Solved Bing.Zugo doing something different

Blue Skys · 2010/04/07

Thanks and you I'll get it done,

broni · 2010/04/07

Ok ...

Blue Skys · 2010/04/08

I enabled the Wyyo 1.0, but the uninstall button was still grayed out. Found this on the web when trying to figure out how to uninstall:

How to remove WYYO.exe :: HKACTIVITY.COM
Jul 27, 2009 ... How to remove WYYO.exe. Some of you may have been affected by a virus which is known as WYYO.exe. It is actually a dangerous virus which can ...
www.hkactivity.com/how-to-remove-wyyo-exe/ - Cached - Similar

Did nothing (due to storm knocking out internet,last night). My first look at the pc this a.m., my Avira (antivirus software) found it. Here is the report from my pc. But nothing showing about Wyyo in the log.

Avira AntiVir Personal
Report file date: Thursday, April 08, 2010 08:22

Scanning for 1980065 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-PC

Version information:
BUILD.DAT : 10.0.0.561 32098 Bytes 3/18/2010 15:46:00
AVSCAN.EXE : 10.0.2.3 433832 Bytes 3/7/2010 21:57:10
AVSCAN.DLL : 10.0.2.2 45928 Bytes 3/2/2010 16:48:47
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 10:19:12
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 10:19:12
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:56:41
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 19:52:10
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:35:33
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:35:41
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:35:46
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:35:50
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:35:54
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:35:58
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:36:02
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:36:05
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:36:09
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 15:59:54
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 16:01:26
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 02:41:07
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 15:04:44
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 15:05:57
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 15:00:31
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 16:27:19
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 16:28:07
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 16:28:52
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 16:29:48
VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 16:31:51
VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 16:33:41
VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 16:35:06
VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 17:00:34
VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 03:31:49
VBASE028.VDF : 7.10.6.35 2048 Bytes 4/6/2010 03:31:51
VBASE029.VDF : 7.10.6.36 2048 Bytes 4/6/2010 03:31:52
VBASE030.VDF : 7.10.6.37 2048 Bytes 4/6/2010 03:31:54
VBASE031.VDF : 7.10.6.41 231936 Bytes 4/7/2010 03:33:41
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/24/2010 07:39:58
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/2/2010 17:09:11
AESCN.DLL : 8.1.5.0 127347 Bytes 2/28/2010 16:17:05
AESBX.DLL : 8.1.2.1 254323 Bytes 3/18/2010 15:54:44
AERDL.DLL : 8.1.4.3 541043 Bytes 3/18/2010 15:50:22
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/31/2010 16:49:31
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/18/2010 15:48:00
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/31/2010 16:47:49
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/2/2010 17:06:30
AEGEN.DLL : 8.1.3.6 373108 Bytes 4/2/2010 17:05:42
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/4/2009 09:10:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/2/2010 17:04:21
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
AVREG.DLL : 10.0.1.2 52072 Bytes 1/29/2010 15:47:41
AVSCPLR.DLL : 10.0.2.3 83304 Bytes 3/7/2010 22:02:30
AVARKT.DLL : 10.0.0.13 227176 Bytes 3/7/2010 21:48:41
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.46.0 97128 Bytes 3/5/2010 14:09:41

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4c9dc3e2\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Integrity checking of system files..: on
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Thursday, April 08, 2010 08:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IELowutil.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'apcsystray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'UpromiseTray.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'mainserv.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'DockLogin.exe' - '1' Module(s) have been scanned

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting the file scan:

Begin scan in 'C:\Program Files (x86)\Search Toolbar\tbhelper.dll'
C:\Program Files (x86)\Search Toolbar\tbhelper.dll
[DETECTION] Is the TR/BHO.2771120 Trojan
[NOTE] A backup was created as '48496bee.qua' ( QUARANTINE )
[NOTE] The file was moved to the quarantine directory under the name '50de4461.qua'.

End of the scan: Thursday, April 08, 2010 08:22
Used time: 00:06 Minute(s)

The scan has been done completely.

0 Scanned directories
15 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
14 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

The scan results will be transferred to the Guard.

You tell me what you want me to do? And I checked the add ons and it is still there and the only option is disable it. I tried to right click and the uninstall is grayed out there also. The only options there are- go to home page or about Wyyo.

Let me know, and thanks.

Blue Skys · 2010/04/08

Oh yeah, I also disabled the Wyyo in the add on's. That is the last thing I need added to my little mess.

And, thanks again, I (and looking at the log of open malware, problems that you are trying to help with) and half the web world thank you for all of your help.

broni · 2010/04/08

How to remove WYYO.exe :: HKACTIVITY.COM
Click to expand...

We're not dealing with any ".exe" file, but an add-on.
If you can't do anything about it, don't worry for now.

Please, run my OTL script.

Blue Skys · 2010/04/09

You are right (as always). Here ya go, one OTL coming up:

All processes killed
========== OTL ==========
Prefs.js: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ deleted successfully.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ not found.
File F:\WIN\setup.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Char
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Charlotte
->Temp folder emptied: 23149576 bytes
->Temporary Internet Files folder emptied: 12551240 bytes
->Java cache emptied: 141875 bytes
->FireFox cache emptied: 55964614 bytes
->Flash cache emptied: 1103 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 943789 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1019421 bytes

Total Files Cleaned = 89.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.0 log created on 04092010_022602

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000016731EB7D582C692DA not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Blue Skys · 2010/04/09

one OTL Quick scan next:

OTL logfile created on: 4/9/2010 2:39:41 AM - Run 6
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Charlotte\Documents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 346.08 Gb Free Space | 76.72% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.03 Gb Free Space | 41.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Charlotte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/06 16:30:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
PRC - [2010/04/04 13:04:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/01 13:35:38 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Upromise\UpromiseTray.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/02/20 05:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/11/03 20:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (SafeList) ==========

MOD - [2010/04/06 16:30:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 00:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/07/02 03:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/20 06:28:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 4B 36 B9 D8 1E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.core.com/home/start
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=SOLTDF&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/04 13:04:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/04 13:04:45 | 000,000,000 | ---D | M]

[2009/04/05 07:18:01 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Extensions
[2010/04/07 23:43:23 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions
[2009/06/24 11:04:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/10/04 22:12:08 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2009/06/24 11:05:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009/10/11 07:29:13 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/09/09 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\autopager@mozilla.org
[2009/10/11 07:29:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\FFToolbar@upromise
[2009/09/08 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\fotofox@mozilla.com
[2009/09/08 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\isreaditlater@ideashower.com
[2009/05/01 20:20:25 | 000,002,207 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\askcom.xml
[2009/04/07 12:04:56 | 000,001,632 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\live-search.xml
[2010/04/04 14:08:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/30 04:52:48 | 000,000,000 | ---D | M] (Wyyo) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{0CA8283E-056B-40D7-A343-83C84105CE78}
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-companion@mozilla.com
[2009/03/28 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-online@partners.mozilla.com
[2010/01/30 17:39:57 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2010/04/09 02:26:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O24 - Desktop BackupWallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/06 16:26:02 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
[2010/04/04 14:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/31 13:41:05 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\IU RESDENTIAL MAP_files
[2010/03/27 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2010/03/27 12:39:56 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Avira
[2010/03/27 12:36:05 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/03/27 12:36:05 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/03/27 12:36:05 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

========== Files - Modified Within 14 Days ==========

[2010/04/09 02:39:47 | 003,670,016 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat
[2010/04/09 02:37:22 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/09 02:37:22 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/09 02:37:22 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/09 02:36:49 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job
[2010/04/09 02:32:53 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/04/09 02:32:53 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 02:32:52 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 02:32:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/09 02:32:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/09 02:31:39 | 000,524,288 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000001.regtrans-ms
[2010/04/09 02:31:39 | 000,065,536 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TM.blf
[2010/04/09 02:31:37 | 004,121,644 | -H-- | M] () -- C:\Users\Charlotte\AppData\Local\IconCache.db
[2010/04/08 18:59:12 | 000,018,238 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2010/04/08 18:59:12 | 000,010,752 | ---- | M] () -- C:\Users\Charlotte\Documents\IU enrollmentbulletin and schedules.xlr
[2010/04/07 23:42:26 | 005,936,128 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/04/07 23:42:26 | 002,756,608 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/04/06 16:30:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
[2010/04/06 13:27:39 | 000,008,248 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\en.ini
[2010/04/06 13:05:11 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/04/05 01:23:16 | 000,293,376 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\p5tj8di3.exe
[2010/04/05 00:58:09 | 000,014,848 | ---- | M] () -- C:\Users\Charlotte\Documents\IU info.xlr
[2010/04/04 14:28:34 | 000,016,896 | ---- | M] () -- C:\Users\Charlotte\Documents\IU General Information.wps
[2010/03/31 22:47:39 | 000,467,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/31 13:41:16 | 000,152,064 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 16:42:12 | 000,011,264 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer Virus Help Menu.xlr
[2010/03/27 06:32:03 | 042,281,152 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\avira_antivir_personal_en.exe

========== Files Created - No Company Name ==========

[2010/04/08 18:59:12 | 000,010,752 | ---- | C] () -- C:\Users\Charlotte\Documents\IU enrollmentbulletin and schedules.xlr
[2010/04/05 01:19:18 | 000,293,376 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\p5tj8di3.exe
[2010/04/05 00:58:09 | 000,014,848 | ---- | C] () -- C:\Users\Charlotte\Documents\IU info.xlr
[2010/04/04 14:28:34 | 000,016,896 | ---- | C] () -- C:\Users\Charlotte\Documents\IU General Information.wps
[2010/03/29 16:36:00 | 000,011,264 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer Virus Help Menu.xlr
[2010/03/27 12:34:34 | 000,423,208 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistMSI7D9B.txt
[2010/03/27 12:34:33 | 000,013,290 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistUI7D9B.txt
[2010/03/27 00:13:38 | 042,281,152 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\avira_antivir_personal_en.exe
[2010/02/06 11:04:06 | 000,002,146 | ---- | C] () -- C:\Users\Charlotte\.recently-used.xbel
[2010/01/22 01:10:58 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/21 23:16:37 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2010/01/21 23:16:05 | 000,000,537 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/17 00:16:24 | 000,076,407 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Smiley.ico
[2009/08/16 18:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 18:24:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/31 09:42:31 | 000,000,097 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\fusioncache.dat
[2009/07/30 19:08:08 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/28 00:52:16 | 000,412,140 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistMSI07EB.txt
[2009/07/28 00:52:16 | 000,011,458 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistUI07EB.txt
[2009/06/10 10:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000002.regtrans-ms
[2009/06/10 10:06:11 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000001.regtrans-ms
[2009/06/10 10:06:11 | 000,065,536 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TM.blf
[2009/05/23 08:19:15 | 000,000,022 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\kodakpcd.ini
[2009/04/20 06:20:41 | 000,061,224 | ---- | C] () -- C:\Users\Charlotte\GoToAssistDownloadHelper.exe
[2009/04/19 14:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\d3d9caps.dat
[2009/04/08 08:13:26 | 000,710,144 | -HS- | C] () -- C:\Users\Charlotte\ehthumbs_vista.db
[2009/03/22 14:42:11 | 000,008,248 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\en.ini
[2009/02/22 00:44:55 | 000,000,000 | ---- | C] () -- C:\Users\Charlotte\Sti_Trace.log
[2009/01/29 19:49:20 | 000,026,478 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\UserTile.png
[2009/01/29 19:44:38 | 000,018,238 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2009/01/28 18:28:50 | 000,003,584 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/28 18:03:21 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009/01/28 18:03:21 | 000,524,288 | -HS- | C] () -- C:\Users\Charlotte\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/01/28 18:03:21 | 000,262,144 | -H-- | C] () -- C:\Users\Charlotte\ntuser.dat.LOG1
[2009/01/28 18:03:21 | 000,065,536 | -HS- | C] () -- C:\Users\Charlotte\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/01/28 18:03:21 | 000,000,020 | -HS- | C] () -- C:\Users\Charlotte\ntuser.ini
[2009/01/28 18:03:21 | 000,000,000 | -H-- | C] () -- C:\Users\Charlotte\ntuser.dat.LOG2
[2009/01/28 18:03:20 | 003,670,016 | -HS- | C] () -- C:\Users\Charlotte\ntuser.dat
[2008/12/26 15:53:31 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/12/26 15:53:31 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/12/26 15:53:31 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002/12/11 19:19:34 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/12/11 19:19:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== LOP Check ==========

[2010/01/30 08:49:57 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Blitware
[2010/02/28 01:36:07 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Canon
[2010/02/04 02:41:12 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Clip Art Collection
[2009/10/12 23:16:35 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/10 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\DriverCure
[2010/01/30 12:23:33 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\E-centives
[2009/08/19 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Free-backup.info
[2010/02/06 11:04:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\gtk-2.0
[2009/11/10 12:45:05 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\licenses
[2010/03/26 02:47:04 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\OpenCandy
[2009/11/10 02:19:49 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PCMM2009
[2010/02/13 14:15:59 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PeerNetworking
[2009/04/07 19:45:47 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Shape games
[2010/02/26 18:39:16 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Sierra Wireless
[2009/05/12 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SmartDraw
[2009/07/29 07:15:43 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SPAMfighter
[2009/01/29 19:44:39 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Template
[2009/11/10 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Uniblue
[2009/08/01 07:35:57 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\upromise
[2009/09/20 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\WeatherBug
[2009/04/07 11:39:50 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Windows Live Writer
[2010/04/06 13:05:11 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2010/04/09 02:31:43 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/09 02:36:49 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 765 bytes -> C:\Users\Charlotte\Documents\6 pictures for you.eml:OECustomProperty
< End of report >

Blue Skys · 2010/04/09

Broni: I think this is everything you asked me to run.

Just let me know what you need next, and "You've Got It ".
And, I don't think I could say this enough, but, thanks again for all of your time, effort, expertise, etc. Your are great and very patient. later my friend!!

broni · 2010/04/09

You're very welcome
The log looks good to me.
How are the issues?

Blue Skys · 2010/04/09

Actually, looking really good. The crazy thing hasn't grabbed my pc lately. I just wish I could figure out a way to keep out of my PC. My antivirus is updated daily and I update MalwareBytes weekly usually more. And after looking at my anti virus log, I find it hard to believe the amount of times in a day I get hit with something.

Is everyone's PC and yours going thru the same amount?? Don't theses guys have anything better to do that mess with other peoples systems??
Any suggestions?? I am all ears

I know your busy, and thanks again. Couldn't do it with out you!!

broni · 2010/04/09

Don't theses guys have anything better to do that mess with other peoples systems??
Click to expand...

It's a big business. Those are not college kids anymore with some time to spare.
Those people are pro and as long, as your computer is connected to the internet, some danger is always lurking out there.

I'm glad, your computer is doing fine
Let's run one more scan to make sure, there are no leftovers.

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

Blue Skys · 2010/04/11

Broni: I'm sorry I haven't gotten the reports for you yet. I had to call at&t out to correct a line problem. It is fixed now so I will get the reports for you ASAP.

Thanks for waiting for me, sorry it is taking so long.

broni · 2010/04/11

Not a problem

Blue Skys · 2010/04/12

Broni: I have been having trouble with Kaspersky. I can download it, up date it, run it but when I try to see and save the report there is nothing there. I made sure the settings were as you requested. I have ran this program and report for you in the past just fine. Any suggestions? I would appreciate any help.

I qm running it again as I type this, so I'll get back with you soon. The scans have been running around 1 1/2 hours.

Thanks a bunch for your patience.!!

Blue Skys · 2010/04/12

Broni: I just thought of something. Java script is used for Kaspersky to run. I have turned down updates for my Java application as well as my Firefox. I have been to scared to accept them. It seems everytime I download something (it doesn't seem to matter what or when), I get good ol'e bing.Zugo to go with it.

If you think this is a problem, I can find the updates and download them asap. Just let me know. I am NOT going to download them unless you say I can. Also, is there a way to scan a update download before you accept it?????

Thanks a Bunch again!!

broni · 2010/04/12

You should always keep all of your programs up to days.
Things like Java and browsers are especially important, so yes, you should update both.

Blue Skys · 2010/04/13

Broni: I hope your having a great day. I just updated my Java and Firefox. Everything seemed ok, but as I was watching the updates, I unfortunately saw the ADWARE WYYO downloaded to my pc when the firefox updates installed. Is that program part of Firefox or what??. Of course this is things was part of my problem in the first place. Luckily, you were able to help me get rid if it but, where should I go from here (again)??

Does Firefox even know it is associated with their program? Or if you use Firefox, you just take your chances?

I do not know how you put up with all of this stuff. Other than you must have a heart of gold and brains the size of Einstein's. I am having trouble just putting up with my (seems like) continual malware problems.

I know I am not speaking out of turn when I say THANKS from all of the internet users that come back to you for help so many times.

Please let me know what you want me to do. I am going to run Kaspersky's Online Scan again to see if the updates helped. Maybe I can get a report for you this time.

Blue Skys · 2010/04/13

Broni: I ran Kaspersky and still did not get a report. All I can say is on the main Kaspersky screen it say nothing was found. I'm sorry, I don't know what I am doing wrong. Here is the HighjackThis report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:00 PM, on 4/13/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll (file missing)
O1 - Hosts: Ã¿Ã¾127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F571984-8185-4021-8231-3C596A17027E}: NameServer = 64.179.43.190 69.95.31.250
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10650 bytes

broni · 2010/04/13

We'll worry about WYYO in a moment...

Instead of Kaspersky....

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Post fresh HJT log as well.

Blue Skys · 2010/04/15

Problems with this online scanner also. Did some checking and found problem with Java Script updates. After checking yesterday, for updates (no new updates found) for Java, and last night and this A.M. also problem seemed pretty weird that both online scanners would not act correctly. Found updates for Java that did not and would not load to my pc.

FYI for the future: Problem was (and is) when Updated Firefox to 3.6.3 must have hung up Java Script updates. Problem is fixed now and am downloading virus updates now. It will be a while. Get logs to you ASAP.

Again, thanks for your patience, your great!!

Log in or Sign up

Solved Bing.Zugo doing something different

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Bing.Zugo doing something different

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Share This Page

Useful Searches