Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01 Ran by User (administrator) on D5SLXJ91 (09-04-2016 21:02:32) Running from C:\Documents and Settings\User\Desktop Loaded Profiles: User (Available Profiles: User & Administrator & Guest) Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (GRISOFT, s.r.o.) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.) C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (MyWebSearch.com) C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (MyWebSearch.com) C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3SRCHMN.EXE (Musicmatch, Inc.) C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Musicmatch, Inc.) C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe () C:\DOCUME~1\User\LOCALS~1\Temp\e.exe (Farbar) C:\Documents and Settings\User\Desktop\FRST (2).exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation) HKLM\...\Run: [igfxtray] => C:\WINDOWS\system32\igfxtray.exe [94208 2008-03-17] () HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2008-03-17] () HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2008-03-17] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.) HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.) HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2008-03-17] () HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2008-03-17] () HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2008-03-17] () HKLM\...\Run: [MimBoot] => C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe [8192 2005-09-08] (Musicmatch, Inc.) HKLM\...\Run: [MSKDetectorExe] => C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [1117184 2008-03-17] () HKLM\...\Run: [AVG7_CC] => C:\Program Files\Grisoft\AVG7\avgcc.exe [579072 2008-03-17] () HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185872 2008-10-20] (RealNetworks, Inc.) HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF HKLM\...\Run: [MyWebSearch Email Plugin] => C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [32838 2008-12-08] (MyWebSearch.com) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-11-04] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [290088 2008-11-20] (Apple Inc.) HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE [24688 2008-12-08] (MyWebSearch.com) HKLM\...\Run: [Kcesad] => rundll32.exe "C:\WINDOWS\Rbojevevukovi.dll",e HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Run: [Nrejidefayoq] => rundll32.exe "C:\WINDOWS\iwowuvubomure.dll",e HKLM\...\Run: [dutuzisab] => Rundll32.exe "c:\windows\system32\wazuhope.dll",a HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, HKLM\...\Winlogon: [Shell] Explorer.exe logon.exe [x ] () Winlogon\Notify\20190562517: C:\WINDOWS\System32\dssenh32.dll [2009-02-01] () Winlogon\Notify\__c00F4C32: C:\WINDOWS\system32\__c00F4C32.dat [2009-10-24] () HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-19\...\Run: [AVG7_Run] => C:\Program Files\Grisoft\AVG7\avgw.exe [219136 2008-02-27] (GRISOFT, s.r.o.) HKU\S-1-5-20\...\Run: [AVG7_Run] => C:\Program Files\Grisoft\AVG7\avgw.exe [219136 2008-02-27] (GRISOFT, s.r.o.) HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-06-22] (Google Inc.) HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation) HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [Yahoo! Pager] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4670704 2007-08-30] (Yahoo! Inc.) HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [Aim6] => C:\Program Files\AIM6\aim6.exe [50528 2008-03-25] (AOL LLC) HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [DW6] => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [MyWebSearch Email Plugin] => C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [32838 2008-12-08] (MyWebSearch.com) HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [A00F6B3E048.exe] => C:\DOCUME~1\User\LOCALS~1\Temp\_A00F6B3E048.exe <===== ATTENTION HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Run: [PopRock] => C:\Documents and Settings\User\Local Settings\Temp\e.exe [152576 2009-10-24] () <===== ATTENTION HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Policies\Explorer\Run: [svcho] => C:\WINDOWS\svcho.exe [16896 2009-03-05] () HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe HKU\S-1-5-21-500823600-1963862842-10735164-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\CORELP~1.SCR [487424 2005-08-31] (Corel, Inc.) HKU\S-1-5-18\...\Run: [AVG7_Run] => C:\Program Files\Grisoft\AVG7\avgw.exe [219136 2008-02-27] (GRISOFT, s.r.o.) AppInit_DLLs: C:\WINDOWS\System32\dssenh32.dll => C:\WINDOWS\System32\dssenh32.dll [135168 2009-02-01] () AppInit_DLLs: ,leyoyoji.dll => C:\WINDOWS\system32\leyoyoji.dll [52224 2009-07-24] () AppInit_DLLs: c:\windows\system32\wazuhope.dll => c:\windows\system32\wazuhope.dll [89088 2009-07-24] () AppInit_DLLs: c:\windows\system32\sibofuda.dll => c:\windows\system32\sibofuda.dll [90112 2009-07-24] () Lsa: [Notification Packages] scecli jmp32g.dll wojajugi.dll SSODL: gakufisiv - {94ca385e-4a00-4b3a-bb66-5fb17c1832d8} - c:\windows\system32\wazuhope.dll () BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{16E5C3BA-A3AE-44FF-AC3E-3257597019DB}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb URLSearchHook: HKLM - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) URLSearchHook: HKU\S-1-5-21-500823600-1963862842-10735164-1005 - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) URLSearchHook: HKU\S-1-5-21-500823600-1963862842-10735164-1005 - AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) URLSearchHook: HKU\S-1-5-21-500823600-1963862842-10735164-1005 - Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) URLSearchHook: HKU\S-1-5-21-500823600-1963862842-10735164-1005 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com) SearchScopes: HKLM -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zz&o=other&gcht=rp SearchScopes: HKU\.DEFAULT -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zz&o=other&gcht=rp SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zz&o=other&gcht=rp SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {8EDDD76F-CE75-460B-B846-9A685E3EF34B} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {C133A094-347B-41CB-9BA5-3D8A80DD8583} URL = hxxp://www15.yoog.com/search.php?q={searchTerms} SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {C52F4C55-CD31-4C2D-BB8A-8C35F79B983A} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb BHO: MyWebSearch Search Assistant BHO -> {00A6FAF1-072E-44cf-8957-5838F569A31D} -> C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2008-12-08] (MyWebSearch.com) BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-18] (Yahoo! Inc.) BHO: mwsBar BHO -> {07B18EA1-A523-4961-B6BB-170DE4475CCA} -> C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-12-08] (MyWebSearch.com) BHO: snappyads browser enhancer -> {81CFA2BF-8FE8-2409-8FA6-A6B19037CBF7} -> C:\WINDOWS\system32\jlmjvkexubwmndts.dll [2009-10-01] () BHO: snappyads -> {86cf5349-d78b-95a4-f4bf-9bfc7f30548a} -> C:\WINDOWS\system32\f6f9f8be-a580-da3a-d24c-0c21c2c4cfda.dll [2009-08-21] () BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-07] (Google Inc.) BHO: BHO -> {C9C42510-9B21-41c1-9DCD-8382A2D07C61} -> C:\WINDOWS\system32\iehelper.dll [2009-03-05] () BHO: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll [2009-08-21] (Google Inc.) Toolbar: HKLM - Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-18] (Yahoo! Inc.) Toolbar: HKLM - AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07] (AOL LLC) Toolbar: HKLM - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-12-08] (MyWebSearch.com) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-07] (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-07] (Google Inc.) Toolbar: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-07] (Google Inc.) Toolbar: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-18] (Yahoo! Inc.) Toolbar: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07] (AOL LLC) Toolbar: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-12-08] (MyWebSearch.com) DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1D082E71-DF20-4AAF-863B-596428C49874} hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab FireFox: ======== FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default FF DefaultSearchEngine: Yoog Search FF DefaultSearchUrl: hxxp://www15.yoog.com/search.php?q= FF SelectedSearchEngine: Yoog Search FF Keyword.URL: hxxp://www15.yoog.com/search.php?q= FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2008-03-24] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-11-20] () FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2007-08-30] (Yahoo! Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071503000010.dll [2009-10-07] (Move Networks) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2008-10-20] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2008-10-20] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2008-10-20] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-05] (Google Inc.) FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2007-04-16] () FF Plugin HKU\S-1-5-21-500823600-1963862842-10735164-1005: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2008-03-24] () FF Plugin HKU\S-1-5-21-500823600-1963862842-10735164-1005: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071503000010.dll [2009-10-07] (Move Networks) FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\user.js [2016-04-09] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll [2008-12-08] (MyWebSearch.com) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008-12-24] (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-10-20] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008-12-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008-12-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008-12-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008-12-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-12-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008-12-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-12-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2008-10-20] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-10-20] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2007-04-16] () FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\searchplugins\aimsearch.xml [2008-05-23] FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\searchplugins\Yoog Search.xml [2009-10-01] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\AIM Search.xml [2008-05-20] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008-12-24] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008-12-24] FF Extension: AIM Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2008-05-23] [not signed] FF Extension: DOM Inspector - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [2008-12-24] [not signed] FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox [2009-09-30] [not signed] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-08-12] [not signed] FF Extension: Media Converter - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-02-18] [not signed] FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-07] [not signed] FF Extension: Move Media Player - C:\Documents and Settings\User\Application Data\Move Networks [2009-10-08] [not signed] FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2008-12-24] [not signed] FF Extension: XUL Cache - C:\Documents and Settings\User\Local Settings\Application Data\{56C43988-1EA4-4EDF-85F0-E561F583EFEA} [2009-03-04] [not signed] FF Extension: Yahoo! Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008-04-27] [not signed] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2008-10-20] [not signed] FF HKLM\...\Firefox\Extensions: [{56C43988-1EA4-4EDF-85F0-E561F583EFEA}] - C:\Documents and Settings\User\Local Settings\Application Data\{56C43988-1EA4-4EDF-85F0-E561F583EFEA} FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-02] [not signed] FF HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\User\Application Data\Move Networks FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2008-12-24] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2008-12-24] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2008-12-24] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2008-11-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2008-12-24] Chrome: ======= CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-05] CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-05] CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05] CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-05] CHR Extension: (Google Sheets) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-05] CHR Extension: (Google Docs Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-05]