Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

searchqu! how can I permanently delete? [Closed]


  • This topic is locked This topic is locked

#16
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
from OTL.txt:
OTL logfile created on: 12/14/2011 11:25:03 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Carolyn\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 147.39 Mb Available Physical Memory | 14.42% Memory free
2.40 Gb Paging File | 1.23 Gb Available in Paging File | 51.08% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 109.72 Gb Free Space | 76.03% Space Free | Partition Type: NTFS

Computer Name: HIGGINS | User Name: Carolyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 23:24:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carolyn\My Documents\Downloads\OTL (2).exe
PRC - [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/12 23:48:52 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/09 04:42:38 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/10/15 22:11:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/28 21:26:17 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/28 21:26:15 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/02/03 07:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/17 13:04:58 | 000,263,456 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2008/11/17 13:04:54 | 000,070,944 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 11:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/16 00:37:31 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/02/09 16:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/09/14 20:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/01/21 18:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/14 15:42:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/14 15:42:44 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/14 23:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 23:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 23:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 23:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 23:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 20:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/20 00:04:15 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/20 00:04:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/28 21:26:40 | 001,143,056 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll
MOD - [2009/04/23 23:33:48 | 000,139,264 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\Basis\program\nsldap32v50.dll
MOD - [2009/04/16 12:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll
MOD - [2009/04/16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/12/02 22:06:43 | 000,028,672 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\script.cav
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/12 11:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Unknown | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/28 21:26:15 | 000,723,632 | ---- | M] (COMODO) [Unknown | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () [Unknown | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/17 13:04:54 | 000,070,944 | ---- | M] (PC Tools) [Unknown | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Unknown | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Unknown | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/14 15:39:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D19A23CA-4E58-414F-BB90-691B33579F81}\MpKsl31cffb6c.sys -- (MpKsl31cffb6c)
DRV - [2011/12/14 07:03:48 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D19A23CA-4E58-414F-BB90-691B33579F81}\MpKslc929e47f.sys -- (MpKslc929e47f)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Unknown | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Unknown | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/07 10:01:34 | 000,134,344 | ---- | M] (COMODO) [File_System | Unknown | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/28 21:26:25 | 000,087,104 | ---- | M] (COMODO) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2010/01/28 21:26:24 | 000,025,160 | ---- | M] (COMODO) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/11/17 13:05:14 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2008/11/17 13:05:12 | 000,033,056 | ---- | M] (PC Tools) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2008/11/17 13:05:08 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/04/20 16:44:08 | 000,069,248 | ---- | M] (Mars Semiconductor Corp.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mr97320.sys -- (mr97320)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | Unknown | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/16 00:37:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/20 12:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosear...om/?useie5=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.mchsd.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = walledgarden.mchsd.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Radio TV 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=13&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.03.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23ec984e-464c-4a0c-a8df-f80cb8c090e1}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {f29557fd-78aa-40e6-aba8-9fa219764018}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - prefs.js..network.proxy.ftp: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.mchsd.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.ssl_port: 8000


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug2;version=2.0.0.0: C:\Program Files\RealArcade\npracplug2.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Carolyn\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/04/21 11:35:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/22 02:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 15:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 15:47:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Carolyn\Application Data\Move Networks [2009/10/11 19:49:23 | 000,000,000 | ---D | M]

[2011/12/05 07:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions
[2009/05/02 15:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/16 04:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011/12/05 07:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions
[2009/04/11 10:36:45 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011/12/05 07:09:18 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2009/05/27 17:50:27 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\chromifox@altmusictv.com
[2009/07/03 09:11:37 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\aim-search.xml
[2010/02/07 17:00:41 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\askcom.xml
[2010/11/29 07:10:42 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\bing-zugo.xml
[2010/12/30 17:21:42 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\conduit.xml
[2011/11/30 19:01:39 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\mypoints-search.xml
[2011/12/05 07:08:36 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\Search_Results.xml
[2011/12/06 15:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 06:37:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROLYN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZU3MSNT.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/22 05:49:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/22 05:49:57 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/19 06:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/09/27 11:42:12 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/09/27 11:42:12 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2011/12/05 07:08:36 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: RealArcade20 Mozilla Plugin (Enabled) = C:\Program Files\RealArcade\npracplug2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.7_0\
CHR - Extension: True Blood 2 = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgpnfphdpgfhegonhjbmajnfcnajdceb\1_0\

O1 HOSTS File: ([2009/04/11 18:18:07 | 000,001,070 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (ElnkBhoGuard Class) - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (ElnkScamBHO Class) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (Reg Error: Value error.) - {2220F2A2-672E-4EF4-AE44-B802D4E38795} - C:\WINDOWS\system32\ljJATMEX.dll File not found
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll (EarthLink, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll (EarthLink, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe ()
O4 - Startup: C:\Documents and Settings\Carolyn\Start Menu\Programs\Startup\IMVU.lnk = File not found
O4 - Startup: C:\Documents and Settings\Carolyn\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKfox000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: EarthLink Yahoo Search - C:\Program Files\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carolyn\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: toontown.com ([play] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD8535B6-108A-4252-832F-6F25B82A4B65}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\inbox - No CLSID value found
O18 - Protocol\Handler\rebinfo - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (yhbxys.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\latadeti.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:1 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ljJATMEX) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 20:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/14 07:04:43 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/12/06 15:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\AppData
[2011/12/05 07:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Ilivid Player
[2011/12/05 07:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/05 07:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/12/05 07:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\PackageAware
[2011/08/20 00:00:26 | 012,495,296 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/08/19 08:00:26 | 048,267,960 | ---- | C] (Flexera Software) -- C:\Program Files\PPTWinInstall.3.0.7.exe
[2011/07/19 21:55:04 | 000,589,664 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2010/11/24 14:48:06 | 005,389,804 | ---- | C] (Pipkins, Inc. ) -- C:\Program Files\PSRViewerSetup.exe
[2010/10/17 17:03:02 | 030,164,216 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin(2).exe
[2010/10/05 06:27:47 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(3).exe
[2010/10/05 06:20:41 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(2).exe
[2010/09/17 05:30:48 | 002,320,763 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\autoupdater(2).exe
[2010/06/26 10:52:32 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\CouponPrinter.exe
[2010/05/25 11:45:24 | 003,103,640 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup43.exe
[2010/02/24 19:08:09 | 006,667,584 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXWebPlayerInstaller.exe
[2009/12/25 20:07:32 | 000,410,624 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2009/12/05 04:53:59 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2009/10/30 20:21:40 | 004,301,928 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim(2).exe
[2009/10/30 20:18:23 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2009/10/29 16:39:46 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009/05/28 20:02:17 | 003,500,808 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2009/05/02 15:18:50 | 016,509,288 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2009/01/10 11:46:22 | 006,479,282 | ---- | C] (Ocucom) -- C:\Program Files\PrecastSetup.exe
[2008/12/03 19:36:45 | 004,283,512 | ---- | C] (W3i, LLC) -- C:\Program Files\ezvideos.exe
[2008/12/02 22:05:19 | 027,206,408 | ---- | C] (COMODO) -- C:\Program Files\CIS_Setup_3.5.55810.432_XP_Vista_x32.exe
[2007/01/20 12:50:31 | 005,971,432 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.1.exe
[2006/05/25 17:24:18 | 001,320,111 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabDecrypter29.exe

========== Files - Modified Within 30 Days ==========

[2011/12/14 23:16:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005UA.job
[2011/12/14 23:16:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005Core.job
[2011/12/14 23:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/12/14 17:44:37 | 000,006,686 | ---- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/14 17:44:37 | 000,000,152 | RHS- | M] () -- C:\WINDOWS\System32\3DC448A41C.sys
[2011/12/14 17:44:28 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\WordPerfect.lnk
[2011/12/14 17:03:31 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/12/14 15:44:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/14 15:41:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 15:38:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/14 13:56:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\MBR.dat
[2011/12/14 07:04:43 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/12/13 11:30:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/09 15:40:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/06 15:30:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/18 11:18:11 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\Google Chrome.lnk
[2011/11/18 11:18:11 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/12/14 15:42:29 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\Carolyn\Desktop\WordPerfect.lnk
[2011/12/14 13:56:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Carolyn\Desktop\MBR.dat
[2011/12/06 15:30:12 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/05 18:22:42 | 001,892,352 | ---- | C] () -- C:\WINDOWS\Win98Driver.exe
[2010/07/24 07:03:36 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/06/23 16:45:56 | 052,566,928 | ---- | C] () -- C:\Program Files\setup_av_free(2).exe
[2010/05/25 11:42:42 | 002,062,665 | ---- | C] () -- C:\Program Files\spywareguardsetup.exe
[2010/04/24 21:58:13 | 048,417,032 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2010/04/09 06:19:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/27 16:33:26 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\AutoGK.ini
[2010/03/27 16:22:29 | 012,341,641 | ---- | C] () -- C:\Program Files\AutoGordianKnot.2.55.Setup.exe
[2010/02/21 20:28:00 | 000,057,086 | ---- | C] () -- C:\Program Files\IowaWeatherMap.jpg
[2009/12/25 18:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Perl
[2009/12/25 18:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PageLibraries
[2009/12/25 18:47:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/25 09:03:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/19 19:34:16 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\FixVTS.ini
[2009/12/19 18:44:45 | 000,032,944 | ---- | C] () -- C:\Program Files\FixVTS1.603.zip
[2009/12/15 20:31:07 | 001,089,840 | ---- | C] () -- C:\Program Files\yahoomailuploader_0.5.exe
[2009/12/02 18:02:18 | 001,320,837 | ---- | C] () -- C:\Program Files\RADTools19q.exe
[2009/12/02 17:50:56 | 018,030,130 | ---- | C] () -- C:\Program Files\vlc-1.0.3-win32.exe
[2009/11/15 15:34:40 | 032,770,344 | ---- | C] () -- C:\Program Files\yahoo_cinematycoon2_tm6-3.exe
[2009/11/10 08:09:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/10 08:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/10/29 16:39:16 | 000,465,778 | ---- | C] () -- C:\Program Files\gp.xpi
[2009/10/04 07:35:46 | 000,000,593 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2009/10/04 07:35:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/10/04 07:30:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/08/18 09:17:07 | 000,284,184 | ---- | C] () -- C:\Program Files\PopCapPluginInstaller_v2_en.exe
[2009/08/18 09:14:34 | 057,604,344 | ---- | C] () -- C:\Program Files\BWAVol2Setup_1_1.exe
[2009/06/12 14:38:22 | 001,104,331 | ---- | C] () -- C:\Program Files\Genevieve Jr Miss Louisa County.jpg
[2009/06/08 08:32:36 | 000,291,180 | ---- | C] () -- C:\Program Files\myspace_cube.pdf
[2009/06/08 08:30:56 | 000,404,712 | ---- | C] () -- C:\Program Files\myspace_calendar.pdf
[2009/06/07 11:01:57 | 025,083,936 | ---- | C] () -- C:\Program Files\yahoo_annasicecream_tm6-3.exe
[2009/05/11 12:14:45 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/11 18:17:50 | 001,403,901 | -HS- | C] () -- C:\WINDOWS\System32\epenilek.ini
[2009/01/25 15:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 17:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/30 20:08:46 | 000,907,380 | -HS- | C] () -- C:\WINDOWS\System32\XEMTAJjl.ini
[2008/11/30 20:08:46 | 000,907,313 | -HS- | C] () -- C:\WINDOWS\System32\XEMTAJjl.ini2
[2008/10/18 16:49:28 | 000,343,235 | ---- | C] () -- C:\Program Files\GuiStyle.exe
[2008/10/03 18:58:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/19 18:24:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/02/15 15:50:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/11/20 18:20:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/07/15 09:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/10 12:40:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr320exd.dll
[2007/04/03 17:45:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mr320exv.dll
[2007/03/24 13:25:58 | 000,202,071 | ---- | C] () -- C:\Program Files\RipIt4Me.zip
[2007/01/21 07:48:08 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/04 15:06:42 | 000,128,000 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2006/09/17 09:54:55 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1CA448C43D.sys
[2006/08/27 08:18:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/10 13:05:45 | 004,445,923 | ---- | C] () -- C:\Program Files\superman_ss_osx.sit.hqx
[2006/07/03 17:06:06 | 000,000,108 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/06/23 15:16:55 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/06/13 11:19:41 | 000,398,376 | ---- | C] () -- C:\Program Files\msgr75us.exe
[2006/06/12 16:12:26 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/07 12:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/05/25 17:02:57 | 000,899,414 | ---- | C] () -- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
[2006/05/25 17:02:26 | 000,793,583 | ---- | C] () -- C:\Program Files\Classic_0.91.7.zip
[2006/05/25 16:48:38 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup.zip
[2006/04/30 14:30:17 | 003,645,968 | ---- | C] () -- C:\Program Files\123freesolitaire.exe
[2006/03/05 17:17:02 | 000,006,686 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/05 17:17:02 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\3DC448A41C.sys
[2006/02/26 06:55:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JPR.{PB
[2006/02/26 06:55:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JCM.{PB
[2006/02/20 22:03:25 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/20 17:55:02 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\fusioncache.dat
[2006/02/16 00:50:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/16 00:41:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/02/16 00:37:56 | 000,000,556 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 00:36:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/16 00:12:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/16 00:12:54 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/16 00:12:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,372,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/08/04 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/03/30 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2010/02/13 17:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/06 06:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/11/08 18:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/06/11 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/04/16 21:18:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/06/16 18:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2010/06/16 18:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2010/06/16 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup002
[2010/06/16 18:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup003
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dictionaries
[2008/07/16 07:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/03/29 14:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2007/11/30 10:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/11/30 11:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/12/25 18:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/11/30 12:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/10 08:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/06/08 16:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2006/07/14 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/02/02 16:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/12/14 15:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/07/03 08:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2006/06/07 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2011/06/04 22:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2006/12/21 21:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/30 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZangoSA
[2008/10/04 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/02/12 08:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/16 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Canon
[2011/04/22 05:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Catalina Marketing Corp
[2006/03/27 11:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\EA
[2011/02/27 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\eMusic
[2011/07/26 08:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\FrostWire
[2007/11/30 11:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GameHouse
[2008/11/30 20:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GetModule
[2009/03/30 18:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Graboid Inc
[2010/04/16 18:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Image Zone Express
[2011/09/30 11:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Inbox Toolbar
[2008/07/11 19:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Jane s Hotel
[2006/02/26 06:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Leadertech
[2009/12/25 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Nikon
[2011/05/28 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\OpenCandy
[2011/10/05 17:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\OpenOffice.org
[2008/09/18 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Opera
[2008/12/02 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PCToolsFirewallPlus
[2010/09/16 04:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips
[2010/09/16 04:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips-Songbird
[2008/08/08 17:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PlayFirst
[2011/07/11 10:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PreCast
[2008/10/04 15:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games
[2008/10/03 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games Plugin
[2007/04/22 14:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ri4mupdater
[2010/07/29 16:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\RipIt4Me
[2006/12/21 21:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ScamBlocker
[2007/11/23 14:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Simple Star
[2009/01/10 11:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Terrapin
[2008/10/14 16:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Uniblue
[2008/09/12 17:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Viewpoint
[2011/04/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Visan
[2009/11/21 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio
[2009/11/21 16:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio Viewer
[2009/09/07 07:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Walgreens
[2006/07/03 18:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\WebRenderer
[2006/07/01 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Wildfire
[2011/12/14 15:44:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/14 23:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680DD2F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5A35877
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C202A457
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Similar Topics: searchqu! how can I permanently delete? [Closed]     x


#17
havredave

havredave

    Trusted Helper

  • Malware Removal
  • 860 posts
Fantastic, I was hoping that's what the problem would be. I'll be sure to help you fix the notepad issue as we progress.

Give me a bit of time to go through these logs, and I'll give you more to do. Hopefully this morning rather than later, but I help from work, so occasionally my time gets crunched pretty badly. I'm here with you for the duration though! :)
  • 0

#18
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
thanks! I appreciate any help you can give me....
  • 0

#19
havredave

havredave

    Trusted Helper

  • Malware Removal
  • 860 posts
Ok, I have some cleaning for you this time. Take your time, and do each step carefully. Please stop and ask if you have any questions about what you're reading or what comes up on your machine during the process.

First

I see that you have several security-related programs installed. However, a few of them conflict with one another if configured improperly.

Comodo Internet Security has an antivirus component, and it will conflict with Microsoft Security Essentials. Please pick one of the two to remove, and keep the other. The choice is yours, as they are both legitimate.


Second

These programs I'd like you to remove from your machine. Click start, click control panel, then click Add/Remove Programs. Wait for the window to come up and for its list to fill, then look for these programs to remove by clicking on them, then hitting the remove button:

Windows iLivid Toolbar
Viewpoint Media Player
ShopAtHome SelectRebates
Microsoft Antimalware
Tango

I strongly recommend you remove LimeWire and Frostwire from your computer while you're at it. Not only is it illegal to download copywritten files such as music, this type of Peer to Peer sharing software is quite dangerous because you really can't be sure of where the file is coming from, and whether or not it's infected. It's quite a bit safer all around to avoid their use.

While the following programs aren't necessary to uninstall, they are also unnecessary for the use of your machine, and might help your machine regain some of its lost performance. If you happen to know you use any of them, feel free to leave them installed. The Java program in specific is quite useful, but you should only keep version 6 update 29 (or 30, whichever is latest today) unless you have software that requires older versions. If you are unsure about any of the programs in this list, leave them there.

  • Ask Toolbar
  • EarthLink Toolbar
  • ASPCA Tri Reminder by We-Care.com v4.0.7.5
  • Ask Toolbar
  • Inbox Toolbar
  • RebateInformer
  • Bing Bar Platform
  • NetZeroInstallers
  • Bing Bar
  • Coupon Printer for Windows
  • Java 2 Runtime Environment, SE v1.4.2_03
  • J2SE Runtime Environment 5.0 Update 6
  • J2SE Runtime Environment 5.0 Update 9
  • J2SE Runtime Environment 5.0 Update 10
  • Java™ SE Runtime Environment 6 Update 1
  • Java™ 6 Update 2
  • Java™ 6 Update 3
  • Java™ 6 Update 15

Lastly

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    PRC - [2011/11/09 04:42:38 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosear...om/?useie5=1&q=
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q="
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
    FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.2
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    [2011/12/05 07:09:18 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    O2 - BHO: (Reg Error: Value error.) - {2220F2A2-672E-4EF4-AE44-B802D4E38795} - C:\WINDOWS\system32\ljJATMEX.dll File not found
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKCU..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP File not found
    O4 - Startup: C:\Documents and Settings\Carolyn\Start Menu\Programs\Startup\IMVU.lnk = File not found
    O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKfox000 File not found
    O18 - Protocol\Handler\inbox - No CLSID value found
    O18 - Protocol\Handler\rebinfo - No CLSID value found
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (yhbxys.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\latadeti.dll) - File not found
    O29 - HKLM SecurityProviders - (digeste.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ljJATMEX) - File not found
    
    :Files
    C:\Program Files\Windows iLivid Toolbar
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" =-
    
    :Commands
    [resethosts]
    [reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered; it will reboot the PC when it is done.
  • After rebooting, OTL should run and show you a log file. Please include it in your next reply.
  • Open OTL again and paste the following into the Custom Scans/Fixes box:
    /md5start
    notepad.*
    /md5stop
    
  • Next, click the Quick Scan button. Post the log it produces in your next reply.



Please post back with the requested new OTL.txt file, the results from the OTL fix, and do please let me know if you encountered any difficulties removing software in earlier steps.
  • 0

#20
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
the only programs I couldn't remove were Tango and Microsoft Antimalware. I'll look a little deeper later. on call and have to go to work. I've run the 1st OTL and now running w the notepad fix. I'll post that info later tonite. :)
  • 0

#21
havredave

havredave

    Trusted Helper

  • Malware Removal
  • 860 posts
Sounds great!

I'm heading home for the weekend in a little over an hour, but I'll do what I can to check on you often.

I can help you remove those other two programs as well, and we'll get to them after you're done with the current steps. :)
  • 0

#22
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
here is the OTL.txt from notepad :)

TL logfile created on: 12/16/2011 4:06:25 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Carolyn\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 249.22 Mb Available Physical Memory | 24.38% Memory free
2.40 Gb Paging File | 1.68 Gb Available in Paging File | 69.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 109.44 Gb Free Space | 75.84% Space Free | Partition Type: NTFS

Computer Name: HIGGINS | User Name: Carolyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 22:52:48 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/06 15:42:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carolyn\My Documents\Downloads\OTL.exe
PRC - [2011/10/15 22:11:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/02/03 07:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/17 13:04:58 | 000,263,456 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2008/11/17 13:04:54 | 000,070,944 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 11:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/02/16 00:37:31 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/02/09 16:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/09/23 21:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/09/14 20:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/01/21 18:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/16 16:03:47 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/16 16:03:45 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/07 05:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 05:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 05:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 05:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 05:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 01:22:33 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/20 00:04:15 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/20 00:04:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/04/16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/12 11:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/17 13:04:54 | 000,070,944 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/16 16:02:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C0C96A6-9E90-4F19-B550-67A1D324A43F}\MpKsl96a9773a.sys -- (MpKsl96a9773a)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/17 13:05:14 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2008/11/17 13:05:12 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2008/11/17 13:05:08 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/04/20 16:44:08 | 000,069,248 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97320.sys -- (mr97320)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/16 00:37:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/20 12:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.mchsd.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = walledgarden.mchsd.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Radio TV 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.03.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23ec984e-464c-4a0c-a8df-f80cb8c090e1}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {f29557fd-78aa-40e6-aba8-9fa219764018}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - prefs.js..network.proxy.ftp: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.mchsd.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.ssl_port: 8000


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug2;version=2.0.0.0: C:\Program Files\RealArcade\npracplug2.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Carolyn\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 15:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/16 15:25:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Carolyn\Application Data\Move Networks [2009/10/11 19:49:23 | 000,000,000 | ---D | M]

[2011/12/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions
[2009/05/02 15:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/16 04:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011/12/16 15:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions
[2009/04/11 10:36:45 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/05/27 17:50:27 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\chromifox@altmusictv.com
[2009/07/03 09:11:37 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\aim-search.xml
[2010/02/07 17:00:41 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\askcom.xml
[2010/11/29 07:10:42 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\bing-zugo.xml
[2010/12/30 17:21:42 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\conduit.xml
[2011/11/30 19:01:39 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\mypoints-search.xml
[2011/12/05 07:08:36 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\Search_Results.xml
[2011/12/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 06:37:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/22 05:49:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/22 05:49:57 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/19 06:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/09/27 11:42:12 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/09/27 11:42:12 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2011/12/05 07:08:36 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: RealArcade20 Mozilla Plugin (Enabled) = C:\Program Files\RealArcade\npracplug2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.7_0\
CHR - Extension: True Blood 2 = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgpnfphdpgfhegonhjbmajnfcnajdceb\1_0\

O1 HOSTS File: ([2011/12/16 16:00:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ElnkBhoGuard Class) - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (ElnkScamBHO Class) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll (EarthLink, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll (EarthLink, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe ()
O4 - Startup: C:\Documents and Settings\Carolyn\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: EarthLink Yahoo Search - C:\Program Files\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carolyn\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: toontown.com ([play] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD8535B6-108A-4252-832F-6F25B82A4B65}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:1 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 15:58:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/14 07:04:43 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/12/06 15:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\AppData
[2011/12/05 07:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Ilivid Player
[2011/12/05 07:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/05 07:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\PackageAware
[2011/08/20 00:00:26 | 012,495,296 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/08/19 08:00:26 | 048,267,960 | ---- | C] (Flexera Software) -- C:\Program Files\PPTWinInstall.3.0.7.exe
[2011/07/19 21:55:04 | 000,589,664 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2010/11/24 14:48:06 | 005,389,804 | ---- | C] (Pipkins, Inc. ) -- C:\Program Files\PSRViewerSetup.exe
[2010/10/17 17:03:02 | 030,164,216 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin(2).exe
[2010/10/05 06:27:47 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(3).exe
[2010/10/05 06:20:41 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(2).exe
[2010/09/17 05:30:48 | 002,320,763 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\autoupdater(2).exe
[2010/06/26 10:52:32 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\CouponPrinter.exe
[2010/05/25 11:45:24 | 003,103,640 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup43.exe
[2010/02/24 19:08:09 | 006,667,584 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXWebPlayerInstaller.exe
[2009/12/25 20:07:32 | 000,410,624 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2009/12/05 04:53:59 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2009/10/30 20:21:40 | 004,301,928 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim(2).exe
[2009/10/30 20:18:23 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2009/10/29 16:39:46 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009/05/28 20:02:17 | 003,500,808 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2009/05/02 15:18:50 | 016,509,288 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2009/01/10 11:46:22 | 006,479,282 | ---- | C] (Ocucom) -- C:\Program Files\PrecastSetup.exe
[2008/12/03 19:36:45 | 004,283,512 | ---- | C] (W3i, LLC) -- C:\Program Files\ezvideos.exe
[2008/12/02 22:05:19 | 027,206,408 | ---- | C] (COMODO) -- C:\Program Files\CIS_Setup_3.5.55810.432_XP_Vista_x32.exe
[2007/01/20 12:50:31 | 005,971,432 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.1.exe
[2006/05/25 17:24:18 | 001,320,111 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabDecrypter29.exe

========== Files - Modified Within 30 Days ==========

[2011/12/16 16:16:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005UA.job
[2011/12/16 16:07:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/16 16:04:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/16 16:01:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/16 16:00:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/16 15:40:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/16 15:23:25 | 000,000,612 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/12/16 09:52:38 | 000,006,686 | ---- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/16 09:52:38 | 000,000,152 | RHS- | M] () -- C:\WINDOWS\System32\3DC448A41C.sys
[2011/12/16 09:46:11 | 000,277,392 | ---- | M] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBSchCost.pdf
[2011/12/16 09:45:29 | 000,319,623 | ---- | M] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBAppAud.pdf
[2011/12/15 23:16:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005Core.job
[2011/12/15 15:41:32 | 001,922,031 | ---- | M] () -- C:\Documents and Settings\Carolyn\My Documents\rhyme_english.pdf
[2011/12/15 12:17:45 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\Google Chrome.lnk
[2011/12/15 12:17:45 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/15 03:15:51 | 000,372,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 00:19:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 17:44:28 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\WordPerfect.lnk
[2011/12/14 17:03:31 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/12/14 07:04:43 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/12/06 15:30:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/12/16 09:46:11 | 000,277,392 | ---- | C] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBSchCost.pdf
[2011/12/16 09:45:28 | 000,319,623 | ---- | C] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBAppAud.pdf
[2011/12/15 15:41:29 | 001,922,031 | ---- | C] () -- C:\Documents and Settings\Carolyn\My Documents\rhyme_english.pdf
[2011/12/14 15:42:29 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\Carolyn\Desktop\WordPerfect.lnk
[2011/12/06 15:30:12 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/05 18:22:42 | 001,892,352 | ---- | C] () -- C:\WINDOWS\Win98Driver.exe
[2010/07/24 07:03:36 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/06/23 16:45:56 | 052,566,928 | ---- | C] () -- C:\Program Files\setup_av_free(2).exe
[2010/05/25 11:42:42 | 002,062,665 | ---- | C] () -- C:\Program Files\spywareguardsetup.exe
[2010/04/24 21:58:13 | 048,417,032 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2010/04/09 06:19:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/27 16:33:26 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\AutoGK.ini
[2010/03/27 16:22:29 | 012,341,641 | ---- | C] () -- C:\Program Files\AutoGordianKnot.2.55.Setup.exe
[2010/02/21 20:28:00 | 000,057,086 | ---- | C] () -- C:\Program Files\IowaWeatherMap.jpg
[2009/12/25 18:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Perl
[2009/12/25 18:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PageLibraries
[2009/12/25 18:47:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/25 09:03:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/19 19:34:16 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\FixVTS.ini
[2009/12/19 18:44:45 | 000,032,944 | ---- | C] () -- C:\Program Files\FixVTS1.603.zip
[2009/12/15 20:31:07 | 001,089,840 | ---- | C] () -- C:\Program Files\yahoomailuploader_0.5.exe
[2009/12/02 18:02:18 | 001,320,837 | ---- | C] () -- C:\Program Files\RADTools19q.exe
[2009/12/02 17:50:56 | 018,030,130 | ---- | C] () -- C:\Program Files\vlc-1.0.3-win32.exe
[2009/11/15 15:34:40 | 032,770,344 | ---- | C] () -- C:\Program Files\yahoo_cinematycoon2_tm6-3.exe
[2009/11/10 08:09:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/10 08:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/10/29 16:39:16 | 000,465,778 | ---- | C] () -- C:\Program Files\gp.xpi
[2009/10/04 07:35:46 | 000,000,593 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2009/10/04 07:35:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/10/04 07:30:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/08/18 09:17:07 | 000,284,184 | ---- | C] () -- C:\Program Files\PopCapPluginInstaller_v2_en.exe
[2009/08/18 09:14:34 | 057,604,344 | ---- | C] () -- C:\Program Files\BWAVol2Setup_1_1.exe
[2009/06/12 14:38:22 | 001,104,331 | ---- | C] () -- C:\Program Files\Genevieve Jr Miss Louisa County.jpg
[2009/06/08 08:32:36 | 000,291,180 | ---- | C] () -- C:\Program Files\myspace_cube.pdf
[2009/06/08 08:30:56 | 000,404,712 | ---- | C] () -- C:\Program Files\myspace_calendar.pdf
[2009/06/07 11:01:57 | 025,083,936 | ---- | C] () -- C:\Program Files\yahoo_annasicecream_tm6-3.exe
[2009/05/11 12:14:45 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/11 18:17:50 | 001,403,901 | -HS- | C] () -- C:\WINDOWS\System32\epenilek.ini
[2009/01/25 15:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 17:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/30 20:08:46 | 000,907,380 | -HS- | C] () -- C:\WINDOWS\System32\XEMTAJjl.ini
[2008/11/30 20:08:46 | 000,907,313 | -HS- | C] () -- C:\WINDOWS\System32\XEMTAJjl.ini2
[2008/10/18 16:49:28 | 000,343,235 | ---- | C] () -- C:\Program Files\GuiStyle.exe
[2008/10/03 18:58:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/19 18:24:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/02/15 15:50:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/11/20 18:20:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/07/15 09:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/10 12:40:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr320exd.dll
[2007/04/03 17:45:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mr320exv.dll
[2007/03/24 13:25:58 | 000,202,071 | ---- | C] () -- C:\Program Files\RipIt4Me.zip
[2007/01/21 07:48:08 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/04 15:06:42 | 000,128,000 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2006/09/17 09:54:55 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1CA448C43D.sys
[2006/08/27 08:18:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/10 13:05:45 | 004,445,923 | ---- | C] () -- C:\Program Files\superman_ss_osx.sit.hqx
[2006/07/03 17:06:06 | 000,000,108 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/06/23 15:16:55 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/06/13 11:19:41 | 000,398,376 | ---- | C] () -- C:\Program Files\msgr75us.exe
[2006/06/12 16:12:26 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/07 12:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/05/25 17:02:57 | 000,899,414 | ---- | C] () -- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
[2006/05/25 17:02:26 | 000,793,583 | ---- | C] () -- C:\Program Files\Classic_0.91.7.zip
[2006/05/25 16:48:38 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup.zip
[2006/04/30 14:30:17 | 003,645,968 | ---- | C] () -- C:\Program Files\123freesolitaire.exe
[2006/03/05 17:17:02 | 000,006,686 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/05 17:17:02 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\3DC448A41C.sys
[2006/02/26 06:55:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JPR.{PB
[2006/02/26 06:55:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JCM.{PB
[2006/02/20 22:03:25 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/20 17:55:02 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\fusioncache.dat
[2006/02/16 00:50:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/16 00:41:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/02/16 00:37:56 | 000,000,612 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 00:36:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/16 00:12:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/16 00:12:54 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/16 00:12:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,372,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/08/04 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/03/30 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2010/02/13 17:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/06 06:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/11/08 18:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/06/11 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/04/16 21:18:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/06/16 18:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2010/06/16 18:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2010/06/16 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup002
[2010/06/16 18:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup003
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dictionaries
[2008/07/16 07:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/03/29 14:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2007/11/30 10:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/11/30 11:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/12/25 18:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/11/30 12:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/10 08:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/06/08 16:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2006/07/14 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/02/02 16:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/12/16 16:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/04/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2006/06/07 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2011/06/04 22:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2006/12/21 21:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/30 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZangoSA
[2008/10/04 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/02/12 08:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/16 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Canon
[2011/04/22 05:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Catalina Marketing Corp
[2006/03/27 11:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\EA
[2011/02/27 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\eMusic
[2011/07/26 08:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\FrostWire
[2007/11/30 11:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GameHouse
[2008/11/30 20:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GetModule
[2009/03/30 18:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Graboid Inc
[2010/04/16 18:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Image Zone Express
[2011/09/30 11:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Inbox Toolbar
[2008/07/11 19:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Jane s Hotel
[2006/02/26 06:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Leadertech
[2009/12/25 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Nikon
[2011/05/28 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\OpenCandy
[2011/10/05 17:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\OpenOffice.org
[2008/09/18 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Opera
[2008/12/02 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PCToolsFirewallPlus
[2010/09/16 04:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips
[2010/09/16 04:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips-Songbird
[2008/08/08 17:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PlayFirst
[2011/07/11 10:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PreCast
[2008/10/04 15:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games
[2008/10/03 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games Plugin
[2007/04/22 14:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ri4mupdater
[2010/07/29 16:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\RipIt4Me
[2006/12/21 21:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ScamBlocker
[2007/11/23 14:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Simple Star
[2009/01/10 11:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Terrapin
[2008/10/14 16:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Uniblue
[2011/04/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Visan
[2009/11/21 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio
[2009/11/21 16:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio Viewer
[2009/09/07 07:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Walgreens
[2006/07/03 18:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\WebRenderer
[2006/07/01 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Wildfire
[2011/12/16 16:07:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: NOTEPAD.CHM >
[2004/08/10 05:00:00 | 000,025,236 | ---- | M] () MD5=CC28209EAE1F1C3012ACD5FE3E2BF9B9 -- C:\i386\notepad.chm
[2004/08/10 05:00:00 | 000,025,236 | ---- | M] () MD5=CC28209EAE1F1C3012ACD5FE3E2BF9B9 -- C:\WINDOWS\Help\notepad.chm

< MD5 for: NOTEPAD.EXE >
[2007/11/13 09:15:12 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=388B8FBC36A8558587AFC90FB23A3B99 -- C:\Documents and Settings\Princess\Local Settings\Application Data\SupportSoft\DellSupportCenter\Princess\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
[2004/08/10 05:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=388B8FBC36A8558587AFC90FB23A3B99 -- C:\i386\notepad.exe
[2004/08/10 05:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=388B8FBC36A8558587AFC90FB23A3B99 -- C:\WINDOWS\$NtServicePackUninstall$\notepad.exe
[2008/04/13 18:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=5E28284F9B5F9097640D58A73D38AD4C -- C:\WINDOWS\notepad.exe
[2008/04/13 18:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=5E28284F9B5F9097640D58A73D38AD4C -- C:\WINDOWS\ServicePackFiles\i386\notepad.exe
[2008/04/13 18:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=5E28284F9B5F9097640D58A73D38AD4C -- C:\WINDOWS\system32\dllcache\notepad.exe
[2008/04/13 18:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=5E28284F9B5F9097640D58A73D38AD4C -- C:\WINDOWS\system32\notepad.exe

< MD5 for: NOTEPAD.EXE-2F2D61E1.PF >
[2011/12/15 22:58:49 | 000,024,432 | ---- | M] () MD5=DD68D697A67ACBE1C6A0EE2F23F52E9D -- C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf

< MD5 for: NOTEPAD.HLP >
[2004/08/10 05:00:00 | 000,012,521 | ---- | M] () MD5=EB9D47ECA3C4621620C37170E70AE647 -- C:\i386\notepad.hlp
[2004/08/10 05:00:00 | 000,012,521 | ---- | M] () MD5=EB9D47ECA3C4621620C37170E70AE647 -- C:\WINDOWS\Help\notepad.hlp

< MD5 for: NOTEPAD.LNK >
[2005/08/16 04:43:08 | 000,001,423 | ---- | M] () MD5=184060C3D1C7D6659EA311D143CA692D -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk
[2005/08/16 04:43:08 | 000,001,423 | ---- | M] () MD5=184060C3D1C7D6659EA311D143CA692D -- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk
[2005/08/16 04:43:08 | 000,001,423 | ---- | M] () MD5=184060C3D1C7D6659EA311D143CA692D -- C:\i386\Notepad.lnk
[2005/08/16 04:43:08 | 000,001,423 | ---- | M] () MD5=184060C3D1C7D6659EA311D143CA692D -- C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk
[2008/02/17 18:37:10 | 000,001,519 | ---- | M] () MD5=A136E3F6297EBAF0D069FA2B5122B6FB -- C:\Documents and Settings\Princess\Start Menu\Programs\Accessories\Notepad.lnk
[2011/12/15 15:54:33 | 000,001,519 | ---- | M] () MD5=BB5B19DB0B69189751FEFB11CE012589 -- C:\Documents and Settings\Carolyn\Start Menu\Programs\Accessories\Notepad.lnk

< MD5 for: NOTEPAD.URL >
[2008/06/23 11:20:59 | 000,000,178 | ---- | M] () MD5=1B37C8D5AF4254E01758332AF88A26ED -- C:\Documents and Settings\Carolyn\Favorites\Yahoo!\Information Management\Notepad.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680DD2F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5A35877
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C202A457
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#23
havredave

havredave

    Trusted Helper

  • Malware Removal
  • 860 posts
Notepad worked this time? That's good news - I see it's in the location it ought to be.

As of now, what symptoms do you still have that you want to be fixed? I see several things that I still need to clean up, but I might not be able to get to those until Monday. I'd like to tackle anything left that you want tweaked at the same time.

We'll hit those two programs that wouldn't uninstall properly too; I'm keeping those in mind.
  • 0

#24
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
I just can't open Mozilla w/o an error - there are still files of the searchqu out there unfortunately. The system performance seems so much better!! Just let me know when you have time...nbd
  • 0

#25
havredave

havredave

    Trusted Helper

  • Malware Removal
  • 860 posts
I'll be back in force on Monday. Thanks for the update on Firefox; I can focus on that and get it fixed up for you then, I think.

My normal hours are about 9am-5pm M-F MST. I'm at work longer than that, but those are the hours I'm mostly here. :)

In the meantime, can you give me the exact wording of the error Mozilla is showing you?
  • 0

#26
havredave

havredave

    Trusted Helper

  • Malware Removal
  • 860 posts
First

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Carolyn\Application Data\nprhapengine.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
    
    :Commands
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Please include the new OTL.txt file and the output from MBAM in your next reply. Please also remember to let me know the exact wording of the error message you're getting from Firefox when you try to run it.
  • 0

#27
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
part 1 completed...running anti-malware program...
OTL logfile created on: 12/19/2011 2:13:45 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Carolyn\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 148.14 Mb Available Physical Memory | 14.49% Memory free
2.40 Gb Paging File | 1.61 Gb Available in Paging File | 66.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 109.35 Gb Free Space | 75.77% Space Free | Partition Type: NTFS
Drive F: | 15.39 Gb Total Space | 10.46 Gb Free Space | 67.96% Space Free | Partition Type: FAT32

Computer Name: HIGGINS | User Name: Carolyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 22:52:48 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/12/14 11:08:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carolyn\My Documents\Downloads\OTL (1).exe
PRC - [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/15 22:11:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/14 17:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/14 17:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/02/03 07:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 11:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/02/16 00:37:31 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/02/09 16:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/09/23 21:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/09/14 20:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/01/21 18:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/19 14:11:35 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/19 14:11:34 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/07 05:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 05:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 05:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 05:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 05:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/20 00:04:15 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/20 00:04:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/04/16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/12 11:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/14 17:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/19 14:10:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2141C278-5E82-4EF5-9109-8D79E2EE235D}\MpKsl9ac67404.sys -- (MpKsl9ac67404)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/14 17:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 17:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 17:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/04/20 16:44:08 | 000,069,248 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97320.sys -- (mr97320)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/16 00:37:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/20 12:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.mchsd.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = walledgarden.mchsd.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Radio TV 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.03.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23ec984e-464c-4a0c-a8df-f80cb8c090e1}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {f29557fd-78aa-40e6-aba8-9fa219764018}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - prefs.js..network.proxy.ftp: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.mchsd.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "walledgarden.mchsd.com"
FF - prefs.js..network.proxy.ssl_port: 8000


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug2;version=2.0.0.0: C:\Program Files\RealArcade\npracplug2.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 15:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/16 15:25:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Carolyn\Application Data\Move Networks [2009/10/11 19:49:23 | 000,000,000 | ---D | M]

[2011/12/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions
[2009/05/02 15:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/16 04:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011/12/16 15:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions
[2009/04/11 10:36:45 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/05/27 17:50:27 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\extensions\chromifox@altmusictv.com
[2009/07/03 09:11:37 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\aim-search.xml
[2010/02/07 17:00:41 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\askcom.xml
[2010/11/29 07:10:42 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\bing-zugo.xml
[2010/12/30 17:21:42 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\conduit.xml
[2011/11/30 19:01:39 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\mypoints-search.xml
[2011/12/05 07:08:36 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\mzu3msnt.default\searchplugins\Search_Results.xml
[2011/12/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 06:37:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/22 05:49:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/22 05:49:57 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/19 06:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/09/27 11:42:12 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/09/27 11:42:12 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2011/12/05 07:08:36 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: RealArcade20 Mozilla Plugin (Enabled) = C:\Program Files\RealArcade\npracplug2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.7_0\
CHR - Extension: True Blood 2 = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgpnfphdpgfhegonhjbmajnfcnajdceb\1_0\

O1 HOSTS File: ([2011/12/16 16:00:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ElnkBhoGuard Class) - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (ElnkScamBHO Class) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll (EarthLink, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll (EarthLink, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe ()
O4 - Startup: C:\Documents and Settings\Carolyn\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: EarthLink Yahoo Search - C:\Program Files\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carolyn\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: toontown.com ([play] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD8535B6-108A-4252-832F-6F25B82A4B65}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:1 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/04 10:30:42 | 000,000,163 | R--- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 15:58:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/06 15:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\AppData
[2011/12/05 07:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Ilivid Player
[2011/12/05 07:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/05 07:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\PackageAware
[2011/08/20 00:00:26 | 012,495,296 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/08/19 08:00:26 | 048,267,960 | ---- | C] (Flexera Software) -- C:\Program Files\PPTWinInstall.3.0.7.exe
[2011/07/19 21:55:04 | 000,589,664 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2010/11/24 14:48:06 | 005,389,804 | ---- | C] (Pipkins, Inc. ) -- C:\Program Files\PSRViewerSetup.exe
[2010/10/17 17:03:02 | 030,164,216 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin(2).exe
[2010/10/05 06:27:47 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(3).exe
[2010/10/05 06:20:41 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(2).exe
[2010/09/17 05:30:48 | 002,320,763 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\autoupdater(2).exe
[2010/06/26 10:52:32 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\CouponPrinter.exe
[2010/05/25 11:45:24 | 003,103,640 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup43.exe
[2010/02/24 19:08:09 | 006,667,584 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXWebPlayerInstaller.exe
[2009/12/25 20:07:32 | 000,410,624 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2009/12/05 04:53:59 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2009/10/30 20:21:40 | 004,301,928 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim(2).exe
[2009/10/30 20:18:23 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2009/10/29 16:39:46 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009/05/28 20:02:17 | 003,500,808 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2009/05/02 15:18:50 | 016,509,288 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2009/01/10 11:46:22 | 006,479,282 | ---- | C] (Ocucom) -- C:\Program Files\PrecastSetup.exe
[2008/12/03 19:36:45 | 004,283,512 | ---- | C] (W3i, LLC) -- C:\Program Files\ezvideos.exe
[2008/12/02 22:05:19 | 027,206,408 | ---- | C] (COMODO) -- C:\Program Files\CIS_Setup_3.5.55810.432_XP_Vista_x32.exe
[2007/01/20 12:50:31 | 005,971,432 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.1.exe
[2006/05/25 17:24:18 | 001,320,111 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabDecrypter29.exe

========== Files - Modified Within 30 Days ==========

[2011/12/19 14:16:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005UA.job
[2011/12/19 14:15:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/19 14:11:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/19 14:10:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/19 09:01:38 | 000,006,686 | ---- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/19 09:01:38 | 000,000,152 | RHS- | M] () -- C:\WINDOWS\System32\3DC448A41C.sys
[2011/12/18 23:16:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005Core.job
[2011/12/16 16:00:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/16 15:40:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/16 15:23:25 | 000,000,612 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/12/16 09:46:11 | 000,277,392 | ---- | M] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBSchCost.pdf
[2011/12/16 09:45:29 | 000,319,623 | ---- | M] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBAppAud.pdf
[2011/12/15 15:41:32 | 001,922,031 | ---- | M] () -- C:\Documents and Settings\Carolyn\My Documents\rhyme_english.pdf
[2011/12/15 12:17:45 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\Google Chrome.lnk
[2011/12/15 12:17:45 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/15 03:15:51 | 000,372,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 00:19:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 17:44:28 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\WordPerfect.lnk
[2011/12/14 17:03:31 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/12/06 15:30:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/12/16 09:46:11 | 000,277,392 | ---- | C] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBSchCost.pdf
[2011/12/16 09:45:28 | 000,319,623 | ---- | C] () -- C:\Documents and Settings\Carolyn\My Documents\2012HBAppAud.pdf
[2011/12/15 15:41:29 | 001,922,031 | ---- | C] () -- C:\Documents and Settings\Carolyn\My Documents\rhyme_english.pdf
[2011/12/14 15:42:29 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\Carolyn\Desktop\WordPerfect.lnk
[2011/12/06 15:30:12 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/06 15:30:12 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/05 18:22:42 | 001,892,352 | ---- | C] () -- C:\WINDOWS\Win98Driver.exe
[2010/07/24 07:03:36 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/06/23 16:45:56 | 052,566,928 | ---- | C] () -- C:\Program Files\setup_av_free(2).exe
[2010/05/25 11:42:42 | 002,062,665 | ---- | C] () -- C:\Program Files\spywareguardsetup.exe
[2010/04/24 21:58:13 | 048,417,032 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2010/04/09 06:19:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/27 16:33:26 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\AutoGK.ini
[2010/03/27 16:22:29 | 012,341,641 | ---- | C] () -- C:\Program Files\AutoGordianKnot.2.55.Setup.exe
[2010/02/21 20:28:00 | 000,057,086 | ---- | C] () -- C:\Program Files\IowaWeatherMap.jpg
[2009/12/25 18:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Perl
[2009/12/25 18:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PageLibraries
[2009/12/25 18:47:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/25 09:03:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/19 19:34:16 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\FixVTS.ini
[2009/12/19 18:44:45 | 000,032,944 | ---- | C] () -- C:\Program Files\FixVTS1.603.zip
[2009/12/15 20:31:07 | 001,089,840 | ---- | C] () -- C:\Program Files\yahoomailuploader_0.5.exe
[2009/12/02 18:02:18 | 001,320,837 | ---- | C] () -- C:\Program Files\RADTools19q.exe
[2009/12/02 17:50:56 | 018,030,130 | ---- | C] () -- C:\Program Files\vlc-1.0.3-win32.exe
[2009/11/15 15:34:40 | 032,770,344 | ---- | C] () -- C:\Program Files\yahoo_cinematycoon2_tm6-3.exe
[2009/11/10 08:09:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/10 08:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/10/29 16:39:16 | 000,465,778 | ---- | C] () -- C:\Program Files\gp.xpi
[2009/10/04 07:35:46 | 000,000,593 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2009/10/04 07:35:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/10/04 07:30:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/08/18 09:17:07 | 000,284,184 | ---- | C] () -- C:\Program Files\PopCapPluginInstaller_v2_en.exe
[2009/08/18 09:14:34 | 057,604,344 | ---- | C] () -- C:\Program Files\BWAVol2Setup_1_1.exe
[2009/06/12 14:38:22 | 001,104,331 | ---- | C] () -- C:\Program Files\Genevieve Jr Miss Louisa County.jpg
[2009/06/08 08:32:36 | 000,291,180 | ---- | C] () -- C:\Program Files\myspace_cube.pdf
[2009/06/08 08:30:56 | 000,404,712 | ---- | C] () -- C:\Program Files\myspace_calendar.pdf
[2009/06/07 11:01:57 | 025,083,936 | ---- | C] () -- C:\Program Files\yahoo_annasicecream_tm6-3.exe
[2009/05/11 12:14:45 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/11 18:17:50 | 001,403,901 | -HS- | C] () -- C:\WINDOWS\System32\epenilek.ini
[2009/01/25 15:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 17:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/30 20:08:46 | 000,907,380 | -HS- | C] () -- C:\WINDOWS\System32\XEMTAJjl.ini
[2008/11/30 20:08:46 | 000,907,313 | -HS- | C] () -- C:\WINDOWS\System32\XEMTAJjl.ini2
[2008/10/18 16:49:28 | 000,343,235 | ---- | C] () -- C:\Program Files\GuiStyle.exe
[2008/10/03 18:58:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/19 18:24:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/02/15 15:50:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/11/20 18:20:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/07/15 09:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/10 12:40:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr320exd.dll
[2007/04/03 17:45:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mr320exv.dll
[2007/03/24 13:25:58 | 000,202,071 | ---- | C] () -- C:\Program Files\RipIt4Me.zip
[2007/01/21 07:48:08 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/04 15:06:42 | 000,128,000 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2006/09/17 09:54:55 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1CA448C43D.sys
[2006/08/27 08:18:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/10 13:05:45 | 004,445,923 | ---- | C] () -- C:\Program Files\superman_ss_osx.sit.hqx
[2006/07/03 17:06:06 | 000,000,108 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/06/23 15:16:55 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/06/13 11:19:41 | 000,398,376 | ---- | C] () -- C:\Program Files\msgr75us.exe
[2006/06/12 16:12:26 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/07 12:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/05/25 17:02:57 | 000,899,414 | ---- | C] () -- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
[2006/05/25 17:02:26 | 000,793,583 | ---- | C] () -- C:\Program Files\Classic_0.91.7.zip
[2006/05/25 16:48:38 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup.zip
[2006/04/30 14:30:17 | 003,645,968 | ---- | C] () -- C:\Program Files\123freesolitaire.exe
[2006/03/05 17:17:02 | 000,006,686 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/05 17:17:02 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\3DC448A41C.sys
[2006/02/26 06:55:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JPR.{PB
[2006/02/26 06:55:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JCM.{PB
[2006/02/20 22:03:25 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/20 17:55:02 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\fusioncache.dat
[2006/02/16 00:50:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/16 00:41:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/02/16 00:37:56 | 000,000,612 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 00:36:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/16 00:12:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/16 00:12:54 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/16 00:12:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,372,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/08/04 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/03/30 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2010/02/13 17:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/06 06:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/11/08 18:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/06/11 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/04/16 21:18:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/06/16 18:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2010/06/16 18:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2010/06/16 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup002
[2010/06/16 18:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup003
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dictionaries
[2008/07/16 07:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/03/29 14:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2007/11/30 10:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/11/30 11:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/12/25 18:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/11/30 12:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/10 08:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/06/08 16:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2006/07/14 09:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/02/02 16:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/12/19 06:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/04/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2006/06/07 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2011/06/04 22:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2006/12/21 21:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/30 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZangoSA
[2008/10/04 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/02/12 08:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/16 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Canon
[2011/04/22 05:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Catalina Marketing Corp
[2006/03/27 11:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\EA
[2011/02/27 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\eMusic
[2011/07/26 08:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\FrostWire
[2007/11/30 11:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GameHouse
[2008/11/30 20:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GetModule
[2009/03/30 18:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Graboid Inc
[2010/04/16 18:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Image Zone Express
[2011/09/30 11:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Inbox Toolbar
[2008/07/11 19:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Jane s Hotel
[2006/02/26 06:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Leadertech
[2009/12/25 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Nikon
[2011/05/28 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\OpenCandy
[2011/10/05 17:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\OpenOffice.org
[2008/09/18 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Opera
[2008/12/02 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PCToolsFirewallPlus
[2010/09/16 04:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips
[2010/09/16 04:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips-Songbird
[2008/08/08 17:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PlayFirst
[2011/07/11 10:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PreCast
[2008/10/04 15:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games
[2008/10/03 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games Plugin
[2007/04/22 14:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ri4mupdater
[2010/07/29 16:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\RipIt4Me
[2006/12/21 21:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ScamBlocker
[2007/11/23 14:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Simple Star
[2009/01/10 11:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Terrapin
[2008/10/14 16:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Uniblue
[2011/04/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Visan
[2009/11/21 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio
[2009/11/21 16:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio Viewer
[2009/09/07 07:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Walgreens
[2006/07/03 18:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\WebRenderer
[2006/07/01 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Wildfire
[2011/12/19 14:15:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680DD2F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5A35877
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C202A457
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#28
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
here's the other scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 3:00:30 PM
mbam-log-2011-12-19 (15-00-30).txt

Scan type: Quick scan
Objects scanned: 203063
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GabPath (Adware.GabPath) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.75.0 (Adware.Zango) -> Value: Zango 10.3.75.0 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\Princess\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Princess\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Princess\application data\funwebproducts\Data\Princess (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.

Files Infected:
c:\RECYCLER\s-1-5-21-1555933731-11304943-2770183423-1007\Dc29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Princess\application data\funwebproducts\Data\Princess\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Princess\application data\funwebproducts\Data\Princess\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Princess\application data\funwebproducts\Data\Princess\wffavs.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\ZangoSA\zangosaabout.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\ZangoSA\zangosaeula.mht (Adware.Zango) -> Quarantined and deleted successfully.
  • 0

#29
huggster26

huggster26

    Member

  • Member
  • PipPip
  • 77 posts
I'm still getting the same error on Mozilla when I try to open it....I've done and completed all the scans that you asked for. let me know if there's anything else I can do on my end.
thanks much!
-C.
  • 0

#30
havredave

havredave

    Trusted Helper

  • Malware Removal
  • 860 posts
Please correct me if I'm blind, but did you tell me what the exact error message was that Firefox gives you when you try to start it?

I'll look over your new log and we can go from there, but I really do need that error message; the alternative is I help you do a clean install of Firefox, which will of course mean you will lose all settings and addons you've added to it.

I'd just as soon remove the issue surgically, but we sure can do a clean install instead, if you wish.

Let me know! :)
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured