Solved Bing.zugotoolbar is back plus more malware

Your example is great, but, after looking at it, I have no filter bar at the top. I didd put in the "about:config" and got the screen you said I would. But, then I am at a dead end, sorry. Can I add a Filter bar??

 

I get a warning, stating that by doing this command it may void my warranty. It has a blue box saying "I'll Be Careful, I promise.

 

I just clicked the blue box on the Firefox screen. I now have a filter line and the entire screen filled up with data. How stupid can a person be. I am really sorry. I will continue with your instructions now. Again, I am really sorry, for both of us. I think being stupid is my whole problem in the first place. I'll post the logs as I get them, and, please believe me about how thankful I am to have you helping me. Thanks

 

FYI: After rebooting, I started my dial up then clicked Firefox, typed in "windowsbbc" hit enter,and got this little present, (I was hoping it may be gone by now, wishful thinking, I guess). Request- URT TOO LARGE (next line) The requested URL'S length exceeds the limit for the server (next line) Apache/2.2.14 (Unix) service at search.ZUGO.com Port 80. I don't know if this is usefull or not. The following is the OTL quick scan (post 19). I am continuing with the rest of the instructions you gave in the second part of post 19.

All processes killed
========== OTL ==========
C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\bing-ff.xml moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Char
->Temp folder emptied: 34529 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: Charlotte
->Temp folder emptied: 1839331 bytes
->Temporary Internet Files folder emptied: 18802021 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39269408 bytes
->Flash cache emptied: 1491 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1113938 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7801283 bytes

Total Files Cleaned = 66.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.36.1 log created on 03122010_125738

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003E0F7C607495A0D910 not found!
File\Folder C:\Windows\temp\TMP0000003F3B3A216F35B123CA not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

I just ran the "Systemlook ". The entire scan took about 10 seconds. Here is the log.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:26 on 12/03/2010 by Charlotte (Administrator - Elevation successful)

========== regfind ==========

Searching for "bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "
[HKEY_USERS\S-1-5-21-2703132291-4135161347-3693838283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}]
"DisplayName "= "Bing "

-=End Of File=-

 

I hope these help. Thanks again for all of your help. Please let me know what to do next. Later

 

As to changing the value I think I did. I had problems when trying to copy it. When I right clicked the command to try to copy it, I did not get the copy and paste options. And I did not know how to use the commands listed (send link, copy link location, etc). I tried the "copy link location ", and it did not seem to work very well. So I believed that I had picked the wrong commad, so I tried the send link, and it opened my email. I copied the link in the new email, came back to my tag I had open with Firefox, pasted in the link. So I thought I had completed the procedure. If I did not (or you can tell me which command I should have used) I'll be glad to do the job again, and do it correctly this time.

As to the Bing.zugotoolbar issue, I still have a problem with it. I posted the exact message I received today on post #26, if you want to see what I am getting.

Thanks again, you have been great and thanks for putting up with my flaws.

 

Broni, here is the info from post 26 about ZUGO:

FYI: After rebooting, I started my dial up then clicked Firefox, typed in "windowsbbc" hit enter,and got this little present, (I was hoping it may be gone by now, wishful thinking, I guess). Request- URT TOO LARGE (next line) The requested URL'S length exceeds the limit for the server (next line) Apache/2.2.14 (Unix) service at search.ZUGO.com Port 80.

 

Broni, Ok, I downloaded FoxScan got the DOS window hit 2, enter. I have a shortcut on my desktop, and I assume it is running. I did not know if you meant be patient it will take a few minutes to start the scan or to do the scan. Either way, I think we are cooking. Thanks again!

 

Broni: I just logged on and found nothing running. I did not get the "search completed press any key ". I went to the shortcut on my desktop, right clicked, hit open (I got my original message, this is where I double clicked the first time, so I double clicked it again about 30 seconds ago, I got the small DOS looking window, hit2, hit enter, the screen changed, but it flashed on and off so quickly I could not read it. But, still I see nothing running. I went to control panel, programs, what programs are running now, nothing showing for FoxScan. And, maybe it would not show here, but that is the only place I knew to look to see if it was running. I am going to be out of town in about an hour. I'll check back to see if you have anything you want me to do before I leave. You have been very patient and I thank you for that. Just let me know what you want me to do now.

 

Here ya gTL logfile created on: 3/14/2010 4:28:52 AM - Run 3
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\Charlotte\Documents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 389.55 Gb Free Space | 86.36% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.00 Gb Free Space | 40.96% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.27 Gb Free Space | 6.22% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Charlotte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/11 02:43:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
PRC - [2010/01/15 23:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/05 17:46:56 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/01 13:35:38 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Upromise\UpromiseTray.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/11/28 06:33:28 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
PRC - [2007/02/20 05:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/11/03 20:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/11 02:43:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 00:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/07/02 03:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/08/05 17:46:56 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/20 06:28:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/09 07:06:54 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/07/02 03:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/02 03:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/07/02 03:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/07/02 03:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/02 03:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/05 05:31:38 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:51 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/07/02 03:11:32 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 4B 36 B9 D8 1E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.core.com/home/start
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=SOLTDF&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/14 02:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/14 02:37:08 | 000,000,000 | ---D | M]

[2009/04/05 07:18:01 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Extensions
[2010/03/14 03:54:03 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions
[2009/06/24 11:04:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/10/04 22:12:08 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2009/06/24 11:05:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/01/30 08:20:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2009/10/11 07:29:13 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/09/09 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\autopager@mozilla.org
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\FFToolbar@upromise
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\fotofox@mozilla.com
[2009/09/08 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\isreaditlater@ideashower.com
[2009/05/01 20:20:25 | 000,002,207 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\askcom.xml
[2009/04/07 12:04:56 | 000,001,632 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\live-search.xml
[2010/02/13 14:49:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/30 04:52:48 | 000,000,000 | ---D | M] (Wyyo) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{0CA8283E-056B-40D7-A343-83C84105CE78}
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-companion@mozilla.com
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-online@partners.mozilla.com
[2010/01/30 17:39:57 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2010/03/12 13:58:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [Pareto_Update] C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe File not found
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O24 - Desktop BackupWallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/03/08 23:39:40 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2010/03/08 23:39:40 | 000,000,125 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell - " " = AutoRun
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell\AutoRun\command - " " = F:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 04:00:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/12 04:00:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/12 04:00:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/12 04:00:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/11 02:39:31 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
[2010/03/03 00:02:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 21:58:25 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\TFC.exe
[2010/02/27 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\DoctorWeb
[2010/02/27 04:16:36 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/27 04:16:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/27 04:16:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/27 04:16:35 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/27 04:16:34 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/27 04:16:34 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/27 04:16:34 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/27 04:16:34 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/27 04:16:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/27 04:16:33 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/27 04:16:33 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/27 04:16:33 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/27 04:16:32 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/27 04:16:32 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/27 04:16:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/27 04:16:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/27 04:16:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/27 04:16:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/26 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook_images
[2010/02/26 18:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/02/26 18:39:16 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Sierra Wireless
[2010/02/26 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/02/26 18:01:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Charlotte\Documents\Desktop\HijackThisInstaller.exe
[2010/02/26 04:23:46 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Malwarebytes
[2010/02/26 04:23:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/26 04:23:40 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/26 04:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/26 04:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/26 03:27:35 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Charlotte\Documents\Desktop\mbam-setup.exe
[2010/02/24 00:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2010/02/23 22:04:27 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/23 22:04:27 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/23 22:04:27 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/23 22:04:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/23 22:04:26 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/23 22:04:26 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/23 21:19:36 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/23 21:19:36 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/17 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\Jim's Driver License
[2010/02/13 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\PeerNetworking

========== Files - Modified Within 30 Days ==========

[2010/03/14 04:29:16 | 003,670,016 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat
[2010/03/14 04:25:52 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job
[2010/03/14 04:11:42 | 000,017,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Internet,computer,printer information.xlr
[2010/03/14 04:11:42 | 000,017,172 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2010/03/14 03:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/13 11:04:24 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 11:04:24 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 03:11:10 | 000,112,998 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\FoxScan.exe
[2010/03/13 01:27:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/03/12 14:24:55 | 000,100,908 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\SystemLook.exe
[2010/03/12 14:05:57 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/12 14:05:57 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/12 14:05:57 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/12 14:00:31 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/03/12 14:00:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/12 13:59:33 | 000,524,288 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 13:59:33 | 000,065,536 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TM.blf
[2010/03/12 13:59:31 | 001,510,318 | -H-- | M] () -- C:\Users\Charlotte\AppData\Local\IconCache.db
[2010/03/12 13:58:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/12 12:49:10 | 002,754,560 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/03/12 12:49:09 | 005,928,960 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/03/11 23:26:46 | 001,856,748 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\Copies of ck # 3544.rtf
[2010/03/11 12:57:53 | 000,011,264 | ---- | M] () -- C:\Users\Charlotte\Documents\Abbey's State Gymnastics Meet Directions.wps
[2010/03/11 02:43:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
[2010/03/11 01:43:45 | 000,471,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/11 01:30:50 | 000,115,575 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\DrWeb.csv
[2010/03/10 18:40:30 | 000,001,610 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\DR. WEb help.rtf
[2010/03/10 16:33:17 | 033,363,360 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\x7y58s5w.exe
[2010/03/08 18:16:38 | 000,152,064 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/03 14:03:38 | 000,014,336 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer Short Cuts,Error fixes,etc..xlr
[2010/03/01 22:32:49 | 000,010,752 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer, error codes, things and places to check.xlr
[2010/02/28 22:00:50 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\TFC.exe
[2010/02/27 08:39:38 | 032,244,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\drweb-cureit.exe
[2010/02/26 21:51:29 | 000,008,230 | ---- | M] () -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook.ppp
[2010/02/26 18:06:31 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Charlotte\Documents\Desktop\HijackThisInstaller.exe
[2010/02/26 04:23:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/26 04:05:16 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Charlotte\Documents\Desktop\mbam-setup.exe
[2010/02/24 18:39:13 | 000,012,288 | ---- | M] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Purchasing list.xlr
[2010/02/24 17:30:08 | 000,028,160 | ---- | M] () -- C:\Users\Charlotte\Documents\Medicare, Advantage Health Ins. letter 1.28.10.wps
[2010/02/20 19:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 19:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 19:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 19:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/02/20 18:19:15 | 000,020,992 | ---- | M] () -- C:\Users\Charlotte\Documents\Windows BBS Post.wps
[2010/02/19 19:03:37 | 000,251,194 | ---- | M] () -- C:\Users\Charlotte\Documents\2907978_103823_1_Rebate_82285.pdf
[2010/02/18 19:15:34 | 000,009,728 | ---- | M] () -- C:\Users\Charlotte\Documents\New AT&T USBDirect Connect Service.wps
[2010/02/17 18:19:41 | 000,017,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Printer info and other things.xlr
[2010/02/17 14:12:25 | 000,015,872 | ---- | M] () -- C:\Users\Charlotte\Documents\College Scholarships Log Book.xlr
[2010/02/15 17:30:19 | 000,727,627 | ---- | M] () -- C:\Users\Charlotte\Documents\IMG_0002.jpg
[2010/02/15 17:30:00 | 001,475,708 | ---- | M] () -- C:\Users\Charlotte\Documents\IMG_0001.jpg
[2010/02/13 14:16:00 | 000,026,478 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\UserTile.png

========== Files Created - No Company Name ==========

[2010/03/13 03:10:35 | 000,112,998 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\FoxScan.exe
[2010/03/12 14:23:59 | 000,100,908 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\SystemLook.exe
[2010/03/11 23:26:45 | 001,856,748 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\Copies of ck # 3544.rtf
[2010/03/11 12:57:53 | 000,011,264 | ---- | C] () -- C:\Users\Charlotte\Documents\Abbey's State Gymnastics Meet Directions.wps
[2010/03/11 01:30:50 | 000,115,575 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\DrWeb.csv
[2010/03/10 18:40:30 | 000,001,610 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\DR. WEb help.rtf
[2010/03/10 11:48:14 | 033,363,360 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\x7y58s5w.exe
[2010/03/02 15:26:08 | 000,014,336 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer Short Cuts,Error fixes,etc..xlr
[2010/03/01 22:29:43 | 000,010,752 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer, error codes, things and places to check.xlr
[2010/02/27 04:52:42 | 032,244,920 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\drweb-cureit.exe
[2010/02/26 21:46:30 | 000,008,230 | ---- | C] () -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook.ppp
[2010/02/26 04:23:44 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 17:50:26 | 000,012,288 | ---- | C] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Purchasing list.xlr
[2010/02/20 17:47:55 | 000,020,992 | ---- | C] () -- C:\Users\Charlotte\Documents\Windows BBS Post.wps
[2010/02/19 19:03:37 | 000,251,194 | ---- | C] () -- C:\Users\Charlotte\Documents\2907978_103823_1_Rebate_82285.pdf
[2010/02/18 19:15:34 | 000,009,728 | ---- | C] () -- C:\Users\Charlotte\Documents\New AT&T USBDirect Connect Service.wps
[2010/02/17 18:19:41 | 000,017,920 | ---- | C] () -- C:\Users\Charlotte\Documents\Printer info and other things.xlr
[2010/01/22 01:10:58 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/21 23:16:37 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2010/01/21 23:16:05 | 000,000,537 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/17 00:16:24 | 000,076,407 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Smiley.ico
[2009/08/16 18:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 18:24:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/31 09:42:31 | 000,000,097 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\fusioncache.dat
[2009/07/30 19:08:08 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/28 00:52:16 | 000,412,140 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistMSI07EB.txt
[2009/07/28 00:52:16 | 000,011,458 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistUI07EB.txt
[2009/05/23 08:19:15 | 000,000,022 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\kodakpcd.ini
[2009/04/19 14:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\d3d9caps.dat
[2009/03/22 14:42:11 | 000,008,248 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\en.ini
[2009/01/29 19:49:20 | 000,026,478 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\UserTile.png
[2009/01/29 19:44:38 | 000,017,172 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2009/01/28 18:28:50 | 000,003,584 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 15:53:31 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/12/26 15:53:31 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/12/26 15:53:31 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002/12/11 19:19:34 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/12/11 19:19:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 765 bytes -> C:\Users\Charlotte\Documents\6 pictures for you.eml:OECustomProperty
< End of report >

 

Ok, I did it and the line changed to Status: user set Type: string Value: http://www.google.com/search?ie=UTF-...ient&gfns=1&q= And at the bottom "lower leftside of screen shows done. And the entire line is blue. What do I do now?

 

OTL logfile created on: 3/16/2010 4:51:58 PM - Run 4
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\Charlotte\Documents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 382.20 Gb Free Space | 84.73% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.00 Gb Free Space | 40.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Charlotte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/11 02:43:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
PRC - [2009/08/05 17:46:56 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/01 13:35:38 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Upromise\UpromiseTray.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/02/20 05:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/11/03 20:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/11 02:43:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 00:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/07/02 03:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/08/05 17:46:56 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/20 06:28:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/09 07:06:54 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/07/02 03:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/02 03:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/07/02 03:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/07/02 03:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/02 03:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/05 05:31:38 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:51 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/07/02 03:11:32 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 4B 36 B9 D8 1E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.core.com/home/start
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=SOLTDF&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-...ient&gfns=1&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/14 02:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/14 02:37:08 | 000,000,000 | ---D | M]

[2009/04/05 07:18:01 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Extensions
[2010/03/14 03:54:03 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions
[2009/06/24 11:04:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/10/04 22:12:08 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2009/06/24 11:05:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/01/30 08:20:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2009/10/11 07:29:13 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/09/09 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\autopager@mozilla.org
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\FFToolbar@upromise
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\fotofox@mozilla.com
[2009/09/08 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\isreaditlater@ideashower.com
[2009/05/01 20:20:25 | 000,002,207 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\askcom.xml
[2009/04/07 12:04:56 | 000,001,632 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\live-search.xml
[2010/02/13 14:49:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/30 04:52:48 | 000,000,000 | ---D | M] (Wyyo) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{0CA8283E-056B-40D7-A343-83C84105CE78}
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-companion@mozilla.com
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-online@partners.mozilla.com
[2010/01/30 17:39:57 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2010/03/12 13:58:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [Pareto_Update] C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe File not found
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O24 - Desktop BackupWallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell - " " = AutoRun
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell\AutoRun\command - " " = F:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 04:00:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/12 04:00:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/12 04:00:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/12 04:00:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/11 02:39:31 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
[2010/03/03 00:02:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 21:58:25 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\TFC.exe
[2010/02/27 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\DoctorWeb
[2010/02/27 04:16:36 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/27 04:16:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/27 04:16:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/27 04:16:35 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/27 04:16:34 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/27 04:16:34 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/27 04:16:34 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/27 04:16:34 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/27 04:16:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/27 04:16:33 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/27 04:16:33 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/27 04:16:33 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/27 04:16:32 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/27 04:16:32 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/27 04:16:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/27 04:16:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/27 04:16:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/27 04:16:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/26 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook_images
[2010/02/26 18:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/02/26 18:39:16 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Sierra Wireless
[2010/02/26 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/02/26 18:01:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Charlotte\Documents\Desktop\HijackThisInstaller.exe
[2010/02/26 04:23:46 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Malwarebytes
[2010/02/26 04:23:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/26 04:23:40 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/26 04:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/26 04:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/26 03:27:35 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Charlotte\Documents\Desktop\mbam-setup.exe
[2010/02/24 00:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2010/02/23 22:04:27 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/23 22:04:27 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/23 22:04:27 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/23 22:04:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/23 22:04:26 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/23 22:04:26 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/23 21:19:36 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/23 21:19:36 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/17 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\Jim's Driver License

========== Files - Modified Within 30 Days ==========

[2010/03/16 16:55:25 | 003,670,016 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat
[2010/03/16 16:54:58 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/16 16:54:58 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/16 16:54:58 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/16 16:53:24 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job
[2010/03/16 16:48:51 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 16:48:50 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/03/16 16:48:50 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 16:48:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/16 16:48:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/16 16:47:52 | 000,524,288 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000001.regtrans-ms
[2010/03/16 16:47:52 | 000,065,536 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TM.blf
[2010/03/16 16:47:45 | 000,010,752 | ---- | M] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Measurements .xlr
[2010/03/16 16:47:41 | 002,378,274 | -H-- | M] () -- C:\Users\Charlotte\AppData\Local\IconCache.db
[2010/03/16 13:03:27 | 000,017,500 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2010/03/16 00:27:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/03/14 13:53:36 | 000,009,728 | ---- | M] () -- C:\Users\Charlotte\Documents\Ashley's - Need to contact about Scholarships & Grants.wps
[2010/03/14 04:11:42 | 000,017,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Internet,computer,printer information.xlr
[2010/03/14 03:37:38 | 002,754,560 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/03/14 03:37:37 | 005,931,008 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/03/13 03:11:10 | 000,112,998 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\FoxScan.exe
[2010/03/12 14:24:55 | 000,100,908 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\SystemLook.exe
[2010/03/12 13:58:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/11 23:26:46 | 001,856,748 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\Copies of ck # 3544.rtf
[2010/03/11 12:57:53 | 000,011,264 | ---- | M] () -- C:\Users\Charlotte\Documents\Abbey's State Gymnastics Meet Directions.wps
[2010/03/11 02:43:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL(2).exe
[2010/03/11 01:43:45 | 000,471,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/11 01:30:50 | 000,115,575 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\DrWeb.csv
[2010/03/10 18:40:30 | 000,001,610 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\DR. WEb help.rtf
[2010/03/10 16:33:17 | 033,363,360 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\x7y58s5w.exe
[2010/03/08 18:16:38 | 000,152,064 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/03 14:03:38 | 000,014,336 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer Short Cuts,Error fixes,etc..xlr
[2010/03/01 22:32:49 | 000,010,752 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer, error codes, things and places to check.xlr
[2010/02/28 22:00:50 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\TFC.exe
[2010/02/27 08:39:38 | 032,244,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\drweb-cureit.exe
[2010/02/26 21:51:29 | 000,008,230 | ---- | M] () -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook.ppp
[2010/02/26 18:06:31 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Charlotte\Documents\Desktop\HijackThisInstaller.exe
[2010/02/26 04:23:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/26 04:05:16 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Charlotte\Documents\Desktop\mbam-setup.exe
[2010/02/24 18:39:13 | 000,012,288 | ---- | M] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Purchasing list.xlr
[2010/02/24 17:30:08 | 000,028,160 | ---- | M] () -- C:\Users\Charlotte\Documents\Medicare, Advantage Health Ins. letter 1.28.10.wps
[2010/02/20 19:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 19:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 19:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 19:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/02/20 18:19:15 | 000,020,992 | ---- | M] () -- C:\Users\Charlotte\Documents\Windows BBS Post.wps
[2010/02/19 19:03:37 | 000,251,194 | ---- | M] () -- C:\Users\Charlotte\Documents\2907978_103823_1_Rebate_82285.pdf
[2010/02/18 19:15:34 | 000,009,728 | ---- | M] () -- C:\Users\Charlotte\Documents\New AT&T USBDirect Connect Service.wps
[2010/02/17 18:19:41 | 000,017,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Printer info and other things.xlr
[2010/02/17 14:12:25 | 000,015,872 | ---- | M] () -- C:\Users\Charlotte\Documents\College Scholarships Log Book.xlr
[2010/02/15 17:30:19 | 000,727,627 | ---- | M] () -- C:\Users\Charlotte\Documents\IMG_0002.jpg
[2010/02/15 17:30:00 | 001,475,708 | ---- | M] () -- C:\Users\Charlotte\Documents\IMG_0001.jpg

========== Files Created - No Company Name ==========

[2010/03/16 13:03:27 | 000,010,752 | ---- | C] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Measurements .xlr
[2010/03/14 13:52:54 | 000,009,728 | ---- | C] () -- C:\Users\Charlotte\Documents\Ashley's - Need to contact about Scholarships & Grants.wps
[2010/03/13 03:10:35 | 000,112,998 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\FoxScan.exe
[2010/03/12 14:23:59 | 000,100,908 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\SystemLook.exe
[2010/03/11 23:26:45 | 001,856,748 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\Copies of ck # 3544.rtf
[2010/03/11 12:57:53 | 000,011,264 | ---- | C] () -- C:\Users\Charlotte\Documents\Abbey's State Gymnastics Meet Directions.wps
[2010/03/11 01:30:50 | 000,115,575 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\DrWeb.csv
[2010/03/10 18:40:30 | 000,001,610 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\DR. WEb help.rtf
[2010/03/10 11:48:14 | 033,363,360 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\x7y58s5w.exe
[2010/03/02 15:26:08 | 000,014,336 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer Short Cuts,Error fixes,etc..xlr
[2010/03/01 22:29:43 | 000,010,752 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer, error codes, things and places to check.xlr
[2010/02/27 04:52:42 | 032,244,920 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\drweb-cureit.exe
[2010/02/26 21:46:30 | 000,008,230 | ---- | C] () -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook.ppp
[2010/02/26 04:23:44 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 17:50:26 | 000,012,288 | ---- | C] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Purchasing list.xlr
[2010/02/20 17:47:55 | 000,020,992 | ---- | C] () -- C:\Users\Charlotte\Documents\Windows BBS Post.wps
[2010/02/19 19:03:37 | 000,251,194 | ---- | C] () -- C:\Users\Charlotte\Documents\2907978_103823_1_Rebate_82285.pdf
[2010/02/18 19:15:34 | 000,009,728 | ---- | C] () -- C:\Users\Charlotte\Documents\New AT&T USBDirect Connect Service.wps
[2010/02/17 18:19:41 | 000,017,920 | ---- | C] () -- C:\Users\Charlotte\Documents\Printer info and other things.xlr
[2010/01/22 01:10:58 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/21 23:16:37 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2010/01/21 23:16:05 | 000,000,537 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/17 00:16:24 | 000,076,407 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Smiley.ico
[2009/08/16 18:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 18:24:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/31 09:42:31 | 000,000,097 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\fusioncache.dat
[2009/07/30 19:08:08 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/28 00:52:16 | 000,412,140 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistMSI07EB.txt
[2009/07/28 00:52:16 | 000,011,458 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistUI07EB.txt
[2009/05/23 08:19:15 | 000,000,022 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\kodakpcd.ini
[2009/04/19 14:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\d3d9caps.dat
[2009/03/22 14:42:11 | 000,008,248 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\en.ini
[2009/01/29 19:49:20 | 000,026,478 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\UserTile.png
[2009/01/29 19:44:38 | 000,017,500 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2009/01/28 18:28:50 | 000,003,584 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 15:53:31 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/12/26 15:53:31 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/12/26 15:53:31 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002/12/11 19:19:34 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/12/11 19:19:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 765 bytes -> C:\Users\Charlotte\Documents\6 pictures for you.eml:OECustomProperty
< End of report >

here ya go, thanks again.