan type: Quick Scan
Objects scanned: 115639
Time elapsed: 14 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

guestolo · « **Reply #9 on:** June 17, 2009, 11:54:05 PM »

Quote

* If it's finished :-
Click the Ok button and Notepad will open with a log.
Post that information back here please.

* If a reboot is required :-
Click the Yes button to reboot the machine.
After the reboot, OTS will finish moving any files that couldn't be moved during the fix and NotePad will open with the final results.
Post that information back here please.

Sorry, can't help if you don't keep me informed how things are running and post the logs I asked for?

Andy k · « **Reply #10 on:** June 28, 2009, 01:21:45 PM »

apologies, the power supply on the tower in question kicked the bucket.

here are the logs you were asking for:

Process Explorer.EXE killed successfully!
[Processes - Safe List]
Process alcmtr.exe killed successfully!
Process limewire.exe killed successfully!
[Registry - Safe List]
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www28.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: "http://www28.yoog.com/" removed from browser.startup.homepage
Prefs.js: "http://www28.yoog.com/search.php?q=" removed from keyword.URL
User.js: "http://www28.yoog.com/" removed from browser.startup.homepage
User.js: "Yoog Search" removed from browser.search.selectedEngine
User.js: "http://www28.yoog.com/search.php?q=" removed from keyword.URL
User.js: true removed from keyword.enabled
User.js: "Yoog Search" removed from browser.search.defaultenginename
User.js: "http://www28.yoog.com/search.php?q=" removed from browser.search.defaulturl
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
[Empty Temp Folders]

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: HP_Administrator
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\etilqs_44VcqY7NVkuD0fV9FinD scheduled to be deleted on reboot.
->Temp folder emptied: 77994 bytes
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 10816025 bytes
->Java cache emptied: 14449080 bytes
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 60068863 bytes
->Google Chrome cache emptied: 341932 bytes

User: Joe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 8268 bytes
->FireFox cache emptied: 41006577 bytes

User: Lisa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43374926 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 166929 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 130143 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_860.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 28631006 bytes

RecycleBin emptied: 24407318 bytes

Total Files Cleaned = 511.04 mb

< End of fix log >
OTS by OldTimer - Version 3.0.5.3 fix logfile created on 06282009_122334

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\etilqs_44VcqY7NVkuD0fV9FinD not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7m94z3n.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_860.dat not found!

Registry entries deleted on Reboot...

And:

Avira AntiVir Personal
Report file date: Sunday, June 28, 2009 12:29

Scanning for 1431423 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-55E5F9E3D2

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 5/15/2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 21:38:31
ANTIVIR2.VDF : 7.1.4.133 2048 Bytes 6/24/2009 21:38:31
ANTIVIR3.VDF : 7.1.4.145 108032 Bytes 6/28/2009 16:28:09
Engineversion : 8.2.0.199
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/1/2009 00:38:21
AESCRIPT.DLL : 8.1.2.10 418171 Bytes 6/27/2009 21:38:37
AESCN.DLL : 8.1.2.3 127347 Bytes 5/16/2009 00:47:11
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/28/2009 01:13:43
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/17/2009 18:38:16
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 6/27/2009 21:38:36
AEHELP.DLL : 8.1.3.6 205174 Bytes 6/11/2009 18:02:41
AEGEN.DLL : 8.1.1.46 348533 Bytes 6/27/2009 21:38:33
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.6.12 180599 Bytes 5/28/2009 01:13:42
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 4/21/2009 00:37:53
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, June 28, 2009 12:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'acrodist.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'acrobat_sl.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LSBurnWatcher.exe' - '1' Module(s) have been scanned
Scan process 'HPBootOp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '66' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
D:\I386\Apps\APP15492\src\SpyInstall_HPPre.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4ac0b199.qua'!

End of the scan: Sunday, June 28, 2009 14:07
Used time: 1:37:45 Hour(s)

The scan has been done completely.

21482 Scanning directories
864685 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
864682 Files not concerned
18033 Archives were scanned
6 Warnings
1 Notes

guestolo · « **Reply #11 on:** June 28, 2009, 01:28:37 PM »

Since it's been awhile, can you run a Fresh scan with OTS.exe as I supplied ealier in Post #6 and supply a new log

Is there any more Yoog problem?

Andy k · « **Reply #12 on:** June 28, 2009, 06:48:39 PM »

Both the OTS and the Avira scan are from earlier today. Yoog no longer comes up as the home page but its still the designated search engine for the main address bar. If I type something generic in there it brings up Yoog results instead of anything else.

guestolo · « **Reply #13 on:** June 28, 2009, 09:37:15 PM »

I don't think you understood, I wanted you to run a fresh scan with OTS.exe and post the new log
You posted the results of the last FIX from OTS.exe

Andy k · « **Reply #14 on:** June 29, 2009, 06:57:50 PM »

woops, I totally misunderstood

here ya go
[code]
OTS logfile created on: 6/29/2009 7:52:03 PM - Run 2
OTS by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 503.36 Mb Available Physical Memory | 49.62% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 182.72 Gb Free Space | 81.26% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.41 Gb Free Space | 17.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
acrotray.exe -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe -> [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)
agrsmmsg.exe -> C:\WINDOWS\AGRSMMSG.exe -> [2004/06/29 13:06:38 | 00,088,363 | ---- | M] (Agere Systems)
alcmtr.exe -> C:\WINDOWS\ALCMTR.EXE -> [2005/04/12 04:10:22 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
avgnt.exe -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avguard.exe -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
ehmsas.exe -> C:\WINDOWS\eHome\ehmsas.exe -> [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\WINDOWS\ehome\ehtray.exe -> [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\program files\mozilla firefox\firefox.exe -> [2009/06/13 07:57:50 | 00,307,704 | ---- | M] (Mozilla Corporation)
googleupdate.exe -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/04/15 16:10:51 | 00,133,104 | ---- | M] (Google Inc.)
hphmon06.exe -> C:\WINDOWS\System32\hphmon06.exe -> [2004/06/07 14:42:30 | 00,659,456 | ---- | M] (Hewlett-Packard)
hpsysdrv.exe -> c:\windows\system\hpsysdrv.exe -> [1998/05/07 12:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
intuitupdateservice.exe -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2004/07/28 02:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> C:\HP\KBD\KBD.EXE -> [2005/02/02 18:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> c:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2005/03/17 11:17:34 | 00,038,912 | ---- | M] ()
mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
objectdock.exe -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe -> [2007/04/30 20:43:54 | 03,450,608 | ---- | M] (Stardock)
ots.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTS.exe -> [2009/06/16 19:59:46 | 00,507,392 | ---- | M] (OldTimer Tools)
sched.exe -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH)

[Win32 Services - Safe List]
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/06/05 20:53:02 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.)
(gupdate1c9be064eac8982) Google Update Service (gupdate1c9be064eac8982) [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/04/15 16:10:51 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/25 11:39:23 | 00,183,280 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 13:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(IntuitUpdateService) Intuit Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2005/03/17 11:17:34 | 00,038,912 | ---- | M] ()
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 14:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\HPZipm12.exe -> [2004/09/29 22:14:36 | 00,069,632 | ---- | M] (HP)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\Afc.sys -> [2005/02/22 22:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.)
(AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\AFS2K.SYS -> [2004/10/07 21:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\AGRSM.sys -> [2004/06/29 13:07:18 | 01,268,204 | ---- | M] (Agere Systems)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2009/05/27 21:13:37 | 00,011,608 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | On_Demand | Running] -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2009/05/27 21:13:39 | 00,052,056 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\avipbb.sys -> [2009/05/27 21:13:44 | 00,075,096 | ---- | M] (Avira GmbH)
(CXFALCON) Conexant Falcon II NTSC Video Capture [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\cxfalcon.sys -> [2005/04/11 20:22:14 | 00,085,248 | ---- | M] (Conexant Systems, Inc.)
(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\e100b325.sys -> [2004/10/14 18:30:46 | 00,155,648 | ---- | M] (Intel Corporation)
(fasttx2k) fasttx2k [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -> [2003/12/02 21:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2007/03/08 00:20:48 | 00,049,920 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2007/03/08 00:20:49 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2007/03/08 00:20:50 | 00,021,568 | R--- | M] (HP)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -> [2005/04/05 17:46:28 | 00,830,684 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2005/04/15 21:05:42 | 02,564,032 | ---- | M] (Realtek Semiconductor Corp.)
(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\IrBus.sys -> [2008/04/13 14:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\PS2.sys -> [2001/06/04 09:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/02/24 15:35:32 | 00,043,528 | ---- | M] (Sonic Solutions)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -> [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -> [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\usbaapl.sys -> [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_USERS\.DEFAULT\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_USERS\.DEFAULT\: SearchURL\\"" -> ->
HKEY_USERS\.DEFAULT\: SearchURL\\"provider" -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_USERS\S-1-5-18\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_USERS\S-1-5-18\: SearchURL\\"" -> ->
HKEY_USERS\S-1-5-18\: SearchURL\\"provider" -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\] > -> ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: Main\\"Page_Transitions" -> 1 ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerm...tf8&oe=utf8 ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: Main\\"Start Page" -> http://www.netflix.com/MemberHome ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\prefs.js ->
browser.search.defaultenginename -> "" ->
browser.search.defaulturl -> "" ->
browser.search.selectedEngine -> "" ->
browser.search.useDBForOrder -> true ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> [email protected]:2.22b ->
extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 ->
extensions.enabledItems -> {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22 ->
extensions.enabledItems -> {10187899-7ffe-4f9a-b9d2-35fdb3b49690}:0.5 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> [email protected]:1.0.0.071303000004 ->
extensions.enabledItems -> [email protected]:1.0.3 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 ->
keyword.URL -> "http://www28.yoog.com/search.php?q=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\user.js ->
browser.startup.homepage -> "" ->
browser.search.selectedEngine -> "" ->
browser.search.defaultenginename -> "" ->
browser.search.defaulturl -> "" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/13 07:57:55 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/06/13 07:57:54 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions -> [2008/12/09 03:04:35 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/12/09 03:04:35 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\[email protected] -> [2008/12/09 03:04:35 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{10187899-7ffe-4f9a-b9d2-35fdb3b49690} -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\[email protected] -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\[email protected] -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
-> C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\w7m94z3n.default\extensions\[email protected] -> [2009/06/27 17:51:27 | 00,098,988 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\searchplugins\ -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\searchplugins -> [2009/06/17 15:12:38 | 00,000,000 | ---D | M]
imdb.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\w7m94z3n.default\searchplugins\imdb.xml -> [2009/06/17 15:12:38 | 00,001,504 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/06/13 07:57:54 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/13 07:57:54 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/06/13 07:57:54 | 09,777,144 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/06/13 07:57:55 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/06/13 07:57:49 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/06/13 07:57:50 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/06/13 07:57:54 | 00,000,000 | ---D | M]
libdivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\libdivx.dll -> [2009/02/24 15:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
npCouponPrinter.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npCouponPrinter.dll -> [2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2009/02/24 15:34:14 | 01,337,648 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2009/02/24 15:34:14 | 00,001,607 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2009/02/24 15:34:22 | 00,098,304 | ---- | M] (DivX, Inc)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/06/13 07:57:51 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/06/03 16:21:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/06/03 16:21:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/06/03 16:21:16 | 00,143,360 | ---- | M] (Apple Inc.)
nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2009/02/24 15:34:22 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/06/03 16:21:15 | 00,004,208 | ---- | M] ()
ssldivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ssldivx.dll -> [2009/02/24 15:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2008/12/09 02:32:12 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/10/30 02:00:50 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/10/30 02:00:50 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/10/30 02:00:50 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/10/30 02:00:50 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/10/30 02:00:50 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/10/30 02:00:50 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2008/10/30 02:00:50 | 00,000,792 | ---- | M] ()
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/25 11:39:28 | 00,668,656 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> [2003/11/21 15:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> [2003/11/21 15:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company)
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> [2003/11/21 15:26:28 | 00,098,304 | ---- | M] (Hewlett-Packard Company)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)
"Adobe Acrobat Speed Launcher" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2009/02/27 16:54:01 | 00,038,768 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2009/05/13 20:58:04 | 00,177,472 | ---- | M] (Apple Inc.)
"avgnt" -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2005/02/26 01:34:02 | 00,245,760 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/28 02:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"LSBWatcher" -> c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe] -> [2004/10/14 16:54:32 | 00,253,952 | ---- | M] (Hewlett-Packard Company)
< Run [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk -> C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe -> [2007/10/02 14:16:42 | 01,283,608 | ---- | M] (Research In Motion Limited)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 20:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe -> [2007/04/30 20:43:54 | 03,450,608 | ---- | M] (Stardock)
< Joe Startup Folder > -> C:\Documents and Settings\Joe\Start Menu\Programs\Startup ->
< Lisa Startup Folder > -> C:\Documents and Settings\Lisa\Start Menu\Programs\Startup ->
C:\Documents and Settings\Lisa\Start Menu\Programs\Startup\Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe -> [2007/04/30 20:43:54 | 03,450,608 | ---- | M] (Stardock)
< Software Policy Settings [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->

-> File not found

\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" ->

-> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->

-> File not found

\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" ->

-> File not found

\\"HideLegacyLogonScripts" ->

-> File not found

\\"HideLogoffScripts" ->

-> File not found

\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" ->

-> File not found

\\"HideStartupScripts" ->

-> File not found

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" ->

-> File not found

\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"HideLegacyLogonScripts" ->

-> File not found

\\"HideLogoffScripts" ->

-> File not found

\\"HideStartupScripts" ->

-> File not found

\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" ->

-> File not found

\\"DisableRegistryTools" ->

-> File not found

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Connection Help] -> [2008/10/26 11:49:55 | 00,000,735 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Connection Help] -> [2008/10/26 11:49:55 | 00,000,735 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\Extensions\ ->
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"Script" [HKLM] -> [Reg Error: Key error.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\"ToolTip" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4801 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4801 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4801 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4801 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7411 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\] > -> HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> [url=\"http://java.sun.com/update/1.6.0/jinstall-1

guestolo · « **Reply #15 on:** July 01, 2009, 03:02:55 PM »

Let's try another tool, same kind of idea of what we've been using, but Rorschach112 has been working on a more general fix for Yoog
Can you delete OTS.exe on your desktop first

Then

Download [color=\"#FF0000\"]OTL[/color][/url] to your desktop.
Double click on the icon to run it.
Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, paste in the entire contents of the Code box below, starting with :OTL, not including the work code

Code: [Select]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www3.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www5.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www6.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www7.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www8.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www9.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www10.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www11.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www13.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www14.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www15.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www26.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www28.yoog.com/
FF - prefs.js..browser.search.defaulturl: "http://www28.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www28.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www28.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www28.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..keyword.URL: "http://www14.yoog.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www14.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www8.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www8.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www8.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www8.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www5.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www7.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www7.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www7.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www7.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www13.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www13.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www3.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www3.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www3.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www3.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www10.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www10.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www11.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www11.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www11.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www11.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www2.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www2.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www2.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www2.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www26.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www26.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www26.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www26.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www5.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www5.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www5.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www5.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www1.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www1.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www6.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www6.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www6.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www6.yoog.com/search.php?q="
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true

:Files
%ProgramFiles%\IEToolbar
%ProgramFiles%\Mozilla Firefox\components\nsadzgalore.dll
%ProgramFiles%\Mozilla Firefox\components\nsadsoftinc.dll
%ProgramFiles%\Mozilla Firefox\components\nsBrowserOpt.dll
%ProgramFiles%\Mozilla Firefox\searchplugins\Yoog.xml
%ProgramFiles%\Mozilla Firefox\components\nsBrowserDc.dll
%ProgramFiles%\Mozilla Firefox\components\nsdcads.dll
%APPDATA%\Mozilla\Firefox\Profiles\Yoog Search.xml /s
%PROGRAMFILES%\Mozilla Firefox\components\mexmgzdhgnvqilpib.dll
%SystemRoot%\system32\mexmgzdhgnvqilpib.dll
%PROGRAMFILES%\mozilla firefox\components\zvakwomxas.dll
%SystemRoot%\system32\zawcukanoit.exe
%SystemRoot%\System32\lkvwtxiako.dll  
%SystemRoot%\system32\zvakwomxas.dll
%SystemRoot%\system32\dgbzetddjouspgzqz.dll
%SystemRoot%\System32\nsn*.dll
%SystemRoot%\nmwi*.exe
%SystemRoot%\system32\nsx*.dll
%SystemRoot%\system32\nsj*.dll
%SystemRoot%\system32\nsv*.dll
%systemroot%\system32\nsf*.dll
%systemroot%\mutfp*.exe
%systemroot%\obwu*.exe
%systemroot%\ntaj*.exe
%systemroot%\nwuhr*.exe
%systemroot%\System32\nss*.dll
%SystemRoot%\system32\*-uninst.exe
%SystemRoot%\system32\*-remove.exe
%systemroot%\system32\nsr*.dll
%systemroot%\reax*.exe
%systemroot%\giptf*.exe
%systemroot%\tkoo*.exe
%systemroot%\axjth*.exe
%systemroot%\ertbg*.exe
%systemroot%\jnnmp*.exe
%systemroot%\bprxe*.exe
%systemroot%\xwisg*.exe
%systemroot%\jpng*.exe
%systemroot%\fhsv*.exe
%systemroot%\dfmqc*.exe
%systemroot%\wgfp*.exe
%systemroot%\gweq*.exe
%systemroot%\pxwis*.exe
%systemroot%\fcvmq*.exe
%systemroot%\System32\hfkxlchuhv.dll
%systemroot%\System32\nst*.dll
%systemroot%\dmkv*.exe
%systemroot%\system32\nseE*.dll
%systemroot%\System32\nsk*.dll
%systemroot%\system32\mexmgzdhgnvqilpib.dll
%systemroot%\system32\ibgyxrpdcrlay.dll
%systemroot%\system32\ympweffizcodl.exe
%systemroot%\kdiue732.txt
%systemroot%\system32\jmcvcflmiugsrfia.exe
%PROGRAMFILES%\VnrBlock
%PROGRAMFILES%\iCheck
%systemroot%\tvilp*.exe
%systemroot%\itqot*.exe
%systemroot%\system32\wskuofzpxkxdb.exe
%systemroot%\tutvo*.exe
%systemroot%\hsep*.exe
%systemroot%\system32\pihtwcdtsghokinvg.dll
%systemroot%\system32\juluypfvhofv.dll
%systemroot%\system32\nsi*.dll
%systemroot%\system32\nsl*.dll
%systemroot%\system32\gchnamepziopknko.dll
%systemroot%\system32\pihtwcdtsghokinvg.dll
%systemroot%\system32\yprhhrqubcbujp.exe
%systemroot%\system32\ucicolizrhssr.dll
%systemroot%\system32\hiwdrlnk.exe
%systemroot%\System32\nsg*.dll
%systemroot%\System32\jifgoojjyhmkthcfk.dll
%USERPROFILE%\Start Menu\Programs\Startup\runit_32.lnk
%PROGRAMFILES%\runit
%systemroot%\System32\dsygtypzdloyoxivg.exe
%systemroot%\System32\qdfggdhhofhhylbfx.exe
%ProgramFiles%\mozilla firefox\components\??-?-?-?-???.dll
%systemroot%\System32\??-?-?-?-???.exe

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0d2e786-354b-fea1-8de7-883e7524e6d2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f20e8516-7d08-c1e3-e689-96d39bb42220}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad7781e6-d262-25f8-389d-967a6d974748}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B188763A-902C-98E9-780E-DAA0BF25BBFD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c18a538-eb55-9029-1fdb-37769fbefee2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58b39041-fe10-d989-5b61-50d6fe664b48}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994b5fb4-0103-44a6-b6b3-c73572b362bc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8217294-fa91-dd4d-ba56-4561001b63c8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{670b520c-3f08-4d72-94a5-047740c07766}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f9a905-789c-d4b1-d5d6-336920981691}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff6579-e7fe-8225-43c1-3fe7864edc62}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8217e11-e93b-fc21-7455-fea561f86263}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlhbxrcsmhodrzf]

:Commands
[purity]
[emptytemp]
[Reboot]

Close down ALL browser windows that are open, especially Firefox
Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
The fix should only take a few minutes to run. If it appears to freeze then try it again.

Post back the log that opens on startup, keep me informed of any problems
A copy of the log can also be found in the following folder>>C:\_OTL\MovedFiles

TheTechGuide Forum

News:

Author Topic: Back with a Yoog Problem (Read 2107 times)

Andy k

Back with a Yoog Problem

guestolo

Back with a Yoog Problem

Andy k

Back with a Yoog Problem

Solarstart

Back with a Yoog Problem

Andy k

Back with a Yoog Problem

guestolo

Back with a Yoog Problem

Andy k

Back with a Yoog Problem

guestolo

Back with a Yoog Problem

Andy k

Back with a Yoog Problem

guestolo

Back with a Yoog Problem

Andy k

Back with a Yoog Problem

guestolo

Back with a Yoog Problem

Andy k

Back with a Yoog Problem

guestolo

Back with a Yoog Problem

Andy k

Back with a Yoog Problem

guestolo

Back with a Yoog Problem