Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TFC getting errors [Solved]

Started by huggster26 , Oct 30 2012 01:00 PM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 01 November 2012 - 08:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see if OTL encounters the same problem, first I will delete the offending temp folder

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Files
c:\documents and settings\carolyn\local settings\temp\WERe386.dir00

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#17
huggster26
Posted 01 November 2012 - 11:13 PM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
When starting OTL w program fix, MS Essentials disabled itself and then got this warning message: The file or directory c:\_OTL\moved files\11012012_234652\c_documents and settings\temp\WERe386.dir00\appcompat.txt is corrupt and unreadable. Please run chkdsk utility.

I ok'd thru the error a couple times, then the OTL ran and rebooted. I went ahead and ran OTL again and here's the log:

OTL logfile created on: 11/1/2012 11:59:11 PM - Run 11
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 175.20 Mb Available Physical Memory | 17.14% Memory free
2.40 Gb Paging File | 1.54 Gb Available in Paging File | 64.30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 93.51 Gb Free Space | 64.80% Space Free | Partition Type: NTFS
Drive F: | 15.39 Gb Total Space | 9.67 Gb Free Space | 62.84% Space Free | Partition Type: FAT32

Computer Name: HIGGINS | User Name: Carolyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 13:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2012/10/29 15:00:47 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Carolyn\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/27 11:48:03 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/16 23:46:30 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/10/08 14:04:35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/14 16:31:28 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/08 08:48:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/01/14 18:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/14 18:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/02/03 08:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 15:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 12:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/02/16 01:37:31 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/02/09 17:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/09/14 21:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/01/21 19:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 11:46:54 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/08 13:25:26 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/12 12:24:26 | 001,811,120 | ---- | M] () -- C:\Program Files\Ocucom\PreCast\tmon.exe


========== Services (SafeList) ==========

SRV - [2012/10/27 11:48:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 14:04:35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/08 13:29:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/08 08:48:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/01/14 18:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Unknown (0) | On_Demand | Unknown] -- System32\Drivers\TfKbMon.sys -- (TfKbMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/11/01 23:52:58 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4D5C67A-D1E8-44F8-83A3-BFC7EB578957}\MpKsl124ce9f2.sys -- (MpKsl124ce9f2)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/14 18:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 18:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 18:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/04/20 17:44:08 | 000,069,248 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97320.sys -- (mr97320)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/16 01:37:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 05:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/10 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/20 13:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKLM\..\SearchScopes\{48517E33-3723-4307-9A7F-8893F4CFAC82}: "URL" = http://www.tangosear...Terms}&a=SEARCH
IE - HKLM\..\SearchScopes\{4BDB965D-C863-45FE-A2CF-D41F5C434CFA}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{7AB7C541-9BBC-410E-9C47-FCC1E85E0DA1}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{A0326FC7-77DB-4063-BAC9-D34435934BB2}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{BAA14828-F1B0-4B49-91E3-96182645B3CE}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{BD9F43F6-5F48-4920-BD3A-851C7F125B22}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{D5C1F79A-DF2C-4CC9-8A09-E9C527661515}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{1D681B53-F680-405B-BE97-E1994410FFAE}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{41DE50F8-2EB1-464B-8BE0-FE9A87888815}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{48517E33-3723-4307-9A7F-8893F4CFAC82}: "URL" = http://www.tangosear...Terms}&a=SEARCH
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{5320134B-25BC-C2D4-1AF8-8C5F8CAA52F3}: "URL" = http://www.bing.com/...020&form=ZGAIDF
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{6377E2A1-A470-4495-9503-04AAE07E45DF}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{83110DCE-A52C-4B93-AC62-189BCBE5D746}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{86B6A33F-3BE8-4991-99D6-DFE5B7B5C75A}: "URL" = http://search.yahoo....utf-8&fr=yie8ms
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{8CAA095F-8EC3-487F-84CB-17B1188408B2}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{919B7AC5-B945-488B-A6B9-C9FABD91B40D}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{97D3442D-77C3-4899-9893-4C6E23E0E77D}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{982D6CD0-2C59-439C-9F8A-C1A2DC3CD475}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{C4978296-D5B5-43F1-BD78-B7AC4F6E9174}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\SearchScopes\{D3DA583D-80EA-4B30-A84F-067769DD85E8}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.mchsd.com;*.local
IE - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = walledgarden.mchsd.com:8000

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug2;version=2.0.0.0: C:\Program Files\RealArcade\npracplug2.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 11:48:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 11:46:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Carolyn\Application Data\Move Networks [2009/10/11 20:49:23 | 000,000,000 | ---D | M]

[2011/12/21 07:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions
[2009/05/02 16:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\[email protected]
[2010/09/16 05:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Extensions\[email protected]
[2012/10/23 14:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\qgx4k8ps.default\extensions
[2012/10/27 11:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 11:48:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/22 06:49:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/22 06:49:57 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/10/14 16:01:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/09/27 12:42:12 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2012/10/14 16:01:23 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: RealArcade20 Mozilla Plugin (Enabled) = C:\Program Files\RealArcade\npracplug2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\
CHR - Extension: True Blood 2 = C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgpnfphdpgfhegonhjbmajnfcnajdceb\1_0\

O1 HOSTS File: ([2012/11/01 23:49:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ElnkBhoGuard Class) - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (ElnkScamBHO Class) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll (EarthLink, Inc.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll (EarthLink, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll (EarthLink, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [Spotify Web Helper] C:\Documents and Settings\Carolyn\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe ()
O4 - Startup: C:\Documents and Settings\Carolyn\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: EarthLink Yahoo Search - C:\Program Files\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carolyn\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1555933731-11304943-2770183423-1005\..Trusted Domains: toontown.com ([play] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD8535B6-108A-4252-832F-6F25B82A4B65}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:1 () - http://thumbp1.mail....f=505&fid=Inbox
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/04 10:30:42 | 000,000,163 | R--- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ad7c3c2-c296-11e0-a054-00123fc22a9e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/30 13:31:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/10/27 11:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/09 11:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Temp
[2012/10/08 17:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\Sun
[2012/10/08 14:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/20 01:00:26 | 012,495,296 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/08/19 09:00:26 | 048,267,960 | ---- | C] (Flexera Software) -- C:\Program Files\PPTWinInstall.3.0.7.exe
[2011/07/19 22:55:04 | 000,589,664 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2010/11/24 15:48:06 | 005,389,804 | ---- | C] (Pipkins, Inc. ) -- C:\Program Files\PSRViewerSetup.exe
[2010/10/05 07:27:47 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(3).exe
[2010/10/05 07:20:41 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall(2).exe
[2010/09/17 06:30:48 | 002,320,763 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\autoupdater(2).exe
[2010/06/26 11:52:32 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\CouponPrinter.exe
[2010/05/25 12:45:24 | 003,103,640 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup43.exe
[2010/02/24 20:08:09 | 006,667,584 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXWebPlayerInstaller.exe
[2009/12/05 05:53:59 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2009/10/30 21:21:40 | 004,301,928 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim(2).exe
[2009/10/30 21:18:23 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2009/10/29 17:39:46 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009/05/28 21:02:17 | 003,500,808 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2009/01/10 12:46:22 | 006,479,282 | ---- | C] (Ocucom) -- C:\Program Files\PrecastSetup.exe
[2008/12/03 20:36:45 | 004,283,512 | ---- | C] (W3i, LLC) -- C:\Program Files\ezvideos.exe
[2008/12/02 23:05:19 | 027,206,408 | ---- | C] (COMODO) -- C:\Program Files\CIS_Setup_3.5.55810.432_XP_Vista_x32.exe
[2007/01/20 13:50:31 | 005,971,432 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.1.exe
[2006/05/25 18:24:18 | 001,320,111 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabDecrypter29.exe

========== Files - Modified Within 30 Days ==========

[2012/11/02 00:02:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/01 23:53:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/01 23:51:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/01 23:49:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/11/01 23:36:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005UA.job
[2012/11/01 23:28:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/01 23:02:43 | 000,006,686 | ---- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/11/01 23:02:43 | 000,000,152 | RHS- | M] () -- C:\WINDOWS\System32\3DC448A41C.sys
[2012/11/01 16:36:02 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555933731-11304943-2770183423-1005Core.job
[2012/10/30 14:51:58 | 000,538,941 | ---- | M] () -- C:\adwcleaner.exe
[2012/10/30 13:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/10/27 14:54:04 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\1CA448C43D.sys
[2012/10/26 15:40:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/24 15:00:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/14 15:43:13 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/12 10:40:05 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\WordPerfect.lnk
[2012/10/10 19:39:29 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Carolyn\Desktop\Google Chrome.lnk
[2012/10/10 19:39:29 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Carolyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 15:45:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/08 13:32:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

========== Files Created - No Company Name ==========

[2012/10/30 14:51:23 | 000,538,941 | ---- | C] () -- C:\adwcleaner.exe
[2012/10/08 13:32:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/10/08 13:32:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/09/18 13:08:55 | 000,198,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/31 13:05:24 | 000,082,584 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/15 23:09:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/05 19:22:42 | 001,892,352 | ---- | C] () -- C:\WINDOWS\Win98Driver.exe
[2010/09/01 19:32:45 | 002,358,538 | ---- | C] () -- C:\Documents and Settings\Carolyn\NEIBA09.JPG
[2010/07/24 08:03:36 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/06/23 17:45:56 | 052,566,928 | ---- | C] () -- C:\Program Files\setup_av_free(2).exe
[2010/06/14 18:48:50 | 000,051,803 | ---- | C] () -- C:\Documents and Settings\Carolyn\knoxgf.jpg
[2010/05/25 12:42:42 | 002,062,665 | ---- | C] () -- C:\Program Files\spywareguardsetup.exe
[2010/04/24 22:58:13 | 048,417,032 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2010/03/27 17:33:26 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\AutoGK.ini
[2010/03/27 17:22:29 | 012,341,641 | ---- | C] () -- C:\Program Files\AutoGordianKnot.2.55.Setup.exe
[2010/02/21 21:28:00 | 000,057,086 | ---- | C] () -- C:\Program Files\IowaWeatherMap.jpg
[2009/12/25 19:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Perl
[2009/12/25 19:47:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PageLibraries
[2009/12/25 19:47:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/19 20:34:16 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\FixVTS.ini
[2009/12/19 19:44:45 | 000,032,944 | ---- | C] () -- C:\Program Files\FixVTS1.603.zip
[2009/12/15 21:31:07 | 001,089,840 | ---- | C] () -- C:\Program Files\yahoomailuploader_0.5.exe
[2009/12/02 19:02:18 | 001,320,837 | ---- | C] () -- C:\Program Files\RADTools19q.exe
[2009/12/02 18:50:56 | 018,030,130 | ---- | C] () -- C:\Program Files\vlc-1.0.3-win32.exe
[2009/11/15 16:34:40 | 032,770,344 | ---- | C] () -- C:\Program Files\yahoo_cinematycoon2_tm6-3.exe
[2009/10/29 17:39:16 | 000,465,778 | ---- | C] () -- C:\Program Files\gp.xpi
[2009/08/18 10:17:07 | 000,284,184 | ---- | C] () -- C:\Program Files\PopCapPluginInstaller_v2_en.exe
[2009/08/18 10:14:34 | 057,604,344 | ---- | C] () -- C:\Program Files\BWAVol2Setup_1_1.exe
[2009/08/14 08:03:19 | 000,003,820 | ---- | C] () -- C:\Documents and Settings\Carolyn\snaggle1(3).jpg
[2009/08/14 07:58:28 | 000,003,820 | ---- | C] () -- C:\Documents and Settings\Carolyn\snaggle1(2).jpg
[2009/08/14 07:58:12 | 000,003,820 | ---- | C] () -- C:\Documents and Settings\Carolyn\snaggle1.jpg
[2009/06/12 15:38:22 | 001,104,331 | ---- | C] () -- C:\Program Files\Genevieve Jr Miss Louisa County.jpg
[2009/06/08 09:32:36 | 000,291,180 | ---- | C] () -- C:\Program Files\myspace_cube.pdf
[2009/06/08 09:30:56 | 000,404,712 | ---- | C] () -- C:\Program Files\myspace_calendar.pdf
[2009/06/07 12:01:57 | 025,083,936 | ---- | C] () -- C:\Program Files\yahoo_annasicecream_tm6-3.exe
[2009/01/27 20:35:27 | 000,045,712 | ---- | C] () -- C:\Documents and Settings\Carolyn\TaxReturn.pdf
[2008/10/18 17:49:28 | 000,343,235 | ---- | C] () -- C:\Program Files\GuiStyle.exe
[2007/03/24 14:25:58 | 000,202,071 | ---- | C] () -- C:\Program Files\RipIt4Me.zip
[2006/08/27 09:18:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/10 18:28:01 | 000,078,525 | ---- | C] () -- C:\Documents and Settings\Carolyn\gracie pic.jpg
[2006/07/10 14:05:45 | 004,445,923 | ---- | C] () -- C:\Program Files\superman_ss_osx.sit.hqx
[2006/06/13 12:19:41 | 000,398,376 | ---- | C] () -- C:\Program Files\msgr75us.exe
[2006/05/25 18:02:57 | 000,899,414 | ---- | C] () -- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
[2006/05/25 18:02:26 | 000,793,583 | ---- | C] () -- C:\Program Files\Classic_0.91.7.zip
[2006/05/25 17:48:38 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup.zip
[2006/04/30 15:30:17 | 003,645,968 | ---- | C] () -- C:\Program Files\123freesolitaire.exe
[2006/02/26 07:55:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JPR.{PB
[2006/02/26 07:55:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Carolyn\Application Data\PFP120JCM.{PB
[2006/02/20 23:03:25 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/20 18:55:02 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Carolyn\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/04 22:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/02/13 18:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/08 19:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/06/11 20:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/04/16 22:18:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/06/16 19:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2010/06/16 19:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2010/06/16 19:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup002
[2010/06/16 19:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup003
[2012/09/16 13:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
[2009/12/25 19:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dictionaries
[2008/07/16 08:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/12/25 19:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/03/29 15:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2007/11/30 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/11/30 12:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/12/25 19:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/11/30 13:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/10 09:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/06/08 17:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2006/07/14 10:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/02/02 17:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/12/19 07:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 19:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/04/22 18:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2006/06/07 13:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2006/12/21 22:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/10/04 15:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/02/12 09:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/09/16 13:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Canon
[2011/04/22 06:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Catalina Marketing Corp
[2006/03/27 12:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\EA
[2011/02/27 10:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\eMusic
[2011/07/26 09:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\FrostWire
[2007/11/30 12:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GameHouse
[2008/11/30 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\GetModule
[2009/03/30 19:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Graboid Inc
[2010/04/16 19:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Image Zone Express
[2008/07/11 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Jane s Hotel
[2006/02/26 07:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Leadertech
[2009/12/25 19:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Nikon
[2011/10/05 18:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\OpenOffice.org
[2008/09/18 21:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Opera
[2008/12/02 18:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PCToolsFirewallPlus
[2010/09/16 05:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips
[2010/09/16 05:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Philips-Songbird
[2008/08/08 18:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PlayFirst
[2011/07/11 11:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\PreCast
[2008/10/04 16:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games
[2008/10/03 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\QQ Games Plugin
[2007/04/22 15:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ri4mupdater
[2010/07/29 17:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\RipIt4Me
[2006/12/21 22:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\ScamBlocker
[2007/11/23 15:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Simple Star
[2012/10/30 13:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Spotify
[2009/01/10 12:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Terrapin
[2008/10/14 17:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Uniblue
[2011/04/22 18:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Visan
[2009/11/21 17:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio
[2009/11/21 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\W Photo Studio Viewer
[2009/09/07 08:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Walgreens
[2006/07/03 19:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\WebRenderer
[2006/07/01 09:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn\Application Data\Wildfire
[2009/08/22 11:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Image Zone Express
[2006/12/28 06:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ScamBlocker
[2008/06/16 06:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\acccore
[2008/09/16 20:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\Opera
[2008/06/02 20:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\PlayFirst
[2009/06/05 15:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\PreCast
[2008/10/13 17:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\QQ Games Plugin
[2008/02/10 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\ScamBlocker
[2008/11/02 21:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\Simple Star
[2008/06/16 10:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\W Photo Studio Viewer
[2008/05/05 13:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\Walgreens
[2008/02/12 21:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess\Application Data\WebRenderer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680DD2F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5A35877
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C202A457
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by huggster26, 01 November 2012 - 11:13 PM.

  • 0

#18
Essexboy
Posted 02 November 2012 - 07:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well at least OTL moved the file/folder

Could you now retry TFC to see if the problem is resolved
  • 0

#19
huggster26
Posted 02 November 2012 - 01:45 PM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I will do it when I get home from work later. thanks for responding so quickly.
  • 0

#20
huggster26
Posted 02 November 2012 - 11:00 PM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
TFC worked, but total cleaned was 1mb. It did pop up a windows box when it rebooted, but I wasn't able to catch the message. Tried to re-create and nothing, but having problems now w the machine hanging and Mozilla not responding again w script errors. Haven't had them since we cleaned up at the beginning.

I'm extra tired, so leaving it for the night. Let me know if you have another step. thanks much!
  • 0

#21
Essexboy
Posted 03 November 2012 - 07:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The script errors suggest a problem with one of the add ons... Run Firefox and disable all add ons, then restart them one at a time to determine which one is causing the problem. When located uninstall it and then download a fresh copy

Let me know how it is after that
  • 0

#22
huggster26
Posted 03 November 2012 - 07:49 AM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
well, I had already disabled all add-ons when I was getting the script errors before I logged the issue. That's why it surprised me that I was continuing to get them. Also why would my screen be black out on the desktop? Having a lot of little quirky things going on since we did that fix. I ended all my programs except mozilla. I still had the taskbar and now I went back to the desktop and it is there. It was just in an hourglass for minutes.

I am certainly buying a new box when I get back to working full-time, but in the meantime to just keep getting by w this machine what should I be running to keep it afloat? I am so grateful for all your assistance w this.
  • 0

#23
Essexboy
Posted 03 November 2012 - 07:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Firefox now has a reset button, using this will lose your addons but retain the bookmarks etc. Just like a re-install but faster

Details are here

It may be worth cutting down a few unessential programmes at start. There is a small tool to help achieve this
Mike Lins Startup Control Panel
Although you appear to have ample RAM and plenty of disc space it may be worth a shot
  • 0

#24
huggster26
Posted 03 November 2012 - 08:24 AM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I have reset my mozilla browser. Thanks for that info.
Also the list of the HKCU and HKLM's have some items that I don't know if are needed or not or there's a couple that have no info at all. Should I disable the ones w no info? I did disable some of the ones that I know for sure are not needed...I assume the following 2 are okay but didn't sound familiar: SigmatelSysTrayApp and ehTray

Yeah, I figured I was ok w space for now. I sure appreciate all the time you have given me. THANKS again for the assist!
  • 0

#25
Essexboy
Posted 03 November 2012 - 08:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No they are not what I would term even nearly essential :)

Is FF behaving now ?
  • 0

Advertisements

#26
huggster26
Posted 03 November 2012 - 08:39 AM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
so far so good on the browser!! I will be more online today since I have to get some work done. :)

I will go ahead and disable all those that have no info and those other 2. I figured so but wanted to ask...
  • 0

#27
Essexboy
Posted 03 November 2012 - 08:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nice to have a relatively easy one sometimes :)
  • 0

#28
huggster26
Posted 03 November 2012 - 08:50 AM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
so glad you think it's easy! It was stressing me out w other stuff! Have a GREAT w/e! thanks again!!
  • 0

#29
Essexboy
Posted 03 November 2012 - 08:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you are happy let me know and I will remove my rubbish :)
  • 0

#30
huggster26
Posted 03 November 2012 - 07:42 PM

huggster26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I think things are going better now - sorry for the delay in the response. If you're ok w closing the issue it would be fine w me. I haven't seen any problems today after I reset Mozilla and re-ran the TFC.

Thanks again for the awesome service.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP