Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33
  1. #1
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    176
    Points
    0

    Default detective says malicious threats

    I copied and pasted my hijack this log and this is what the detective said.

    Here is the log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:41:32 PM, on 10/20/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\kmailler\Desktop\HijackThis(1).exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts:  ■127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - Cell Phones - Smartphones: Cell Phone Service, Accessories - Verizon Wireless
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 9120 bytes


    Here is my superantispyware log:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 10/19/2012 at 09:54 AM

    Application Version : 5.5.1022

    Core Rules Database Version : 9354
    Trace Rules Database Version: 7166

    Scan type : Complete Scan
    Total Scan Time : 02:08:56

    Operating System Information
    Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 633
    Memory threats detected : 0
    Registry items scanned : 39790
    Registry threats detected : 0
    File items scanned : 74747
    File threats detected : 19

    Adware.Gamevance
    C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20120302-142946-276.DLL
    C:\_OTL\MOVEDFILES\03242012_133201\C_USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\LINKS@RIVALGAMING.COM\COMPONENTS\XPCOMPONENT.DLL

    Adware.Tracking Cookie
    core.insightexpressai.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RK9T23VL ]
    ia.media-imdb.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RK9T23VL ]
    img-cdn.mediaplex.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RK9T23VL ]
    l.content.oddcast.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RK9T23VL ]
    media.mtvnservices.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RK9T23VL ]
    secure-uk.imrworldwide.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RK9T23VL ]
    secure-us.imrworldwide.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RK9T23VL ]
    .imrworldwide.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]
    sales.liveperson.net [ C:\USERS\KMAILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JSOVF5M.DEFAULT\COOKIES.SQLITE ]


    here is the malware log:

    Malwarebytes Anti-Malware 1.65.0.1400
    Malwarebytes : Free anti-malware download

    Database version: v2012.10.13.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    kmailler :: KMAILLER-PC [administrator]

    10/19/2012 11:22:09 AM
    mbam-log-2012-10-19 (11-22-09).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 441706
    Time elapsed: 3 hour(s), 27 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    I also scanned with avast. It said it had found 3 network items infected and 5 items on the computer infected. I followed all instructions to delete all items and also ran a root scan which found 2 items that I deleted.

    Thanks

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi,

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE

    Please post both logs from the DDS SCAN.

  3. #3
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    176
    Points
    0

    Default

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume3
    Install Date: 12/25/2009 6:42:55 AM
    System Uptime: 10/21/2012 11:43:28 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 308F
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1328/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 64.139 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.906 GiB free.
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C6100 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C6100 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP716: 10/6/2012 4:26:15 PM - Windows Update
    RP717: 10/7/2012 8:05:51 PM - Windows Update
    RP718: 10/8/2012 6:50:56 PM - Windows Update
    RP719: 10/11/2012 8:11:05 PM - Windows Update
    RP720: 10/12/2012 6:04:36 AM - Windows Update
    RP721: 10/12/2012 9:11:53 PM - Windows Update
    RP722: 10/13/2012 9:55:48 PM - avast! Free Antivirus Setup
    RP724: 10/14/2012 6:03:16 PM - Windows Update
    RP725: 10/15/2012 7:27:36 PM - Windows Update
    RP726: 10/16/2012 5:30:07 PM - Windows Update
    RP727: 10/17/2012 8:14:37 PM - Windows Update
    RP728: 10/18/2012 10:12:32 PM - Windows Update
    RP729: 10/20/2012 10:50:30 AM - Windows Update
    RP730: 10/21/2012 11:48:47 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4 Elements II
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player
    Adobe Shockwave Player 11.5
    AIM 7
    AIO_CDA_Software
    AIO_Scan
    Amazon Kindle For PC
    Amazon MP3 Uploader
    Anti-phishing Domain Advisor
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft WebCam Companion 3
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    avast! Free Antivirus
    Bing Bar
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Copy
    CopyTrans Suite Remove Only
    Coupon Printer for Windows
    Customer Support Tool A206
    CyberLink DVD Suite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DocProc
    Download Updater (AOL LLC)
    ESET Online Scanner v3
    Fax
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.1.0
    HostsMan 3.2.73
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Games
    HP Imaging Device Functions 13.0
    HP Instant Web
    HP Photosmart All-In-One Driver Software 13.0 Rel. A
    HP Photosmart Essential 3.5
    HP QuickSync
    HP Setup
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HP User Guides 0166
    HP Wireless Assistant
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    iCloud
    IDT Audio
    IHA_MessageCenter
    InstallIQ Updater
    Intel(R) Graphics Media Accelerator Driver
    Intel« Matrix Storage Manager
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Magic Academy 2
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft Live Search Toolbar
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Home and Student 60 day trial
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2013
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    MobileMe Control Panel
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MWSnap 3
    Network
    OCR Software by I.R.I.S. 13.0
    OGA Notifier 2.0.0048.0
    Personal Ancestral File 5
    Power2Go
    PowerRecover
    QuickTime
    Realtek USB 2.0 Card Reader
    Redist
    Reel Deal Slots: American Adventure
    RegInOut System Utilities
    Safari
    Scan
    Secunia PSI (2.0.0.3001)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Shop for HP Supplies
    SkyCaddie Desktop
    SmartWebPrinting
    SolutionCenter
    Startup Optimizer 1.6
    Status
    Synaptics Pointing Device Driver
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update Installer for WildTangent Games App
    Verizon FiOS Activation
    Verizon Media Manager
    VersaCheck 2005 Gold
    Vz In Home Agent
    WebReg
    WildTangent Games App (HP Games)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinX DVD Ripper Platinum 6.0.1
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2012 11:56:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).
    10/21/2012 11:45:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    10/18/2012 9:39:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
    10/18/2012 9:38:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
    10/18/2012 5:59:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TomTomHOMEService service to connect.
    10/18/2012 5:59:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device service.
    10/17/2012 8:10:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    10/16/2012 5:58:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/16/2012 5:28:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    10/14/2012 7:05:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    10/14/2012 11:36:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.
    .
    ==== End Of File ===========================

  4. #4
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    176
    Points
    0

    Default

    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by kmailler at 12:08:42 on 2012-10-21
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.69 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\SPLASH.SYS\config\DVMExportService.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    dURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    mPolicies-System: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{5A04BA88-09FB-4038-BFA9-60C91EBAA696} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19}\3363654463 : DHCPNameServer = 192.168.1.1 68.237.161.12
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19}\37471636B6 : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19}\8413233543 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19}\86F6573756 : DHCPNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kmailler\appdata\roaming\mozilla\firefox\profiles\0jsovf5m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\livingplay games\nplplaypop.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\2\NP_wtapp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\kmailler\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: 2012-10-13 21:58; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: !HIDDEN! 2012-07-18 20:47; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448&q=
    FF - user.js: extensions.funmoods.id - 0C607623D29B56B8
    FF - user.js: extensions.funmoods.instlDay - 15571
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:31:52
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - axl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    FF - user.js: security.csp.enable - false
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-13 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-13 355632]
    R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe [2009-3-2 81920]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-13 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-13 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-13 44808]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-23 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 250808]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-23 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-24 167424]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    .
    =============== Created Last 30 ================
    .
    2012-10-14 01:58:54 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-10-14 01:58:51 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-14 01:58:49 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-14 01:57:23 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-13 19:38:18 -------- d-----w- c:\programdata\SUPERSetup
    2012-10-10 22:37:09 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 22:37:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 22:35:25 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-10 22:35:23 542208 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 22:35:07 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 22:35:06 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-09-25 22:50:18 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    .
    ==================== Find3M ====================
    .
    2012-10-08 19:44:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-08 19:44:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    .
    ============= FINISH: 12:11:11.46 ===============

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.

  6. #6
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    176
    Points
    0

    Default

    # AdwCleaner v2.005 - Logfile created 10/21/2012 at 13:13:51
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : kmailler - KMAILLER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\kmailler\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\Users\kmailler\AppData\Local\funmoods-speeddial.crx
    Folder Found : C:\Program Files\Common Files\Software Update Utility
    Folder Found : C:\Program Files\Funmoods
    Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\ProgramData\WeCareReminder
    Folder Found : C:\Users\kmailler\AppData\Local\APN
    Folder Found : C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Folder Found : C:\Users\kmailler\AppData\Local\OpenCandy
    Folder Found : C:\Users\kmailler\AppData\LocalLow\Funmoods
    Folder Found : C:\Users\kmailler\AppData\Roaming\iWin
    Folder Found : C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\extensions\ffxtlbr@funmoods.com
    Folder Found : C:\Users\kmailler\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\Funmoods
    Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\wecarereminder
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Found : HKLM\SOFTWARE\Classes\dnUpdate
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Found : HKLM\Software\Tarma Installer
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448

    -\\ Mozilla Firefox v8.0.1 (en-US)

    Profile name : default
    File : C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\prefs.js

    Found : user_pref("backup.old.browser.search.selectedEngine", "Blekko");
    Found : user_pref("browser.search.defaultengine", "Ask.com");
    Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1330718327);
    Found : user_pref("extensions.crossriderapp2258.2258.active", true);
    Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
    Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
    Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
    Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 8);
    Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
    Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
    Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
    Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1330718327");
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1330718327");
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1332454343");
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Sun Mar 25 2012 07:06:08 [...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3Anull[...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2222097%22");
    Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
    Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
    Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
    Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
    Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
    Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
    Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
    Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
    Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
    Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID = 21;\n\n(function($) { \n\n [...]
    Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
    Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
    Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
    Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(b){b.selectedText=f[...]
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "(function(a){a.later=function[...]
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){function t(b,d){[...]
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(c,a[...]
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
    Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
    Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
    Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
    Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
    Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 1);
    Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
    Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
    Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
    Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
    Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
    Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
    Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
    Found : user_pref("extensions.crossriderapp2258.2258.ver", 43);
    Found : user_pref("extensions.crossriderapp2258.apps", "2258");
    Found : user_pref("extensions.crossriderapp2258.bic", "13384914c9bb1848db860d8763aa0580");
    Found : user_pref("extensions.crossriderapp2258.cid", 2258);
    Found : user_pref("extensions.crossriderapp2258.firstrun", false);
    Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
    Found : user_pref("extensions.crossriderapp2258.installationdate", 1330718322);
    Found : user_pref("extensions.crossriderapp2258.lastcheck", 22207385);
    Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22207573);
    Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1332454400519");
    Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1332454400517");
    Found : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
    Found : user_pref("extensions.crossriderapp498.498.active", true);
    Found : user_pref("extensions.crossriderapp498.498.affid", "0");
    Found : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n/**************************************[...]
    Found : user_pref("extensions.crossriderapp498.498.backgroundver", 4);
    Found : user_pref("extensions.crossriderapp498.498.certdomaininstaller", "");
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1320778154");
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0[...]
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
    Found : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
    Found : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
    Found : user_pref("extensions.crossriderapp498.498.emailsig", "");
    Found : user_pref("extensions.crossriderapp498.498.exposesites", "");
    Found : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
    Found : user_pref("extensions.crossriderapp498.498.group", 0);
    Found : user_pref("extensions.crossriderapp498.498.homepage", "");
    Found : user_pref("extensions.crossriderapp498.498.iframe", false);
    Found : user_pref("extensions.crossriderapp498.498.js", "\n\nvar _GPL_PID = 18;\n\n(function($) { \n\n $.[...]
    Found : user_pref("extensions.crossriderapp498.498.name", "RewardsArcade");
    Found : user_pref("extensions.crossriderapp498.498.premium", true);
    Found : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
    Found : user_pref("extensions.crossriderapp498.498.settingsurl", "");
    Found : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=498[...]
    Found : user_pref("extensions.crossriderapp498.498.ver", 61);
    Found : user_pref("extensions.crossriderapp498.apps", "498");
    Found : user_pref("extensions.crossriderapp498.bic", "13384914c9bb1848db860d8763aa0580");
    Found : user_pref("extensions.crossriderapp498.cid", 498);
    Found : user_pref("extensions.crossriderapp498.firstrun", false);
    Found : user_pref("extensions.crossriderapp498.hadappinstalled", true);
    Found : user_pref("extensions.crossriderapp498.installationdate", 1320779075);
    Found : user_pref("extensions.crossriderapp498.jsver", 3);
    Found : user_pref("extensions.crossriderapp498.lastcheck", 22012985);
    Found : user_pref("extensions.crossriderapp498.lastcheckitem", 22013004);
    Found : user_pref("extensions.crossriderapp498.misc.lastBgWorkerTimer", "1320779449888");
    Found : user_pref("extensions.crossriderapp498.misc.lastDomWorkerTimer", "1320779449885");
    Found : user_pref("extensions.dynconff.cache.www.ask.com.content", "<package expire=\"600\" es=\"914\"></pac[...]
    Found : user_pref("extensions.dynconff.cache.www.ask.com.expires", "1323371759611");
    Found : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]
    Found : user_pref("extensions.funmoods.aflt", "axl");
    Found : user_pref("extensions.funmoods.autoRvrt", false);
    Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
    Found : user_pref("extensions.funmoods.cntry", "US");
    Found : user_pref("extensions.funmoods.cv", "cv5");
    Found : user_pref("extensions.funmoods.dfltLng", "");
    Found : user_pref("extensions.funmoods.dfltSrch", true);
    Found : user_pref("extensions.funmoods.dfltlng", "en");
    Found : user_pref("extensions.funmoods.dfltsrch", true);
    Found : user_pref("extensions.funmoods.dnsErr", true);
    Found : user_pref("extensions.funmoods.envrmnt", "production");
    Found : user_pref("extensions.funmoods.excTlbr", false);
    Found : user_pref("extensions.funmoods.hdrMd5", "DD454A63BB8E19240BA6BDACE07533AF");
    Found : user_pref("extensions.funmoods.hmpg", true);
    Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
    Found : user_pref("extensions.funmoods.hrdid", "0C607623D29B56B8");
    Found : user_pref("extensions.funmoods.id", "0C607623D29B56B8");
    Found : user_pref("extensions.funmoods.instlDay", "15571");
    Found : user_pref("extensions.funmoods.instlRef", "axl");
    Found : user_pref("extensions.funmoods.instlday", "15571");
    Found : user_pref("extensions.funmoods.instlref", "axl");
    Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Found : user_pref("extensions.funmoods.keywordurl", "");
    Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:31:52");
    Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Found : user_pref("extensions.funmoods.newTab", true);
    Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
    Found : user_pref("extensions.funmoods.newtab", true);
    Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
    Found : user_pref("extensions.funmoods.prdct", "funmoods");
    Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
    Found : user_pref("extensions.funmoods.savedVrsnTs", "1");
    Found : user_pref("extensions.funmoods.sg", "none");
    Found : user_pref("extensions.funmoods.smplGrp", "none");
    Found : user_pref("extensions.funmoods.smplgrp", "none");
    Found : user_pref("extensions.funmoods.srch", "");
    Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Found : user_pref("extensions.funmoods.srchprvdr", "Search");
    Found : user_pref("extensions.funmoods.tlbrId", "base");
    Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
    Found : user_pref("extensions.funmoods.tlbrid", "base");
    Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
    Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:31:52");
    Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.228:31:52");
    Found : user_pref("extensions.funmoods_i.newTab", true);
    Found : user_pref("extensions.funmoods_i.smplGrp", "none");
    Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:31:52");

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.8] : homepage = "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448",
    Found [l.12] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448" ]
    Found [l.36] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448",
    Found [l.303] : homepage = "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448",
    Found [l.597] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448" ]

    *************************

    AdwCleaner[R1].txt - [20649 octets] - [21/10/2012 13:13:51]

    ########## EOF - C:\AdwCleaner[R1].txt - [20710 octets] ##########

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Please rescan with AdwCleaner.
    Double-click AdwCleaner.exe to run the tool.
    Click Delete.
    Everything that was found will be deleted.
    Save and open files and approve the reboot. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.


    Next

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  8. #8
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    176
    Points
    0

    Default

    # AdwCleaner v2.005 - Logfile created 10/21/2012 at 14:05:09
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : kmailler - KMAILLER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\kmailler\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\kmailler\AppData\Local\funmoods-speeddial.crx
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files\Funmoods
    Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\kmailler\AppData\Local\APN
    Folder Deleted : C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Folder Deleted : C:\Users\kmailler\AppData\Local\OpenCandy
    Folder Deleted : C:\Users\kmailler\AppData\LocalLow\Funmoods
    Folder Deleted : C:\Users\kmailler\AppData\Roaming\iWin
    Folder Deleted : C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\extensions\ffxtlbr@funmoods.com
    Folder Deleted : C:\Users\kmailler\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Funmoods
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\Software\Tarma Installer
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448 --> hxxp://www.google.com

    -\\ Mozilla Firefox v8.0.1 (en-US)

    Profile name : default
    File : C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\prefs.js

    C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\user.js ... Deleted !

    Deleted : user_pref("backup.old.browser.search.selectedEngine", "Blekko");
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1330718327);
    Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
    Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
    Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 8);
    Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1330718327");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1330718327");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1332454343");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Sun Mar 25 2012 07:06:08 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3Anull[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2222097%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
    Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
    Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID = 21;\n\n(function($) { \n\n [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
    Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(b){b.selectedText=f[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "(function(a){a.later=function[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){function t(b,d){[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(c,a[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
    Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
    Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
    Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 43);
    Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
    Deleted : user_pref("extensions.crossriderapp2258.bic", "13384914c9bb1848db860d8763aa0580");
    Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
    Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1330718322);
    Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22207385);
    Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22207573);
    Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1332454400519");
    Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1332454400517");
    Deleted : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp498.498.active", true);
    Deleted : user_pref("extensions.crossriderapp498.498.affid", "0");
    Deleted : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n/**************************************[...]
    Deleted : user_pref("extensions.crossriderapp498.498.backgroundver", 4);
    Deleted : user_pref("extensions.crossriderapp498.498.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1320778154");
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0[...]
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
    Deleted : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
    Deleted : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
    Deleted : user_pref("extensions.crossriderapp498.498.emailsig", "");
    Deleted : user_pref("extensions.crossriderapp498.498.exposesites", "");
    Deleted : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp498.498.group", 0);
    Deleted : user_pref("extensions.crossriderapp498.498.homepage", "");
    Deleted : user_pref("extensions.crossriderapp498.498.iframe", false);
    Deleted : user_pref("extensions.crossriderapp498.498.js", "\n\nvar _GPL_PID = 18;\n\n(function($) { \n\n $.[...]
    Deleted : user_pref("extensions.crossriderapp498.498.name", "RewardsArcade");
    Deleted : user_pref("extensions.crossriderapp498.498.premium", true);
    Deleted : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp498.498.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=498[...]
    Deleted : user_pref("extensions.crossriderapp498.498.ver", 61);
    Deleted : user_pref("extensions.crossriderapp498.apps", "498");
    Deleted : user_pref("extensions.crossriderapp498.bic", "13384914c9bb1848db860d8763aa0580");
    Deleted : user_pref("extensions.crossriderapp498.cid", 498);
    Deleted : user_pref("extensions.crossriderapp498.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp498.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp498.installationdate", 1320779075);
    Deleted : user_pref("extensions.crossriderapp498.jsver", 3);
    Deleted : user_pref("extensions.crossriderapp498.lastcheck", 22012985);
    Deleted : user_pref("extensions.crossriderapp498.lastcheckitem", 22013004);
    Deleted : user_pref("extensions.crossriderapp498.misc.lastBgWorkerTimer", "1320779449888");
    Deleted : user_pref("extensions.crossriderapp498.misc.lastDomWorkerTimer", "1320779449885");
    Deleted : user_pref("extensions.dynconff.cache.www.ask.com.content", "<package expire=\"600\" es=\"914\"></pac[...]
    Deleted : user_pref("extensions.dynconff.cache.www.ask.com.expires", "1323371759611");
    Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]
    Deleted : user_pref("extensions.funmoods.aflt", "axl");
    Deleted : user_pref("extensions.funmoods.autoRvrt", false);
    Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
    Deleted : user_pref("extensions.funmoods.cntry", "US");
    Deleted : user_pref("extensions.funmoods.cv", "cv5");
    Deleted : user_pref("extensions.funmoods.dfltLng", "");
    Deleted : user_pref("extensions.funmoods.dfltSrch", true);
    Deleted : user_pref("extensions.funmoods.dfltlng", "en");
    Deleted : user_pref("extensions.funmoods.dfltsrch", true);
    Deleted : user_pref("extensions.funmoods.dnsErr", true);
    Deleted : user_pref("extensions.funmoods.envrmnt", "production");
    Deleted : user_pref("extensions.funmoods.excTlbr", false);
    Deleted : user_pref("extensions.funmoods.hdrMd5", "DD454A63BB8E19240BA6BDACE07533AF");
    Deleted : user_pref("extensions.funmoods.hmpg", true);
    Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
    Deleted : user_pref("extensions.funmoods.hrdid", "0C607623D29B56B8");
    Deleted : user_pref("extensions.funmoods.id", "0C607623D29B56B8");
    Deleted : user_pref("extensions.funmoods.instlDay", "15571");
    Deleted : user_pref("extensions.funmoods.instlRef", "axl");
    Deleted : user_pref("extensions.funmoods.instlday", "15571");
    Deleted : user_pref("extensions.funmoods.instlref", "axl");
    Deleted : user_pref("extensions.funmoods.isdcmntcmplt", false);
    Deleted : user_pref("extensions.funmoods.keywordurl", "");
    Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:31:52");
    Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Deleted : user_pref("extensions.funmoods.newTab", true);
    Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
    Deleted : user_pref("extensions.funmoods.newtab", true);
    Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
    Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
    Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
    Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
    Deleted : user_pref("extensions.funmoods.sg", "none");
    Deleted : user_pref("extensions.funmoods.smplGrp", "none");
    Deleted : user_pref("extensions.funmoods.smplgrp", "none");
    Deleted : user_pref("extensions.funmoods.srch", "");
    Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
    Deleted : user_pref("extensions.funmoods.tlbrId", "base");
    Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
    Deleted : user_pref("extensions.funmoods.tlbrid", "base");
    Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
    Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:31:52");
    Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.228:31:52");
    Deleted : user_pref("extensions.funmoods_i.newTab", true);
    Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
    Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:31:52");

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.8] : homepage = "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448",
    Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448" ]
    Deleted [l.36] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448",
    Deleted [l.303] : homepage = "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448",
    Deleted [l.597] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448" ]

    *************************

    AdwCleaner[R1].txt - [20780 octets] - [21/10/2012 13:13:51]
    AdwCleaner[R2].txt - [20841 octets] - [21/10/2012 14:01:42]
    AdwCleaner[S2].txt - [21396 octets] - [21/10/2012 14:05:09]

    ########## EOF - C:\AdwCleaner[S2].txt - [21457 octets] ##########

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi,

    Not sure if you had seen these instructions, but I'd like to have this scan too,

    Next

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  10. #10
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    176
    Points
    0

    Default

    OTL logfile created on: 10/21/2012 2:59:33 PM - Run 4
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kmailler\Desktop
    Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.30 Mb Total Physical Memory | 270.93 Mb Available Physical Memory | 26.68% Memory free
    1.99 Gb Paging File | 0.99 Gb Available in Paging File | 49.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.47 Gb Total Space | 64.02 Gb Free Space | 46.57% Space Free | Partition Type: NTFS
    Drive D: | 11.38 Gb Total Space | 1.91 Gb Free Space | 16.75% Space Free | Partition Type: NTFS

    Computer Name: KMAILLER-PC | User Name: kmailler | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Users\kmailler\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
    PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
    PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\stacsv.exe (IDT, Inc.)
    PRC - C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
    SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
    SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\stacsv.exe (IDT, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (DvmMDES) -- C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
    DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
    DRV - (catchme) -- C:\Users\kmailler\AppData\Local\Temp\catchme.sys File not found
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
    DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (DVMIO) -- C:\SPLASH.SYS\config\dvmio.sys (DeviceVM, Inc.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV - (rcmirror) -- C:\Windows\System32\drivers\rcmirror.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\System32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
    DRV - (SWMX00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\System32\drivers\swmx00.sys (Sierra Wireless Inc.)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {89022F4C-44A1-4FDE-A12D-C4835266CC16}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{09E6A7B0-CB00-8526-E31E-47FE636E4D6A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{89022F4C-44A1-4FDE-A12D-C4835266CC16}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448
    IE - HKLM\..\SearchScopes\{8B31050B-FBEC-48A3-A4A2-383DD49998BB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = Yahoo!
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {8B31050B-FBEC-48A3-A4A2-383DD49998BB}
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{8B31050B-FBEC-48A3-A4A2-383DD49998BB}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtBtA0DtBzy0ByDyC0BzztN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1886265448
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..browser.search.defaultenginename: "Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-hotj"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-hotj"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay Games\nplplaypop.dll ( )
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\kmailler\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 20:47:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/13 21:58:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/16 11:48:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/21 14:05:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 20:47:48 | 000,000,000 | ---D | M]

    [2011/05/21 08:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Extensions
    [2012/02/14 12:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2011/05/21 08:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/10/21 14:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\extensions
    [2012/10/11 20:11:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/09/25 18:48:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/08/02 06:29:25 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\extensions\coralietab@mozdev.org
    [2010/03/23 11:52:02 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\extensions\support@ancestry.com
    [2011/12/15 07:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/14 07:25:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/07/22 14:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    [2011/07/22 14:02:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/12/14 07:25:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
    [2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2012/01/16 11:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2012/01/16 11:48:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2012/01/16 11:48:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2012/01/16 11:48:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2012/01/16 11:48:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2012/01/16 11:48:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2012/01/16 11:48:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2011/10/12 09:32:26 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2011/10/12 09:32:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
    [2012/03/01 07:36:17 | 000,002,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
    [2011/10/12 09:32:26 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2011/10/12 09:32:26 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2011/12/14 07:25:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2011/10/12 09:32:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2011/10/12 09:32:26 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    ========== Chrome ==========

    CHR - default_search_provider: Web Search ()
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files\LivingPlay Games\nplplaypop.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\kmailler\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\kmailler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/03/24 13:40:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} Cell Phones - Smartphones: Cell Phone Service, Accessories - Verizon Wireless (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A04BA88-09FB-4038-BFA9-60C91EBAA696}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/21 12:07:51 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\kmailler\Desktop\dds.scr
    [2012/10/20 14:36:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\kmailler\Desktop\HijackThis(1).exe
    [2012/10/13 21:59:01 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/10/13 21:59:01 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/10/13 21:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/10/13 21:58:54 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012/10/13 21:58:53 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/10/13 21:58:51 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/10/13 21:58:49 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/10/13 21:57:23 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/13 21:57:20 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/10/13 15:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
    [2012/10/12 21:06:11 | 000,000,000 | ---D | C] -- C:\Users\kmailler\Desktop\backups
    [2012/10/12 20:55:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\kmailler\Desktop\HijackThis.exe
    [2012/10/10 18:37:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2012/10/10 18:36:34 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    [2012/10/10 18:36:34 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2012/10/10 18:36:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 18:36:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 18:36:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 18:36:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 18:36:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 18:36:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 18:36:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 18:36:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 18:36:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 18:36:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 18:36:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 18:35:07 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2012/10/10 18:35:06 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2012/09/25 18:50:18 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
    [2012/09/22 07:26:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/09/22 07:26:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/09/22 07:26:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/09/22 07:26:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/09/22 07:26:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/09/22 07:26:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/09/22 07:26:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/09/22 07:26:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

    ========== Files - Modified Within 30 Days ==========

    [2012/10/21 15:04:43 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
    [2012/10/21 15:02:16 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/21 15:02:16 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/21 15:02:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/21 14:54:49 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/21 14:54:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/21 14:54:12 | 798,466,048 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/21 14:44:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/21 13:13:20 | 000,538,941 | ---- | M] () -- C:\Users\kmailler\Desktop\adwcleaner.exe
    [2012/10/21 12:08:15 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\kmailler\Desktop\dds.scr
    [2012/10/21 11:58:05 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/21 11:58:05 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/20 14:36:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\kmailler\Desktop\HijackThis(1).exe
    [2012/10/19 11:19:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkmailler.job
    [2012/10/14 06:44:15 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - kmailler.job
    [2012/10/13 21:59:02 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/13 21:58:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/10/13 21:54:30 | 093,654,616 | ---- | M] () -- C:\Users\kmailler\Desktop\avast_free_antivirus_setup.exe
    [2012/10/13 10:00:45 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/12 20:55:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\kmailler\Desktop\HijackThis.exe
    [2012/10/08 15:44:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/10/08 15:44:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/10/08 10:43:54 | 002,027,520 | ---- | M] () -- C:\Users\kmailler\mailler.paf
    [2012/10/03 20:35:48 | 000,026,112 | ---- | M] () -- C:\Users\kmailler\Documents\kevinsheehan2012.wps
    [2012/10/03 20:35:48 | 000,013,116 | ---- | M] () -- C:\Users\kmailler\AppData\Roaming\wklnhst.dat
    [2012/09/30 16:09:23 | 001,806,336 | ---- | M] () -- C:\Users\kmailler\Documents\VCheck.vbf
    [2012/09/30 13:39:22 | 000,017,408 | ---- | M] () -- C:\Users\kmailler\Documents\storeinventory2011.xlr

    ========== Files Created - No Company Name ==========

    [2012/10/21 13:13:17 | 000,538,941 | ---- | C] () -- C:\Users\kmailler\Desktop\adwcleaner.exe
    [2012/10/13 21:59:02 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/13 21:53:13 | 093,654,616 | ---- | C] () -- C:\Users\kmailler\Desktop\avast_free_antivirus_setup.exe
    [2012/10/03 20:29:44 | 000,026,112 | ---- | C] () -- C:\Users\kmailler\Documents\kevinsheehan2012.wps
    [2012/07/18 20:36:40 | 000,202,296 | ---- | C] () -- C:\Windows\hpoins18.dat
    [2012/07/18 20:36:40 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
    [2012/07/18 20:03:18 | 000,201,749 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
    [2012/07/18 20:03:18 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
    [2012/03/18 22:36:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/18 22:36:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/18 22:36:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/18 22:36:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/18 22:36:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/01 11:09:48 | 000,000,847 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/12/08 14:48:28 | 000,001,002 | ---- | C] () -- C:\ProgramData\repository.xml
    [2011/10/12 15:33:47 | 000,000,000 | ---- | C] () -- C:\Users\kmailler\AppData\Local\{422B9728-6828-458F-B21F-63D509C4A365}
    [2011/07/08 12:38:51 | 000,213,187 | ---- | C] () -- C:\Users\kmailler\AppData\Roaming\MMUpgrade.jpg
    [2011/03/22 19:29:08 | 000,001,849 | ---- | C] () -- C:\Users\kmailler\AppData\Roaming\GhostObjGAFix.xml
    [2011/02/05 20:00:06 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
    [2010/11/26 13:46:16 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

    ========== LOP Check ==========

    [2011/10/21 10:39:37 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\abelhadigital.com
    [2010/01/07 09:54:12 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\acccore
    [2010/12/30 08:46:24 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Amazon
    [2011/04/13 10:44:22 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Arkadium
    [2011/11/19 11:16:32 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\com.amazon.music.uploader
    [2011/01/06 11:53:26 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Digiarty
    [2010/11/27 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Exent Technologies
    [2010/11/27 12:23:40 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\funkitron
    [2012/09/30 09:12:29 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\G7PS
    [2010/07/17 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Gamelab
    [2011/11/05 12:42:37 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\IrfanView
    [2011/10/05 10:30:17 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Mayan Puzzle
    [2011/11/08 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Nuance
    [2011/12/10 16:36:08 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\PerformerSoft
    [2010/01/13 20:44:29 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Template
    [2011/05/21 08:43:39 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\TomTom
    [2010/09/23 14:32:49 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\VTExtra
    [2011/11/08 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\WeatherBug
    [2010/04/27 07:55:40 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\WindSolutions
    [2011/11/08 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\kmailler\AppData\Roaming\Zeon
    [2012/10/14 06:44:15 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - kmailler.job
    [2012/10/14 11:02:28 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/01/06 12:34:01 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TempFC5A2B2
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TempEE46C4E

    < End of report >

Page 1 of 4 123 ... LastLast