Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop keeps trying to "phone home"

Started by TaxSleuth , Dec 23 2011 03:12 PM

  • Please log in to reply

#1
TaxSleuth
Posted 23 December 2011 - 03:12 PM

TaxSleuth

    New Member

  • Member
  • Pip
  • 1 posts
For quite a while now, my lap top has been making spontaneous outbound IP calls. Luckily, Malwarebytes blocks this. These happen even when the laptop has no one using it, or accessing the internet in any way. Malwarebytes does not find anything on its scans, but I assume something is in there.

Can an expert take a look. Any and all advise will be greatly appreciated.

Here is the OTL log:

OTL logfile created on: 12/23/2011 3:46:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Charles Computer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.05 Mb Total Physical Memory | 259.79 Mb Available Physical Memory | 25.42% Memory free
2.40 Gb Paging File | 1.62 Gb Available in Paging File | 67.46% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.07 Gb Total Space | 2.10 Gb Free Space | 3.56% Space Free | Partition Type: NTFS
Drive D: | 15.35 Gb Total Space | 11.20 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive R: | 87.80 Gb Total Space | 23.87 Gb Free Space | 27.19% Space Free | Partition Type: NTFS
Drive T: | 278.84 Gb Total Space | 170.25 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
Drive W: | 278.84 Gb Total Space | 170.25 Gb Free Space | 61.06% Space Free | Partition Type: NTFS

Computer Name: LAPTOP1 | User Name: Charles Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 15:46:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Computer\Desktop\OTL.exe
PRC - [2011/12/05 14:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Charles Computer\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/09/08 11:12:04 | 001,124,352 | ---- | M] (PrinterAnywhere) -- C:\Program Files\PrinterShare\paConsole.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/02/09 09:34:32 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/20 16:12:20 | 000,308,464 | ---- | M] (SupportSpace, Inc.) -- C:\Program Files\SupportSpace\Support Platform\supportspace_tools.exe
PRC - [2007/06/08 17:40:58 | 000,128,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/05/14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/14 15:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/15 11:58:06 | 000,964,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Media Vault\Utilities\HPMVTray.exe
PRC - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/10/07 13:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 15:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 22:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/04/01 10:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/01 22:05:55 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2011/05/01 21:59:23 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011/05/01 21:59:09 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2011/05/01 21:58:34 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/05/01 21:58:25 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/05/01 21:58:19 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/05/01 21:58:18 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/05/01 21:58:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/05/01 21:58:15 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/05/01 21:58:07 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/05/01 21:58:06 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/05/01 21:58:04 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/05/01 21:58:03 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/01/18 11:52:50 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/01/18 11:52:50 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/01/18 11:52:49 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/01/18 11:52:45 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/01/18 11:52:44 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/01/18 11:52:44 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/01/18 11:52:44 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/01/18 11:52:44 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/01/18 11:52:42 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/01/18 11:52:42 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/01/18 11:52:42 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/01/18 11:52:42 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/15 15:11:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2008/12/25 12:36:32 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/06/02 11:42:54 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/06/02 11:42:40 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/01/20 16:06:34 | 000,516,096 | ---- | M] () -- C:\Program Files\SupportSpace\Support Platform\w32gnutls.dll
MOD - [2007/05/14 15:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/01/30 16:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 16:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
MOD - [2005/10/13 14:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (GoToMyPC)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/02/22 21:56:51 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/20 16:12:20 | 000,308,464 | ---- | M] (SupportSpace, Inc.) [Auto | Running] -- C:\Program Files\SupportSpace\Support Platform\supportspace_tools.exe -- (SupportSpaceHelperService)
SRV - [2007/05/14 15:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/29 22:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/25 20:11:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/01 00:33:02 | 000,114,704 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCWWAN.sys -- (PTDCWWAN)
DRV - [2010/07/01 00:33:00 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2010/07/01 00:33:00 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2010/07/01 00:33:00 | 000,054,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2010/04/14 19:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/03/25 10:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 10:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 10:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 10:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 10:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/06/02 11:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 17:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/06/05 10:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/09/01 12:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/08/28 16:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2006/07/19 12:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/11/25 17:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/10 10:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.049
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Charles Computer\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Charles Computer\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 13:36:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 11:12:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Charles Computer\Application Data\Move Networks [2009/09/12 22:18:28 | 000,000,000 | ---D | M]

[2008/04/06 12:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles Computer\Application Data\Mozilla\Extensions
[2011/09/09 20:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles Computer\Application Data\Mozilla\Firefox\Profiles\sqyq2uvb.default\extensions
[2009/09/16 22:25:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Charles Computer\Application Data\Mozilla\Firefox\Profiles\sqyq2uvb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/18 12:53:25 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Documents and Settings\Charles Computer\Application Data\Mozilla\Firefox\Profiles\sqyq2uvb.default\extensions\unplug@compunach
[2008/04/06 14:59:15 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Charles Computer\Application Data\Mozilla\Firefox\Profiles\sqyq2uvb.default\searchplugins\youtube-video-search.xml
[2011/09/21 09:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/28 12:58:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/01 17:43:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/30 20:14:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/09/12 22:18:28 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\Charles Computer\APPLICATION DATA\MOVE NETWORKS
[2009/01/02 21:38:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/09 14:55:13 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/05/09 14:55:09 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/03/18 16:03:00 | 000,081,920 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/01 19:12:39 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Homestead SiteBuilder Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
CHR - plugin: getPlusPlus for Adobe 16244 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Charles Computer\Application Data\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/08/15 14:47:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPMVTray] C:\Program Files\Hewlett-Packard\HP Media Vault\Utilities\HPMVTray.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKCU..\Run: [PrinterShare] C:\Program Files\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - HKCU..\Run: [TaskScheduler] C:\ProWin10\32bit\TaskSch.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CS Connect Background Services.lnk = C:\WinCSI\Tools\ConnectBGDL.exe (Thomson Reuters)
O4 - Startup: C:\Documents and Settings\Charles Computer\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Charles Computer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKCU\..Trusted Domains: elance.com ([collab] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elance.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elance.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: godaddy.com ([mya] https in Trusted sites)
O15 - HKCU\..Trusted Domains: godaddy.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gotomypc.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: irs.gov ([la.www4] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mynutrikids.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: naea.org ([webboard] http in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([ebillpay] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {08653405-44A9-4E99-9C09-DD00770AAA08} http://www.supportsp...Space_tools.dll (Support Platform Strapper)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://inotes.adrus.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1304300659296 (WUWebControl Class)
O16 - DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} https://accounting.q...24/qboimax6.cab (QuickBooks Online Edition Import Utilities Class v6)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1304300631078 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} http://151.203.99.51...tdownloader.cab (PowerTerm Downloader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomee...ets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9D27C3FA-6662-4D29-99FB-A58A405FD584} https://secureshare....Wizard4.0.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecu...asyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intuit.webex...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email02.secur...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A10CB517-B8DF-41FF-BF9F-6E0B675EC222}: DhcpNameServer = 8.8.8.8 4.2.2.2
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wxvault.dll) -C:\WINDOWS\system32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charles Computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 15:46:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charles Computer\Desktop\OTL.exe
[2011/12/21 13:33:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charles Computer\My Documents\Dropbox
[2011/12/21 13:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Computer\Start Menu\Programs\Dropbox
[2011/12/21 13:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Computer\Application Data\Dropbox
[2011/12/21 13:30:06 | 015,033,280 | ---- | C] (Dropbox, Inc.) -- C:\Documents and Settings\Charles Computer\Desktop\Dropbox 1.2.49.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/23 16:00:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3277B1A-2E11-4D47-B9FF-9A71E056957E}.job
[2011/12/23 15:46:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Computer\Desktop\OTL.exe
[2011/12/23 15:24:00 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1007UA.job
[2011/12/23 15:05:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1009UA.job
[2011/12/23 11:24:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1007Core.job
[2011/12/23 11:05:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1009Core.job
[2011/12/23 02:26:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/21 17:21:49 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2011/12/21 13:33:35 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\Charles Computer\Desktop\Dropbox.lnk
[2011/12/21 13:31:20 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\Charles Computer\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/21 13:30:13 | 015,033,280 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Charles Computer\Desktop\Dropbox 1.2.49.exe
[2011/12/21 11:04:06 | 000,109,815 | ---- | M] () -- C:\Documents and Settings\Charles Computer\Desktop\IRS notice CP23 changes to 2009 return TY2009.pdf
[2011/12/21 10:56:46 | 000,062,416 | ---- | M] () -- C:\Documents and Settings\Charles Computer\Desktop\Dennis Hough IRS notice CP21A.pdf
[2011/12/21 10:24:57 | 000,446,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/21 10:24:57 | 000,073,894 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/21 10:20:43 | 000,028,979 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/12/21 10:20:43 | 000,028,979 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/21 10:20:40 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 10:20:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 10:20:11 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 10:39:50 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/13 13:42:16 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/11/25 00:49:30 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/24 18:50:51 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Charles Computer\Desktop\German Totalization.rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 13:33:35 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\Charles Computer\Desktop\Dropbox.lnk
[2011/12/21 13:31:20 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\Charles Computer\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/24 20:40:07 | 1071,767,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/24 18:50:51 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\Charles Computer\Desktop\German Totalization.rtf
[2011/09/27 18:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UTWAPP.INI
[2011/08/15 14:20:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/15 14:20:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/23 13:19:45 | 000,012,435 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2010/12/01 21:19:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/15 15:37:14 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/15 15:36:49 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/15 15:36:49 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/02/15 15:36:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bd8890dw.dat
[2010/02/15 15:35:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/02/15 15:35:45 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/02/15 15:35:45 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT
[2010/02/15 15:35:44 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/02/15 15:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/02/15 15:35:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/02/15 15:32:56 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/10/18 22:28:53 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDIB4.dll
[2009/09/23 20:28:58 | 000,027,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/06 18:16:05 | 000,079,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/29 15:48:20 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/05/29 15:48:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Charles Computer\Application Data\PnkBstrK.sys
[2009/05/29 15:48:02 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/05/29 15:47:59 | 002,246,144 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/05/29 15:47:59 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/05/12 06:36:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2009/02/28 17:32:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/17 20:34:43 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/02/01 19:14:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/02/01 19:11:58 | 000,098,136 | ---- | C] () -- C:\WINDOWS\gzip.exe
[2008/10/03 08:56:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/09 17:31:31 | 000,000,223 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/04/21 17:10:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/04/21 17:10:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/04/21 17:10:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/04/21 16:57:03 | 000,000,528 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/19 12:50:49 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Charles Computer\Application Data\AutoGK.ini
[2008/04/19 08:40:42 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Charles Computer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/06 12:12:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/08 20:32:00 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Charles Computer\Local Settings\Application Data\fusioncache.dat
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0409.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0C0A.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0419.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0410.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex040C.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0409.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0407.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0C0A.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0419.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0410.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex040C.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0409.dll
[2008/03/08 10:08:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0407.dll
[2008/03/08 10:08:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0412.dll
[2008/03/08 10:08:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0411.dll
[2008/03/08 10:08:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0412.dll
[2008/03/08 10:08:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0411.dll
[2008/03/08 10:08:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0804.dll
[2008/03/08 10:08:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0804.dll
[2008/03/08 10:08:07 | 000,000,712 | ---- | C] () -- C:\WINDOWS\FJTWSTI.INI
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0C0A.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0410.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex040C.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0407.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0C0A.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0419.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0410.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex040C.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0407.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0C0A.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0410.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex040C.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0407.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0C0A.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0410.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex040C.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0407.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0C0A.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0410.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex040C.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0407.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0C0A.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0410.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex040C.dll
[2008/03/08 10:08:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0407.dll
[2008/03/08 10:08:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0409.dll
[2008/03/08 10:08:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0412.dll
[2008/03/08 10:08:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0411.dll
[2008/03/08 10:08:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0411.dll
[2008/03/08 10:08:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0409.dll
[2008/03/08 10:08:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0409.dll
[2008/03/08 10:08:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0409.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0804.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0411.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0804.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0804.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0804.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0411.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0804.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0411.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0804.dll
[2008/03/08 10:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0411.dll
[2008/03/08 10:08:05 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex.dll
[2008/03/08 10:08:05 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex.dll
[2008/03/08 10:08:05 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex.dll
[2008/03/08 10:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0C0A.dll
[2008/03/08 10:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0410.dll
[2008/03/08 10:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex040C.dll
[2008/03/08 10:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0407.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0409.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0c0a.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0410.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex040C.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0409.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0407.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0C0A.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0410.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex040C.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0409.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0407.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0C0A.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0410.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex040C.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0409.dll
[2008/03/08 10:08:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0407.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0804.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0411.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0804.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0411.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0804.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0411.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0804.dll
[2008/03/08 10:08:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0411.dll
[2008/03/08 09:54:08 | 000,000,410 | ---- | C] () -- C:\WINDOWS\dms.INI
[2008/02/22 07:15:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/16 11:47:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/16 11:43:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/16 11:40:06 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2008/02/16 11:38:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/16 11:38:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/16 11:31:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/16 11:31:26 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/16 11:31:26 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/02/16 11:14:47 | 000,028,979 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/02/16 11:11:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2008/02/16 11:10:56 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/16 11:10:56 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/02/16 11:10:56 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/16 11:10:55 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/16 11:10:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/16 11:10:54 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/02/16 11:10:53 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/02/16 11:10:52 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/02/16 11:09:18 | 000,001,028 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/31 21:16:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/01/31 21:08:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/01/31 21:08:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/01/31 21:08:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/01/31 21:08:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/01/31 21:08:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/01/31 21:08:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/01/31 21:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/01/31 21:07:42 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/01/31 21:07:34 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/01/31 21:07:24 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/01/31 14:09:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/01/31 14:09:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/01/31 14:09:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/01/31 14:08:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/01/31 14:08:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/01/31 14:08:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/01/31 14:07:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/01/31 14:07:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/01/31 14:07:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/01/31 14:06:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/30 16:31:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/01/30 16:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/02 10:14:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,024,692 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:20 | 000,446,310 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,073,894 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/07/20 19:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/08/29 19:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2008/02/22 21:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/11/23 16:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2008/12/15 08:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common
[2011/05/27 09:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
[2008/06/05 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/02/16 11:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2008/12/10 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/12 09:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2008/04/20 23:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\runebivi
[2010/02/15 15:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/08 07:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/02/16 11:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/10/24 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/03/25 12:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2011/09/20 21:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/09/12 12:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2C9DBDBB-2D80-410C-8699-A38A9E6168ED}
[2011/09/04 12:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/23 20:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/06 18:25:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2011/09/12 12:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2008/08/31 12:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Amazon
[2009/08/31 00:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Chaos Software
[2008/09/20 17:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\CVS
[2011/12/23 14:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Dropbox
[2011/05/27 09:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Easy Duplicate Finder
[2009/11/29 21:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Ericom
[2008/03/08 20:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Fujitsu
[2011/07/03 18:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Gmail Backup
[2011/07/25 11:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\gtk-2.0
[2009/08/23 10:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\salesforce.com
[2010/10/24 10:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Smith Micro
[2011/04/14 12:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Stamps.com Internet Postage
[2009/05/17 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\TeamViewer
[2009/06/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\uniblue
[2009/05/17 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\uTorrent
[2011/11/20 10:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\Wave Systems Corp
[2011/05/09 14:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Computer\Application Data\webex
[2011/12/23 02:26:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/23 16:00:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E3277B1A-2E11-4D47-B9FF-9A71E056957E}.job

========== Purity Check ==========


< End of report >


Charles

Edited by TaxSleuth, 23 December 2011 - 03:14 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP