Solved Bing.Zugo doing something different

Blue Skys · 2010/03/28

[Resolved] Bing.Zugo doing something different

Greetings to all: No real big problems, but I am afraid it may become larger issue if I don't get help now.

Today, I typed in windowsbbc.com in the address bar......this replaced my input.
http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=http://bing.zugotoolbar.com/s/?
and my screen popped up 414 Request - URI Tool Large
I X'ed out the tab, entered the same thing again. And went straight to your site, no problem.

Now something new for Bing.Zugo:
Redirecting WITHIN a Website
Today (also)
I was trying to get to HP to look at a printer this is happened. In address bar I typed in HP.com. I Went directly to HP, and was in the site. The wierd problem did not arise until I was "IN" the site.
On HP drop down list, I highlighted "Printers "
http://www.hp.com/#.
The screen blinked again and I ended up with this:
http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=hp.com/#Produc
I hit the back button and the screen blinked again and I ended up here:
http://www.bing.com/search?q=http://shop.upromise.com/click.do?olmid=HPSHPP001&pc=ZUGO&form=ZGAIDF
I closed the UPROMISE banner at the top of the screen, then used my "back arrow" button:
and ended up at a search page and this at the top of the screen:
http://bing.zugotoolbar.com/s/?iesr...cess.do?template_type=landing&landing=printer
I hit my back "back arrow" went back to original HP screen.Deciding not to bother looking up the exact printer, I went to the list at bottom of the HP home screen and hit the Product Support button and response was: http://www.bing.com/search?q=http:/...t.html?pageDisplay=suppor&pc=ZUGO&form=ZGAIDF

Since I last spoke with Broni (In the WindowsBBS Site)/ I have only ran updates for my Avira AntiVir Personal - Virus scanner, Microsoft updates and Malwarebytes updates. I have been afraid to download anything else thinking of hidden items. I haven't even installed the updates for "Firefox" and My Adobe Reader. I receive automatic updates on some programs.

Two Expectations

On March 24, 2010:
I opened a post at the WindowsBBS (Other Software)category. ARIE "Admin in "Other Software ", and "Wildfire" - another Guru there needed, me to download a software program "SIW" software. It bothered me, but, I did it for them. I had a lot of trouble getting it to download, but finally got it. But, during installation, A box appeared received a window asking if I wanted to download "Registry Booster "? The box was already check-marked and highlighted. I asked Wildfire what the program was, and is it safe. And the download was completing as we spoke. I DID NOT get an answer, to the safety issue of the software. I decided not to install it on my pc. I got the pop up window saying it was ready to install, I just used the "X" to close the box. I assumed you would have to install it before it could be a threat. Am I correct or in error??

Wildfire in Post 13 "Err, who mentioned Lansweeper," I know it's prominently displayed on gtopala's page but if you read the link Arie supplied, you'll realize that you downloaded the wrong program. It is in "Landsweeper" you'll find the "Registry Booster ". Landsweeper did not load, but the i guess "Registry Booster" did ( did not install it, but it shows in my desktop menu when you hit the start button. I also assumed that since I did not get a response to my question about the safety of the software, and, coming from a Windows BBS recommend site, it would be clean. site

The only other thing I've installed is an update to my Antivirus Software to V. 10.0051.632.

And thanks for all of the help again.

My DDS Scan follows:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/26/2008 7:02:03 AM
System Uptime: 3/27/2010 12:37:55 PM (28 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2500/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 347.323 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.988 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

==== System Restore Points ===================

RP352: 3/2/2010 9:48:06 AM - Windows Update
RP353: 3/5/2010 4:56:29 AM - Windows Update
RP354: 3/5/2010 12:13:09 PM - Installed AT&T Communication Manager.
RP355: 3/8/2010 9:47:31 AM - Windows Update
RP356: 3/8/2010 7:25:38 PM - Windows Backup
RP357: 3/11/2010 2:18:39 AM - Scheduled Checkpoint
RP358: 3/11/2010 3:00:11 AM - Windows Update
RP359: 3/11/2010 9:50:00 AM - Windows Update
RP360: 3/12/2010 12:00:02 AM - Scheduled Checkpoint
RP361: 3/12/2010 3:00:11 AM - Windows Update
RP362: 3/13/2010 12:33:29 AM - Scheduled Checkpoint
RP363: 3/13/2010 11:02:55 AM - Windows Backup
RP364: 3/14/2010 2:44:28 PM - Scheduled Checkpoint
RP365: 3/16/2010 12:00:03 AM - Scheduled Checkpoint
RP366: 3/16/2010 12:12:40 PM - Windows Update
RP367: 3/17/2010 1:36:20 AM - Installed AT&T Communication Manager.
RP368: 3/17/2010 1:41:03 AM - Windows Update
RP369: 3/17/2010 4:11:50 PM - Installed AT&T Communication Manager.
RP370: 3/18/2010 12:14:32 PM - Windows Update
RP371: 3/18/2010 1:18:45 PM - Installed AT&T Communication Manager.
RP372: 3/20/2010 12:00:04 AM - Scheduled Checkpoint
RP373: 3/20/2010 8:34:34 PM - Windows Backup
RP374: 3/22/2010 11:47:53 AM - Scheduled Checkpoint
RP375: 3/22/2010 1:08:14 PM - Windows Update
RP376: 3/23/2010 6:00:03 PM - Windows Update
RP377: 3/25/2010 9:47:33 AM - Windows Update
RP378: 3/26/2010 2:02:02 AM - Installed AT&T Communication Manager.
RP379: 3/26/2010 3:01:47 AM - Installed AT&T Communication Manager.
RP380: 3/26/2010 6:13:57 PM - Scheduled Checkpoint
RP381: 3/27/2010 1:10:14 PM - Scheduled Checkpoint
RP382: 3/27/2010 3:44:06 PM - Installed AT&T Communication Manager.

==== Installed Programs ======================

AbiWord 2.6.4
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.1
APC PowerChute Personal Edition
Apple Application Support
Apple Software Update
Art Explosion Greeting Card Factory Express
Art Explosion Scrapbook Factory
Avira AntiVir Personal - Free Antivirus
Browser Address Error Redirector
Canon MP Navigator EX 1.0
Canon MX310 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CCScore
Choice Guard
Clip Art Collection
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell Best of Web
Dell Driver Download Manager
Dell Getting Started Guide
Digital Line Detect
EDocs
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
EZ Cards (remove only)
fflink
FoxyTunes for Firefox
Frosty Games
Gimp 2.6.2 Debug
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InstallMgr
Java(TM) 6 Update 17
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Research AutoCollage 2008 version 1.1
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NetWaiting
Notifier
OfotoXMI
Photo Explosion SE
Quicken WillMaker Plus 2005
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scrapbook Flair
Scrapbooks Please Uploader
SFR
SHASTA
SIW version 2010.03.10
SKIN0001
SKINXSDK
staticcr
tooltips
Uniblue RegistryBooster 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Upromise TurboSaver (remove only)
VPRINTOL
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/25/2010 12:23:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/25/2010 12:23:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2010 12:23:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/25/2010 12:08:06 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document 8606.pdf, owned by Charlotte, failed to print on printer Canon MX310 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 393216. Number of bytes printed: 208952. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 1. Incorrect function.
3/22/2010 11:38:03 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Carmel Turf Care - Demand Letter.wps, owned by Charlotte, failed to print on printer Canon MX310 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 16012. Total number of pages in the document: 4. Number of pages printed: 1. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 259. No more data is available.
3/22/2010 11:36:50 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Carmel Turf Care - Demand Letter.wps, owned by Charlotte, failed to print on printer Canon MX310 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 58036. Number of bytes printed: 16012. Total number of pages in the document: 4. Number of pages printed: 1. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 259. No more data is available.
3/22/2010 11:27:37 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Carmel Turf Care - Demand Letter.wps, owned by Charlotte, failed to print on printer Canon MX310 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 75532. Number of bytes printed: 17544. Total number of pages in the document: 4. Number of pages printed: 1. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
3/22/2010 11:25:50 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Carmel Turf Care - Demand Letter.wps, owned by Charlotte, failed to print on printer Canon MX310 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 75532. Number of bytes printed: 17640. Total number of pages in the document: 4. Number of pages printed: 1. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 259. No more data is available.
3/22/2010 11:17:09 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Untitled, owned by Charlotte, failed to print on printer Canon MX310 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 74596. Number of bytes printed: 17924. Total number of pages in the document: 4. Number of pages printed: 1. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSX64
Run by Charlotte at 16:26:41.78 on Sun 03/28/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1513 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Charlotte\Documents\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files (x86)\search toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\4.1.805.1852\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files (x86)\upromise\dca-bho.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files (x86)\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files (x86)\upromise\upromisetoolbar.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files (x86)\search toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files (x86)\upromise\upromisetoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files (x86)\search toolbar\tbcore3.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Upromise Tray] c:\program files (x86)\upromise\UpromiseTray.exe
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\charlo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files (x86)\digital line detect\DLG.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files (x86)\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files (x86)\upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: google.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {3F571984-8185-4021-8231-3C596A17027E} = 64.179.43.190 69.95.31.250
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [CanonSolutionMenu] "c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

================= FIREFOX ===================

FF - ProfilePath - c:\users\charlo~1\appdata\roaming\mozilla\firefox\profiles\zh5wtzxu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - component: c:\users\charlotte\appdata\roaming\mozilla\firefox\profiles\zh5wtzxu.default\extensions\{896642e4-c556-4ed3-85d1-9ac431603e7d}\components\Engine.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-12-26 53488]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-12-26 86016]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-7-28 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-7-28 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-28 81072]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2008-12-26 411136]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-16 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~2\trendm~1\intern~1\tmpfw.exe --> c:\progra~2\trendm~1\intern~1\TmPfw.exe [?]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-03-27 19:44:50 0 d-----w- c:\program files (x86)\common files\Research In Motion
2010-03-27 16:39:56 0 d-----w- c:\users\charlo~1\appdata\roaming\Avira
2010-03-24 00:20:28 0 d-----w- c:\program files (x86)\Uniblue
2010-03-23 23:51:23 0 d-----w- c:\users\charlo~1\appdata\roaming\OpenCandy
2010-03-23 23:51:20 0 d-----w- c:\program files (x86)\SIW
2010-03-18 16:00:54 0 d-----w- c:\program files (x86)\CCleaner
2010-03-12 08:00:41 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 08:00:41 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-03-12 08:00:40 620032 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 08:00:40 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 08:00:40 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-03-03 04:02:13 0 d-----w- C:\_OTL
2010-02-27 20:51:52 0 d-----w- c:\users\charlotte\DoctorWeb
2010-02-26 22:39:16 0 d-----w- c:\users\charlo~1\appdata\roaming\Sierra Wireless
2010-02-26 22:06:51 0 d-----w- c:\program files (x86)\Trend Micro

==================== Find3M ====================

2010-03-25 15:58:46 17750 ----a-w- c:\users\charlo~1\appdata\roaming\wklnhst.dat
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 17:24:00 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-25 12:10:22 538624 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:10:03 539136 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:08:59 460288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\syswow64\msdrm.dll
2010-01-25 08:29:35 413696 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:29:31 600576 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:29:31 409600 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:29:28 599552 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:20 526336 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-23 09:44:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 09:26:13 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-06 16:00:02 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:58:36 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-01-06 14:03:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-01-02 07:08:29 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 07:03:21 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 07:03:21 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-02 06:38:04 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-02 06:36:10 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-01-02 06:33:34 5942784 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-02 06:33:32 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-01-02 06:33:32 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-02 06:32:51 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-01-02 06:32:33 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-01-02 06:32:33 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-01-02 06:32:32 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-01-02 06:32:32 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-01-02 06:32:32 11070464 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-02 06:32:26 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-02 05:25:39 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-02 04:57:00 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-01-02 04:56:50 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-01-02 04:56:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-12-09 21:24:52 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-09 21:24:52 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 06:27:19 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-28 06:27:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-15 00:59:27 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-15 00:59:27 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-15 00:59:27 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-11-09 20:08:07 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-16 15:15:08 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-12-26 19:28:01 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:27:01.22 ===============

broni · 2010/03/28

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scan.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Blue Skys · 2010/03/31

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3938

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/31/2010 6:06:36 PM
mbam-log-2010-03-31 (18-06-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 252330
Time elapsed: 53 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blue Skys · 2010/04/04

Greetings, I'm sorry I have not finished your request. I've been away for a couple of days. I will start over your request, so the reports will be current. Thanks for being there.

broni · 2010/04/04

No problem

Blue Skys · 2010/04/04

Broni: Can you tell me what this report means. I was trying to copy information from Indiana University and paste it to Works and my PC kept saying "my Works is not responding and it would check Microsoft for a solution ", then came back and said my DEP file found a problem and shut down my program ". I went back to the same IU website and right clicked went to "DOM Source a selection, went to Help and clicked on Troubleshooting (all of this is in Firfox), and this report showed up. I Noticed that the URL in this report shows "Bing.Zugo toolbar again ".

Could you decipher this report for me. I am still working on getting the reports to you. I have a deadline at Indiana University so this had to come first.

Troubleshooting Information

This page contains technical information that might be useful when you're
trying to solve a problem. If you are looking for answers to common questions
about Firefox, check out our support web site.

Copy all to clipboard

Application Basics

Name

Firefox

Version

3.6.2

Profile Directory

Open Containing Folder

Installed Plugins

aboutlugins

Build Configuration

about:buildconfig

Extensions

Name

Version

Enabled

ID

AutoPager 0.5.3.5 false autopager@mozilla.org
Fire.fm 1.3 true {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
Forecastfox 0.9.10.1 true {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
Fotofox 1.5 false fotofox@mozilla.com
FoxyTunes 3.5.9 false {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
Interclue 1.6.1.2 false {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
Java Console 6.0.13 true {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Java Console 6.0.15 true {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Java Console 6.0.17 true {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Kodak EasyShare Gallery Companion 1.0.9.2 false kodak-companion@mozilla.com
Kodak Gallery Companion Settings 1.0 false kodak-online@partners.mozilla.com
Microsoft .NET Framework Assistant 1.1 true {20a82645-c095-46ed-80e3-08825760534b}
Read it Later 0.9947 false isreaditlater@ideashower.com
Send Page By Email 0.6.3 false {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
Upromise TurboSaver 6.2.2.1363 true FFToolbar@upromise
Wyyo 1.0 false {0CA8283E-056B-40D7-A343-83C84105CE78}
Search Toolbar 1.0.4 true {896642E4-C556-4ED3-85D1-9AC431603E7D}

Modified Preferences

Name

Value

accessibility.blockautorefresh true
accessibility.typeaheadfind.flashBar 0
browser.history_expire_days 4
browser.history_expire_days.mirror 4
browser.history_expire_days_min 10
browser.places.importBookmarksHTML false
browser.places.importDefaults false
browser.places.leftPaneFolderId -1
browser.places.migratePostDataAnnotations false
browser.places.smartBookmarksVersion 2
browser.places.updateRecentTagsUri false
browser.startup.homepage_override.mstone rv:1.9.2.2
browser.tabs.loadInBackground false
extensions.lastAppVersion 3.6.2
font.minimum-size.x-western 14
font.size.fixed.x-western 18
font.size.variable.x-western 18
general.useragent.extra.microsoftdotnet (.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
javascript.options.showInConsole true
keyword.URL http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
network.cookie.cookieBehavior 1
network.cookie.prefsMigrated true
places.last_vacuum 1269809406
print.print_printer Canon MX310 series Printer
print.printer_Canon_MX310_series_Printer.print_bgcolor true
print.printer_Canon_MX310_series_Printer.print_bgimages true
print.printer_Canon_MX310_series_Printer.print_command
print.printer_Canon_MX310_series_Printer.print_downloadfonts false
print.printer_Canon_MX310_series_Printer.print_edge_bottom 0
print.printer_Canon_MX310_series_Printer.print_edge_left 0
print.printer_Canon_MX310_series_Printer.print_edge_right 0
print.printer_Canon_MX310_series_Printer.print_edge_top 0
print.printer_Canon_MX310_series_Printer.print_evenpages true
print.printer_Canon_MX310_series_Printer.print_footercenter
print.printer_Canon_MX310_series_Printer.print_footerleft &PT
print.printer_Canon_MX310_series_Printer.print_footerright &D
print.printer_Canon_MX310_series_Printer.print_headercenter
print.printer_Canon_MX310_series_Printer.print_headerleft
print.printer_Canon_MX310_series_Printer.print_headerright
print.printer_Canon_MX310_series_Printer.print_in_color true
print.printer_Canon_MX310_series_Printer.print_margin_bottom 0
print.printer_Canon_MX310_series_Printer.print_margin_left 0
print.printer_Canon_MX310_series_Printer.print_margin_right 0
print.printer_Canon_MX310_series_Printer.print_margin_top 0
print.printer_Canon_MX310_series_Printer.print_oddpages true
print.printer_Canon_MX310_series_Printer.print_orientation 0
print.printer_Canon_MX310_series_Printer.print_pagedelay 500
print.printer_Canon_MX310_series_Printer.print_paper_data 1
print.printer_Canon_MX310_series_Printer.print_paper_height 11.00
print.printer_Canon_MX310_series_Printer.print_paper_size_type 0
print.printer_Canon_MX310_series_Printer.print_paper_size_unit 0
print.printer_Canon_MX310_series_Printer.print_paper_width 8.50
print.printer_Canon_MX310_series_Printer.print_reversed false
print.printer_Canon_MX310_series_Printer.print_scaling 1.00
print.printer_Canon_MX310_series_Printer.print_shrink_to_fit true
print.printer_Canon_MX310_series_Printer.print_to_file false
print.printer_Canon_MX310_series_Printer.print_unwriteable_margin_bottom 0
print.printer_Canon_MX310_series_Printer.print_unwriteable_margin_left 0
print.printer_Canon_MX310_series_Printer.print_unwriteable_margin_right 0
print.printer_Canon_MX310_series_Printer.print_unwriteable_margin_top 0
print.printer_Microsoft_XPS_Document_Writer.print_bgcolor false
print.printer_Microsoft_XPS_Document_Writer.print_bgimages false
print.printer_Microsoft_XPS_Document_Writer.print_command
print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts false
print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom 0
print.printer_Microsoft_XPS_Document_Writer.print_edge_left 0
print.printer_Microsoft_XPS_Document_Writer.print_edge_right 0
print.printer_Microsoft_XPS_Document_Writer.print_edge_top 0
print.printer_Microsoft_XPS_Document_Writer.print_evenpages true
print.printer_Microsoft_XPS_Document_Writer.print_footercenter
print.printer_Microsoft_XPS_Document_Writer.print_footerleft &PT
print.printer_Microsoft_XPS_Document_Writer.print_footerright &D
print.printer_Microsoft_XPS_Document_Writer.print_headercenter
print.printer_Microsoft_XPS_Document_Writer.print_headerleft &T
print.printer_Microsoft_XPS_Document_Writer.print_headerright &U
print.printer_Microsoft_XPS_Document_Writer.print_in_color true
print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom 0
print.printer_Microsoft_XPS_Document_Writer.print_margin_left 0
print.printer_Microsoft_XPS_Document_Writer.print_margin_right 0
print.printer_Microsoft_XPS_Document_Writer.print_margin_top 0
print.printer_Microsoft_XPS_Document_Writer.print_oddpages true
print.printer_Microsoft_XPS_Document_Writer.print_orientation 1
print.printer_Microsoft_XPS_Document_Writer.print_pagedelay 500
print.printer_Microsoft_XPS_Document_Writer.print_paper_data 1
print.printer_Microsoft_XPS_Document_Writer.print_paper_height 11.00
print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type 0
print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit 0
print.printer_Microsoft_XPS_Document_Writer.print_paper_width 8.50
print.printer_Microsoft_XPS_Document_Writer.print_reversed false
print.printer_Microsoft_XPS_Document_Writer.print_scaling 1.00
print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit false
print.printer_Microsoft_XPS_Document_Writer.print_to_file false
print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom 0
print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left 0
print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right 0
print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top 0
privacy.popups.showBrowserMessage false
privacy.sanitize.migrateFx3Prefs true
privacy.sanitize.timeSpan 0
security.warn_submit_insecure true
security.warn_viewing_mixed false

Thanks for your help a bunch!!!

broni · 2010/04/04

Don't worry about those now.
Please, complete steps from my reply #2.

Blue Skys · 2010/04/04

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3938

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

4/5/2010 12:36:10 AM
mbam-log-2010-04-05 (00-36-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 252247
Time elapsed: 50 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/04/05

OK, go ahead....

Blue Skys · 2010/04/05

Broni: I downloaded GMER , ran the scan and all I got was "GMER found no modifactions ". I tried to save the little pop up but you had to say OK before you could hit save, I hit OK then save, I typed in the file name ..gmer.cog.log, opened the notepad and nothing was there. I tried to open, save, but nothing was there. So, If I can do something else, or tried it another way, just let me know.

As always, thanks for the help. Let me know what to do next, please.

Blue Skys · 2010/04/05

Woops, sorry, HijackThis log is coming.

broni · 2010/04/05

Ok.....

Blue Skys · 2010/04/05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:49 AM, on 4/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10312 bytes
I'm sorry it took so long to get this to you. I had a phone line problem, and had to call in a trouble ticket to AT&T. They found they had a major problem, and we have had only backup phone service since 3:35 A.M. today.

But, here is my HijackThis log from last night. And, really, I thank you so very much for your patience and helping me so much.

Let me know if what I need to do next. I hope you had a nice holiday, and have had a great day.

Blue Skys · 2010/04/05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:49 AM, on 4/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10312 bytes
I'm sorry it took so long to get this to you. I had a phone line problem, and had to call in a trouble ticket to AT&T. They found they had a major problem, and we have had only backup phone service since 3:35 A.M. today.

But, here is my HijackThis log from last night. And, really, I thank you so very much for your patience and helping me so much.

Let me know if what I need to do next. I hope you had a nice holiday, and have had a great day.

broni · 2010/04/05

Thank you and you're welcome

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Blue Skys · 2010/04/06

Here is the OTL.txt file
OTL logfile created on: 4/6/2010 5:45:06 PM - Run 5
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Charlotte\Documents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 342.87 Gb Free Space | 76.01% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.02 Gb Free Space | 41.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Charlotte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/06 16:30:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
PRC - [2010/04/04 13:04:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/01 13:35:38 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Upromise\UpromiseTray.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/02/20 05:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/11/03 20:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (SafeList) ==========

MOD - [2010/04/06 16:30:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 00:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/07/02 03:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/20 06:28:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 4B 36 B9 D8 1E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.core.com/home/start
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=SOLTDF&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/04 13:04:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/04 13:04:45 | 000,000,000 | ---D | M]

[2009/04/05 07:18:01 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Extensions
[2010/04/06 15:30:50 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions
[2009/06/24 11:04:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/10/04 22:12:08 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2009/06/24 11:05:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009/10/11 07:29:13 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/09/09 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\autopager@mozilla.org
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\FFToolbar@upromise
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\fotofox@mozilla.com
[2009/09/08 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\isreaditlater@ideashower.com
[2009/05/01 20:20:25 | 000,002,207 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\askcom.xml
[2009/04/07 12:04:56 | 000,001,632 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\live-search.xml
[2010/04/04 14:08:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/30 04:52:48 | 000,000,000 | ---D | M] (Wyyo) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{0CA8283E-056B-40D7-A343-83C84105CE78}
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-companion@mozilla.com
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-online@partners.mozilla.com
[2010/01/30 17:39:57 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2010/03/25 11:34:19 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O24 - Desktop BackupWallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell - " " = AutoRun
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell\AutoRun\command - " " = F:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 23:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 23:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/06 16:26:02 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
[2010/04/04 14:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/31 13:41:05 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\IU RESDENTIAL MAP_files
[2010/03/27 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2010/03/27 12:39:56 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Avira
[2010/03/27 12:36:05 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/03/27 12:36:05 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/03/27 12:36:05 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/03/23 20:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/03/23 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\OpenCandy
[2010/03/23 19:51:23 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\OpenCandy
[2010/03/23 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010/03/23 19:49:09 | 002,344,521 | ---- | C] (Topala Software Solutions ) -- C:\Users\Charlotte\Documents\Desktop\siw-setup(8).exe

========== Files - Modified Within 14 Days ==========

[2010/04/06 17:44:36 | 003,670,016 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat
[2010/04/06 17:35:52 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job
[2010/04/06 17:04:59 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 17:04:59 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 16:30:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
[2010/04/06 13:27:39 | 000,008,248 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\en.ini
[2010/04/06 13:05:11 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/04/06 13:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/05 14:56:01 | 000,018,090 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2010/04/05 03:17:49 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/05 03:17:49 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/05 03:17:49 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/05 03:11:58 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/04/05 03:11:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/05 03:11:03 | 000,524,288 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000001.regtrans-ms
[2010/04/05 03:11:03 | 000,065,536 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TM.blf
[2010/04/05 03:11:00 | 004,093,024 | -H-- | M] () -- C:\Users\Charlotte\AppData\Local\IconCache.db
[2010/04/05 01:23:16 | 000,293,376 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\p5tj8di3.exe
[2010/04/05 01:01:54 | 005,934,080 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/04/05 01:01:54 | 002,756,608 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/04/05 00:58:09 | 000,014,848 | ---- | M] () -- C:\Users\Charlotte\Documents\IU info.xlr
[2010/04/04 14:28:34 | 000,016,896 | ---- | M] () -- C:\Users\Charlotte\Documents\IU General Information.wps
[2010/03/31 22:47:39 | 000,467,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/31 13:41:16 | 000,152,064 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 16:42:12 | 000,011,264 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer Virus Help Menu.xlr
[2010/03/27 06:32:03 | 042,281,152 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\avira_antivir_personal_en.exe
[2010/03/25 12:23:30 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/25 11:58:46 | 000,124,416 | ---- | M] () -- C:\Users\Charlotte\Documents\My Life Journal.wps
[2010/03/25 11:34:19 | 000,000,806 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/23 19:53:01 | 000,000,782 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\SIW.lnk
[2010/03/23 19:49:22 | 002,344,521 | ---- | M] (Topala Software Solutions ) -- C:\Users\Charlotte\Documents\Desktop\siw-setup(8).exe

========== Files Created - No Company Name ==========

[2010/04/05 01:19:18 | 000,293,376 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\p5tj8di3.exe
[2010/04/05 00:58:09 | 000,014,848 | ---- | C] () -- C:\Users\Charlotte\Documents\IU info.xlr
[2010/04/04 14:28:34 | 000,016,896 | ---- | C] () -- C:\Users\Charlotte\Documents\IU General Information.wps
[2010/03/29 16:36:00 | 000,011,264 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer Virus Help Menu.xlr
[2010/03/27 12:34:34 | 000,423,208 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistMSI7D9B.txt
[2010/03/27 12:34:33 | 000,013,290 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistUI7D9B.txt
[2010/03/27 00:13:38 | 042,281,152 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\avira_antivir_personal_en.exe
[2010/03/25 12:23:30 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/25 11:56:34 | 000,124,416 | ---- | C] () -- C:\Users\Charlotte\Documents\My Life Journal.wps
[2010/03/23 19:53:01 | 000,000,782 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\SIW.lnk
[2010/02/06 11:04:06 | 000,002,146 | ---- | C] () -- C:\Users\Charlotte\.recently-used.xbel
[2010/01/22 01:10:58 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/21 23:16:37 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2010/01/21 23:16:05 | 000,000,537 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/17 00:16:24 | 000,076,407 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Smiley.ico
[2009/08/16 18:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 18:24:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/31 09:42:31 | 000,000,097 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\fusioncache.dat
[2009/07/30 19:08:08 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/28 00:52:16 | 000,412,140 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistMSI07EB.txt
[2009/07/28 00:52:16 | 000,011,458 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistUI07EB.txt
[2009/06/10 10:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000002.regtrans-ms
[2009/06/10 10:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000001.regtrans-ms
[2009/06/10 10:06:11 | 000,065,536 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TM.blf
[2009/05/23 08:19:15 | 000,000,022 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\kodakpcd.ini
[2009/04/20 06:20:41 | 000,061,224 | ---- | C] () -- C:\Users\Charlotte\GoToAssistDownloadHelper.exe
[2009/04/19 14:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\d3d9caps.dat
[2009/04/08 08:13:26 | 000,710,144 | -HS- | C] () -- C:\Users\Charlotte\ehthumbs_vista.db
[2009/03/22 14:42:11 | 000,008,248 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\en.ini
[2009/02/22 00:44:55 | 000,000,000 | ---- | C] () -- C:\Users\Charlotte\Sti_Trace.log
[2009/01/29 19:49:20 | 000,026,478 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\UserTile.png
[2009/01/29 19:44:38 | 000,018,090 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2009/01/28 18:28:50 | 000,003,584 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/28 18:03:21 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009/01/28 18:03:21 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/01/28 18:03:21 | 000,262,144 | -H-- | C] () -- C:\Users\Charlotte\ntuser.dat.LOG1
[2009/01/28 18:03:21 | 000,065,536 | -HS- | C] () -- C:\Users\Charlotte\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/01/28 18:03:21 | 000,000,020 | -HS- | C] () -- C:\Users\Charlotte\ntuser.ini
[2009/01/28 18:03:21 | 000,000,000 | -H-- | C] () -- C:\Users\Charlotte\ntuser.dat.LOG2
[2009/01/28 18:03:20 | 003,670,016 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat
[2008/12/26 15:53:31 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/12/26 15:53:31 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/12/26 15:53:31 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002/12/11 19:19:34 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/12/11 19:19:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== LOP Check ==========

[2010/01/30 08:49:57 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Blitware
[2010/02/28 01:36:07 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Canon
[2010/02/04 02:41:12 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Clip Art Collection
[2009/10/12 23:16:35 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/10 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\DriverCure
[2010/01/30 12:23:33 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\E-centives
[2009/08/19 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Free-backup.info
[2010/02/06 11:04:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\gtk-2.0
[2009/11/10 12:45:05 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\licenses
[2010/03/26 02:47:04 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\OpenCandy
[2009/11/10 02:19:49 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PCMM2009
[2010/02/13 14:15:59 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PeerNetworking
[2009/04/07 19:45:47 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Shape games
[2010/02/26 18:39:16 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Sierra Wireless
[2009/05/12 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SmartDraw
[2009/07/29 07:15:43 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SPAMfighter
[2009/01/29 19:44:39 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Template
[2009/11/10 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Uniblue
[2009/08/01 07:35:57 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\upromise
[2009/09/20 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\WeatherBug
[2009/04/07 11:39:50 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Windows Live Writer
[2010/04/06 13:05:11 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2010/04/05 03:11:06 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/06 17:35:52 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/12/26 15:25:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/12/26 15:25:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 765 bytes -> C:\Users\Charlotte\Documents\6 pictures for you.eml:OECustomProperty
< End of report >

Blue Skys · 2010/04/06

I cannot find the EXTRAS.txt file. My OTL and the OTL.txt file is on my desktop, but not the other file. I did a search and did not find it either. Is there another way to look it up or find it?

Please let me know what else I can do to find the file. Thanks a lot.

broni · 2010/04/06

Don't worry about Extras for now.

Open Firefox
Go to Tools>Add-ons
Select the add-on with the name "Search Tool "
Click on "Uninstall "
Restart Firefox

Next

Go to Start > Control Panel > Programs & Features
Scroll down till you find " Search Tool" (if it is still there)
Select > Remove

===================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
FF - prefs.js..keyword.URL:  "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= "
O4:64bit: - HKLM..\Run: [Skytel] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell - " " = AutoRun
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell\AutoRun\command - " " = F:\WIN\setup.exe -- File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Blue Skys · 2010/04/07

In my add-on's the only item there that even remotely looks like a search tool is "Wyyo 1.0" and it is grey'd out. The only option open to me on this add on is to enable it. Do you want me to enable it and then uninstall??

Just let me know. I don't want to add to our problems by doing something dumb. Thanks again for all of your time and efforts.

broni · 2010/04/07

I can't find any info about Wyyo 1.0, so you may as well enable it an d uninstall.

Log in or Sign up

Solved Bing.Zugo doing something different

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Bing.Zugo doing something different

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches