Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Naughty Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Naughty Computer

Unread postby Jekejosh » December 11th, 2010, 2:32 pm

Hi,
I'm running Windows XP SP3. Recently I've had trouble with the computer running extremely slow. I cannot update windows or IE. On-line attempts to run scanners such as TrendMicro housecall and Pnda fail, (usually showing a "not connected to the network" error). Both IE7 and Firefox will re-direct web page requests or just load another page in a different window without asking. Although Pop ups is disabled, recieiving numberous un-asked for pages. I've run Charter Communications virus program which is not showing anything.
Thanks in advance for your help.
HiJacks this Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:34 PM, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2052111302-1677128483-682003330-1006\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-2052111302-1677128483-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-1677128483-682003330-1006\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.14/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.26/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7279364504
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ ... oupons.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://charter.net/files/charter/securi ... /fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9089F1EA-54FE-4763-A880-6B214C6E1F55}: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe

--
End of file - 9618 bytes

Uninstall List:
WILLPower
1&1 EasyLogin
7-Zip 4.57
Acrobat.com
ActionReplay Xbox
ActivePerl 5.10.0 Build 1004
Adobe AIR
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AI RoboForm (All Users)
ASAP Utilities
ATI Catalyst Control Center
ATI Decoder
ATI Display Driver (Omega 3.8.442)
ATI Multimedia Center 9.16
Automotive Wolf v4.493 Installation
BlackBerry Desktop Software 6.0
BlackBerry Desktop Software 6.0
Bonjour
BusinessCards'98
Cakewalk Pyro Plus 1
CDDRV_Installer
Charter Security Suite
CleanUp!
Cobian Backup 10
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Cryptainer LE
Crystal Reports Support
CSI
CSI-3 Dimensions of Murder 1.1
CSI-Dark Motives
CSI-Hard Evidence
DirectShow Dump
Doom 3
download version
Dup Detector
DVD Shrink 3.2
DVDFab Platinum 4.1.2.0
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
Evernote
Falcon 4.0: Allied Force
FEAR
Fellowes/NEATO MediaFACE
ffdshow [rev 1723] [2007-12-24]
F-Secure PSC Prerequisites
Google Earth
Google SketchUp 7
Google Update Helper
GPL Ghostscript 8.63
GUIDE PLUS+(TM) for Windows® System - ATI
HGTV Home Design & Remodeling Suite 2.0
HGTV Home Design & Remodeling Suite 2.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
Home and Business Attorney
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
Internet Explorer (Enable DEP)
iTunes
Java 2 Runtime Environment, SE v1.4.1_07
Java Web Start
Jawbone Updater
KhalInstallWrapper
Logitech Registration
Logitech SetPoint
MGI PhotoSuite III (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office FrontPage 2003
Microsoft Office Outlook 2003
Microsoft Office Professional Edition 2003
Microsoft Office Publisher 2003
Microsoft Office Visio Professional 2003
Microsoft Picture It! Publishing Silver 2001
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WinUsb 1.0
Monopoly
Monster Jam
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
msxml4
MyDVD
Nero Suite
neroxml
Netflix Movie Viewer
OverDrive Media Console
Paint.NET v3.36
Panda ActiveScan 2.0
PCI Audio Applications
PCI Audio Driver
PDFill PDF Editor with FREE PDF Writer and Tools
PermissionTV Download Manager
PermissionTV Springhill Library Player 3.14
Picasa 3
PS/GC/BOX To PC CONVERTOR
PunkBuster Services
Pyro Plus Plugins 1
Quicken 2009
Quicken WillMaker Plus 2006
Radeon Omega Drivers v4.8.442 Setup Files and Tools
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
SPORE™
TaxCut Basic 2006
TaxCut Premium 2007
The Game Of Life
TightVNC 1.3.10
TiVo Desktop 2.7
TiVo Desktop 2.7
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VIA Rhine-Family Fast-Ethernet Adapter
VLC media player 1.0.1
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Mobile Device Updater Component
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43-9C
WinRAR archiver
YoWindow
Zune
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Jekejosh
Active Member
 
Posts: 8
Joined: December 11th, 2010, 2:23 pm
Advertisement
Register to Remove

Re: Naughty Computer

Unread postby askey127 » December 15th, 2010, 7:40 am

Jekejosh,
Sorry for the delay.
If you still need help and are not receiving it elsewhere, please proceed as follows:

I am removing Cleanup! because it is a registry "cleaner" that has damaged machines in the past.
Don't ever use a Registry cleaner, booster or optimizer. If they are perfect, they don't help. If they are imperfect, they can wreck your machine.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{9089F1EA-54FE-4763-A880-6B214C6E1F55}: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

CleanUp!
Java 2 Runtime Environment, SE v1.4.1_07
<-- this old one probably got your machine infected originally
Java Web Start

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis (double-click in XP)
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Naughty Computer

Unread postby Jekejosh » December 15th, 2010, 10:43 pm

Thanks,
I may have already screwed up my registry by using a program called EasyCleaner by ToniArts. I hope not.
Here's my latest HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:42:54 PM, on 12/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.14/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.26/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7279364504
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ ... oupons.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://charter.net/files/charter/securi ... /fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe

--
End of file - 8126 bytes
Jekejosh
Active Member
 
Posts: 8
Joined: December 11th, 2010, 2:23 pm

Re: Naughty Computer

Unread postby askey127 » December 16th, 2010, 7:38 am

Jekejosh,
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 23 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Choose Desktop as the location to save the installer and click Save again.
  • You should now have a desktop icon named mbam-setup.exe. Double-click it.
  • Let it install the program where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
  • You can now delete the installer icon, named mbam-setup.exe from your desktop.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.

So we are looking for the results of the Malwarebytes scan, and the two reports from OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Naughty Computer

Unread postby Jekejosh » December 18th, 2010, 10:49 am

Please see below:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5325

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/16/2010 6:17:59 PM
mbam-log-2010-12-16 (18-17-59).txt

Scan type: Quick scan
Objects scanned: 160249
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Jekejosh
Active Member
 
Posts: 8
Joined: December 11th, 2010, 2:23 pm

Re: Naughty Computer

Unread postby Jekejosh » December 18th, 2010, 10:50 am

OTL. Txt
OTL logfile created on: 12/16/2010 6:21:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 166.75 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
Drive E: | 488.73 Mb Total Space | 450.15 Mb Free Space | 92.11% Space Free | Partition Type: FAT

Computer Name: RECROOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/16 07:07:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/10/13 16:09:18 | 000,064,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2010/09/23 08:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/08/16 17:21:08 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2010/08/16 17:21:06 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2010/07/14 17:53:31 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2010/03/27 01:26:58 | 000,715,776 | ---- | M] (Repkasoft) -- C:\Program Files\YoWindow\yowindow.exe
PRC - [2009/12/30 18:26:05 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 09:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 09:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/16 07:07:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/08/05 09:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Spam Control\fsscoepl.dll
MOD - [2009/08/05 09:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2010/10/13 16:09:18 | 000,064,016 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/09/24 12:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 12:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 12:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/09/23 08:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/08/24 03:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/12/30 18:26:05 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/04/24 06:38:06 | 000,200,765 | ---- | M] (PermissionTV) [Disabled | Stopped] -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2006/01/04 06:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\cryptainersrv.exe -- (ssoftservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cel90xbe.sys -- (cel90xbe)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2010/12/16 17:05:34 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/12/15 18:25:14 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/11/30 18:32:54 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/08/05 09:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 09:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 09:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/05/14 17:58:43 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2009/04/05 11:20:21 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/01/06 20:29:23 | 000,170,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2008/12/24 18:17:51 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/12/01 11:06:40 | 000,561,536 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/12/01 11:06:40 | 000,132,352 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/04/13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/04 23:26:40 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/05 01:55:04 | 000,017,952 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/03/05 01:06:32 | 000,022,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAC607.sys -- (MAC607)
DRV - [2007/03/05 00:21:06 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Xbox.sys -- (XBox)
DRV - [2006/12/13 17:52:52 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2006/12/13 17:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/05/23 16:00:26 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/13 10:15:44 | 000,056,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atineuxx.sys -- (ATITUNEP)
DRV - [2005/04/13 10:14:56 | 000,075,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinesxx.sys -- (ATIXSAudio)
DRV - [2005/04/13 10:12:43 | 000,165,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/04/13 10:11:42 | 000,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2005/04/13 10:11:25 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005/04/13 10:07:30 | 000,055,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2004/08/03 16:29:32 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) ATI WDM Rage Theater Video (Microsoft Corporation)
DRV - [2004/05/21 00:30:02 | 000,114,944 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 16:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/02/18 09:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hp4200c.sys -- (hp4200c)
DRV - [2001/01/02 21:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xbreader.sys -- (xbreader) ActionReplay XBox Driver (xbreader.sys)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 C4 1D E1 1F 9D CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: CLIP@chris.synan:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 17:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter Security Suite\NRS\litmus-ff@f-secure.com [2010/09/07 08:07:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 15:54:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/15 20:58:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:53:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 20:58:54 | 000,000,000 | ---D | M]

[2010/10/29 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/29 18:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/07 21:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/12/14 20:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyrux0n2.default\extensions
[2010/10/29 18:19:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyrux0n2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/08 17:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyrux0n2.default\extensions\CLIP@chris.synan
[2010/12/16 07:05:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/11 11:53:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/15 20:58:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/11 11:52:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/11 11:52:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/12/05 22:52:44 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/12/15 20:58:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/11 11:52:59 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/08/18 19:59:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/18 19:59:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/18 19:59:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/18 19:59:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/18 19:59:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/18 19:59:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/08/18 19:59:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/10/26 22:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/26 22:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/26 22:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/26 22:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/26 22:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/10/26 22:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/26 22:49:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/14 20:31:41 | 000,000,338 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/58.14/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/22.26/uploader2.cab (UploadListView Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7279364504 (WUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ ... oupons.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://charter.net/files/charter/securi ... /fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/14 17:16:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8e6346ce-21a7-11db-ab3d-0011d8087adc}\Shell - "" = AutoRun
O33 - MountPoints2\{8e6346ce-21a7-11db-ab3d-0011d8087adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a89fce52-5988-11db-ab9d-0011d8087adc}\Shell\AutoRun\command - "" = PortableRoboForm.exe
O33 - MountPoints2\{a89fce52-5988-11db-ab9d-0011d8087adc}\Shell\RoboForm2Go\command - "" = PortableRoboForm.exe
O33 - MountPoints2\{fa6c7389-2f4c-11de-b099-0011d8087adc}\Shell - "" = AutoRun
O33 - MountPoints2\{fa6c7389-2f4c-11de-b099-0011d8087adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa6c7389-2f4c-11de-b099-0011d8087adc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fbfca2b1-cec5-11dd-afd8-0011d8087adc}\Shell - "" = AutoRun
O33 - MountPoints2\{fbfca2b1-cec5-11dd-afd8-0011d8087adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbfca2b1-cec5-11dd-afd8-0011d8087adc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 07:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/12/16 07:52:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/16 07:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/16 07:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 07:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/16 07:07:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/16 07:02:20 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/12/16 06:49:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/16 06:48:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/15 21:16:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/12/15 20:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/15 20:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/15 20:58:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/15 20:58:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/15 20:58:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/15 20:58:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/15 20:58:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/12 17:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/12/12 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/11/18 12:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2008/12/25 12:30:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2007/09/08 05:50:24 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\ShellLnkSSE.dll

========== Files - Modified Within 30 Days ==========

[2010/12/16 18:19:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malwarebytes.doc
[2010/12/16 17:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/16 17:05:34 | 000,082,120 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2010/12/16 17:02:25 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B9518C9C-754D-460E-BCAA-48ED35BD8E68}.job
[2010/12/16 16:59:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/16 16:59:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/16 16:58:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/16 16:58:36 | 000,469,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 08:10:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/16 07:52:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/16 07:15:39 | 000,144,875 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Medical Record_new.pdf
[2010/12/16 07:07:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/16 07:02:27 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/12/16 06:57:52 | 000,054,110 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Medical Report from United Health Care.pdf
[2010/12/16 06:42:50 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/12/15 21:29:12 | 000,000,326 | ---- | M] () -- C:\Documents and Settings\Administrator\.kmttg_settings
[2010/12/15 21:26:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/15 20:58:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/15 20:58:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/15 20:58:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/15 20:58:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/15 20:58:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/15 18:25:14 | 000,042,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/12/08 19:01:38 | 000,025,856 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Documents of Jerry Clinton Thompson.pfl
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

========== Files Created - No Company Name ==========

[2010/12/16 18:19:57 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malwarebytes.doc
[2010/12/16 07:52:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/16 07:15:37 | 000,144,875 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Medical Record_new.pdf
[2010/12/16 06:57:48 | 000,054,110 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Medical Report from United Health Care.pdf
[2010/12/15 21:29:11 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B9518C9C-754D-460E-BCAA-48ED35BD8E68}.job
[2010/11/06 07:28:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/10/12 19:20:02 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Rim.Desktop.Exception.log
[2010/10/12 18:19:01 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/07/24 21:44:57 | 000,917,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/15 18:26:35 | 000,000,389 | ---- | C] () -- C:\WINDOWS\QuickSysInformer.INI
[2010/03/12 19:15:27 | 000,013,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (DOS).CAL
[2010/03/09 19:37:30 | 000,038,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2010/01/22 19:06:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/25 15:42:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/25 15:16:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009/12/25 15:14:21 | 000,217,149 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2009/12/25 15:13:41 | 000,002,066 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/12/05 16:49:45 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/12/05 16:49:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/08/21 21:07:58 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2009/08/21 21:07:58 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2009/08/21 21:07:58 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2009/08/21 21:07:57 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2009/08/21 21:07:57 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2009/08/21 21:07:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2009/08/21 21:07:10 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2009/08/21 21:07:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2009/08/21 21:07:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2009/08/21 21:07:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2009/08/21 21:07:07 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2009/08/08 19:04:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Hidhlp.dll
[2009/08/08 19:04:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\iFT8D91.dll
[2009/08/08 19:04:34 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Xbox.sys
[2009/08/08 19:04:34 | 000,022,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAC607.sys
[2009/04/11 14:56:47 | 000,006,555 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml
[2009/04/11 14:55:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/04/05 19:46:13 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/03/07 18:14:47 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/01 22:30:12 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/01/01 22:30:11 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2008/12/25 12:30:16 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2008/12/25 12:30:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/12/25 12:30:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/12/25 12:30:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/12/20 22:05:07 | 000,000,567 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2008/02/07 18:53:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/01/03 06:22:31 | 000,038,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.ADR
[2008/01/03 06:21:49 | 000,013,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.CAL
[2008/01/02 20:34:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/12/23 12:57:55 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2007/10/16 18:29:25 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/07/21 06:33:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/07/21 06:33:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unace.dll
[2007/07/19 18:08:41 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/14 10:18:41 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/06/06 13:16:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2007/03/04 19:36:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/03/04 14:52:23 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2007/01/29 20:04:36 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/29 20:04:14 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/27 08:52:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/27 08:47:36 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/27 08:47:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
[2006/11/12 17:54:55 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/02 13:28:20 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/10/24 19:14:18 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2006/09/02 06:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2006/09/01 16:39:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\COOWIZCK.INI
[2006/09/01 16:39:28 | 000,000,051 | ---- | C] () -- C:\WINDOWS\coowiz20.ini
[2006/08/17 18:17:25 | 000,000,016 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/08/12 05:59:10 | 000,000,230 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2006/08/12 05:53:42 | 000,000,895 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/08/12 05:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2006/06/27 18:52:04 | 000,000,031 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\.zreglib
[2006/06/09 17:47:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/04/26 19:42:59 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/04/26 19:40:19 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/04/26 19:40:12 | 000,000,595 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/04/08 17:03:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2006/03/09 20:28:53 | 000,011,306 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/05 20:32:13 | 000,000,237 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/03/05 19:03:55 | 000,000,207 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/05 18:59:57 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/03/05 08:10:41 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/19 09:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/02/19 09:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/02/19 09:43:02 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/18 16:02:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/02/18 16:02:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/02/18 16:01:38 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2006/02/18 15:58:53 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2006/02/18 15:16:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2006/02/12 15:21:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/02/12 15:21:49 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2006/02/12 15:21:14 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2006/02/12 15:21:05 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/02/12 15:21:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/02/11 12:01:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/01/15 09:11:30 | 000,000,699 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/14 18:36:41 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/01/14 18:19:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/01/14 18:17:47 | 000,003,289 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/01/14 18:17:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/01/13 21:02:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/12 07:29:08 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_000013_.tmp.dll
[2004/08/12 07:21:13 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_000014_.tmp.dll
[2004/05/21 01:30:02 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2004/01/28 10:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/02/02 23:59:28 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[1999/09/22 01:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/03/27 18:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\1&1
[2010/03/19 19:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ASAP Utilities
[2010/01/04 15:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2008/01/02 19:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeLorme
[2010/03/06 18:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDFab
[2010/08/05 18:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2009/12/15 18:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\F-Secure
[2006/06/18 13:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileMaker
[2008/03/08 16:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2008/02/28 22:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtopala
[2006/03/07 20:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HBA
[2009/05/09 07:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2010/08/08 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
[2006/01/15 15:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ispnews
[2007/10/06 15:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWin
[2010/01/04 21:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\jah
[2010/08/15 19:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JawboneUpdater
[2008/09/10 20:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JottExpress.50E28EE2422BD0599F081C2408B1BFDDBEFC6B6B.1
[2007/12/18 19:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nvu
[2007/01/07 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2010/11/15 21:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OverDrive
[2006/06/28 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SlySoft
[2009/12/05 16:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SPORE
[2008/02/07 18:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2009/02/07 21:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TomTom
[2008/01/02 20:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2010/08/24 05:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2006/03/07 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WILLPower
[2008/09/10 20:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/12/12 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/04/21 19:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YoWindow
[2009/12/24 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audible
[2008/02/15 17:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/06/11 19:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/07/27 17:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CADlogic Limited
[2010/03/09 21:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2009/04/05 19:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/10/23 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2007/12/11 17:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/10/08 20:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/01/31 19:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2007/10/06 15:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/05/09 07:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2008/04/05 06:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2007/01/13 13:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/08/20 18:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/03/09 19:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2007/03/08 18:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2008/02/07 18:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/09 07:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2006/10/21 10:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/03/08 18:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Snaptune
[2008/01/27 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/10/06 15:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/11 21:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
[2009/02/07 21:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/03/14 20:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/03/11 19:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/18 20:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/16 06:42:50 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2010/12/16 17:02:25 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B9518C9C-754D-460E-BCAA-48ED35BD8E68}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\From The Desk of Jerry.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\doctors note.rtf:Roxio EMC Stream
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6E32B82

< End of report >
Jekejosh
Active Member
 
Posts: 8
Joined: December 11th, 2010, 2:23 pm

Re: Naughty Computer

Unread postby Jekejosh » December 18th, 2010, 10:53 am

Extras.txt
OTL Extras logfile created on: 12/16/2010 6:21:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 166.75 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
Drive E: | 488.73 Mb Total Space | 450.15 Mb Free Space | 92.11% Space Free | Partition Type: FAT

Computer Name: RECROOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"9420:TCP" = 9420:TCP:*:Enabled:Red Swoosh
"5000:UDP" = 5000:UDP:*:Enabled:Red Swoosh
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7288
"7289:TCP" = 7289:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7289
"7290:TCP" = 7290:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7290
"7291:TCP" = 7291:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7291
"7292:TCP" = 7292:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7292
"7293:TCP" = 7293:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7293
"7294:TCP" = 7294:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7294
"7295:TCP" = 7295:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7295
"7296:TCP" = 7296:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7296
"7297:TCP" = 7297:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7297

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe" = C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe:*:Enabled:TrueWeather -- (Digital Information Network)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\RadioTime\mrt.exe" = C:\Program Files\RadioTime\mrt.exe:*:Enabled:RadioTime Recorder -- File not found
"C:\Program Files\RadioTime\rtstream.exe" = C:\Program Files\RadioTime\rtstream.exe:*:Enabled:RadioTime Stream Player -- File not found
"C:\Program Files\RadioTime\mrtupdate.exe" = C:\Program Files\RadioTime\mrtupdate.exe:*:Enabled:RadioTime LiveUpdate -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" = C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\curl.exe" = C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service -- ()
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\Sierra\FEAR\FEARMP.exe" = C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEARMP -- (Monolith Productions, Inc.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Jawbone\JawboneUpdater.exe" = C:\Program Files\Jawbone\JawboneUpdater.exe:*:Enabled:JawboneUpdater -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" WILLPower" = WILLPower
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A26689-82BB-6FF9-1FDA-93B18547C8C8}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{21BC2871-0B96-9EC1-6CBF-A0B9BCBC0D89}" = Skins
"{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center
"{3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E}" = ccc-core-static
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{410DB4DE-354D-F472-F66D-FCFF345A8960}" = Catalyst Control Center Graphics Previews Common
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.7
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{5F49D1B0-D558-F251-715E-A46CD0A30FED}" = ccc-utility
"{61BA2A5B-881D-EEF7-F5D2-5EFAF7CCBDA9}" = Catalyst Control Center Graphics Light
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63AF33D5-22C5-4CA0-AAE7-D70B6138E8B2}" = Crystal Reports Support
"{651E5E05-3416-E761-B919-37EF1F4272F9}" = Catalyst Control Center Core Implementation
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D7B631E-52DB-4A33-88EF-4FA0195EDDB1}" = CSI
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7191C910-3F72-B2CA-0FA5-F0E78F5F8FD2}" = CCC Help English
"{7366C935-3B74-4DF7-94D4-FB3A8DE1101C}" = Automotive Wolf v4.493 Installation
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A65E382-1843-4B46-861B-1BECB8354911}" = Falcon 4.0: Allied Force
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DEE4C35-1C60-413E-9630-77A0222D5C45}" = CSI-Dark Motives
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+(TM) for Windows® System - ATI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE3F7D1C-85E3-4814-9435-088C38110001}" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C559CCD6-E2B8-4C7B-9791-AB68F382F9C2}" = DirectShow Dump
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" =
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E2F40C56-83E9-459D-BCE7-68FE3073D942}" = HGTV Home Design & Remodeling Suite 2.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EC33A4E0-A500-D4A2-C1F8-DCA04496B053}" = Catalyst Control Center Graphics Full Existing
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF128055-9B10-4FF9-8500-5648CF8F899C}" = ATI Decoder
"{F3BF1670-5541-45A2-AFD3-2AA2E9754EEE}" = Microsoft Picture It! Publishing Silver 2001
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Hard Evidence
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"7-Zip" = 7-Zip 4.57
"ActionReplay Xbox" = ActionReplay Xbox
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AheadManual!UninstallKey" =
"AI RoboForm" = AI RoboForm (All Users)
"ASAP Utilities_is1" = ASAP Utilities
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"Branding" =
"BusinessCards'98" = BusinessCards'98
"Cakewalk Pyro Plus 1" = Cakewalk Pyro Plus 1
"Char-Broil Guide to Grilling Cookbook_is1" = download version
"CobBackup10" = Cobian Backup 10
"Connection Manager" =
"CSI-3 Dimensions of Murder" = CSI-3 Dimensions of Murder 1.1
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Digital Editions" = Adobe Digital Editions
"DirectAnimation" =
"DirectDrawEx" =
"dlatray.exe" =
"DupDetector" = Dup Detector
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"DXM_Runtime" =
"DXTXTRA" = Microsoft DirectX Transform optional components
"EPSON Printer and Utilities" = EPSON Printer Software
"Fellowes/NEATO MediaFACE" = Fellowes/NEATO MediaFACE
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Fontcore" =
"F-Secure Product 444" = Charter Security Suite
"FT8D91" = PS/GC/BOX To PC CONVERTOR
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"Home and Business Attorney" = Home and Business Attorney
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 9.16
"InstallShield_{E2F40C56-83E9-459D-BCE7-68FE3073D942}" = HGTV Home Design & Remodeling Suite 2.0
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{EF128055-9B10-4FF9-8500-5648CF8F899C}" = ATI Decoder
"Jawbone Updater" = Jawbone Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PRISM_V3_0" = MGI PhotoSuite III (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Monster Jam_is1" = Monster Jam
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MyCDPro.exe" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OutlookExpress" =
"PCHealth" =
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"Picasa 3" = Picasa 3
"PowerShell" = Windows PowerShell(TM) 1.0
"PunkBusterSvc" = PunkBuster Services
"Pyro Plus Plugins 1" = Pyro Plus Plugins 1
"Quicken WillMaker Plus 2006" = Quicken WillMaker Plus 2006
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"SBWIN32.EXE" =
"SchedulingAgent" =
"SGTRAY.EXE" =
"Shockwave" = Shockwave
"Springhill Library Player_is1" = PermissionTV Springhill Library Player 3.14
"sscrle_is1" = Cryptainer LE
"TaxCut Basic 2006" = TaxCut Basic 2006
"The Game Of Life" = The Game Of Life
"TightVNC_is1" = TightVNC 1.3.10
"TiVo Desktop 2.7" = TiVo Desktop 2.7
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"yowindow" = YoWindow
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Vuze Launcher" = Vuze Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2010 10:14:34 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 10:14:34 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 10:35:26 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 10:35:27 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 10:35:27 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 10:35:27 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 11:01:17 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 11:01:17 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 11:01:17 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/15/2010 11:01:17 PM | Computer Name = RECROOM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 12/15/2010 8:29:22 PM | Computer Name = RECROOM | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/15/2010 10:19:31 PM | Computer Name = RECROOM | Source = Service Control Manager | ID = 7034
Description = The Cobian Backup 10 Volume Shadow Copy service service terminated
unexpectedly. It has done this 1 time(s).

Error - 12/15/2010 10:25:36 PM | Computer Name = RECROOM | Source = Service Control Manager | ID = 7034
Description = The FSGKHS service terminated unexpectedly. It has done this 1 time(s).

Error - 12/15/2010 10:25:41 PM | Computer Name = RECROOM | Source = Service Control Manager | ID = 7034
Description = The FSMA service terminated unexpectedly. It has done this 1 time(s).

Error - 12/15/2010 10:35:53 PM | Computer Name = RECROOM | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 12/15/2010 10:53:40 PM | Computer Name = RECROOM | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 12/15/2010 11:01:43 PM | Computer Name = RECROOM | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 12/15/2010 11:26:05 PM | Computer Name = RECROOM | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 12/16/2010 8:42:14 AM | Computer Name = RECROOM | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 12/16/2010 6:58:55 PM | Computer Name = RECROOM | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >
Jekejosh
Active Member
 
Posts: 8
Joined: December 11th, 2010, 2:23 pm

Re: Naughty Computer

Unread postby askey127 » December 18th, 2010, 3:35 pm

Jekejosh,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cel90xbe.sys -- (cel90xbe)
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Naughty Computer

Unread postby Jekejosh » December 18th, 2010, 4:09 pm

It's running a lot better now. Not getting the popups and redirects. I am having trouble with IE8 error: a program on your computer has corrupted you default search engine, blah, blah, blah. It opens up a window to manange add-ons but I can't make any changes. Been using Firefox instead.
Thank you for your help!!!

Latest OTL.txt
OTL logfile created on: 12/18/2010 2:00:41 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop\Utilities
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 517.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 168.93 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive E: | 488.73 Mb Total Space | 450.03 Mb Free Space | 92.08% Space Free | Partition Type: FAT

Computer Name: RECROOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/16 07:07:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Utilities\OTL.exe
PRC - [2010/10/13 16:09:18 | 000,064,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2010/09/23 08:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/08/16 17:21:08 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2010/08/16 17:21:06 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2010/07/14 17:53:31 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2010/03/27 01:26:58 | 000,715,776 | ---- | M] (Repkasoft) -- C:\Program Files\YoWindow\yowindow.exe
PRC - [2009/12/30 18:26:05 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 09:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 09:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/16 07:07:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Utilities\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/08/05 09:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Spam Control\fsscoepl.dll
MOD - [2009/08/05 09:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe -- (F-Secure BlackLight Sensor)
SRV - [2010/10/13 16:09:18 | 000,064,016 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/09/24 12:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 12:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 12:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/09/23 08:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/08/24 03:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/12/30 18:26:05 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/04/24 06:38:06 | 000,200,765 | ---- | M] (PermissionTV) [Disabled | Stopped] -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2006/01/04 06:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\cryptainersrv.exe -- (ssoftservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsbldrv.sys -- (fsbl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2010/12/16 17:05:34 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/12/15 18:25:14 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/11/30 18:32:54 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/08/05 09:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 09:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 09:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/05/14 17:58:43 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2009/04/05 11:20:21 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/01/06 20:29:23 | 000,170,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2008/12/24 18:17:51 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/12/01 11:06:40 | 000,561,536 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/12/01 11:06:40 | 000,132,352 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/04/13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/04 23:26:40 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/05 01:55:04 | 000,017,952 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/03/05 01:06:32 | 000,022,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAC607.sys -- (MAC607)
DRV - [2007/03/05 00:21:06 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Xbox.sys -- (XBox)
DRV - [2006/12/13 17:52:52 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2006/12/13 17:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/05/23 16:00:26 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/13 10:15:44 | 000,056,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atineuxx.sys -- (ATITUNEP)
DRV - [2005/04/13 10:14:56 | 000,075,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinesxx.sys -- (ATIXSAudio)
DRV - [2005/04/13 10:12:43 | 000,165,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/04/13 10:11:42 | 000,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2005/04/13 10:11:25 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005/04/13 10:07:30 | 000,055,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2004/08/03 16:29:32 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) ATI WDM Rage Theater Video (Microsoft Corporation)
DRV - [2004/05/21 00:30:02 | 000,114,944 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 16:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/02/18 09:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hp4200c.sys -- (hp4200c)
DRV - [2001/01/02 21:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xbreader.sys -- (xbreader) ActionReplay XBox Driver (xbreader.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C A8 CB 70 E8 9E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: CLIP@chris.synan:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter Security Suite\NRS\litmus-ff@f-secure.com [2010/09/07 08:07:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 15:54:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:53:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 20:58:54 | 000,000,000 | ---D | M]

[2010/10/29 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/02/07 21:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/12/17 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyrux0n2.default\extensions
[2010/10/29 18:19:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyrux0n2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/08 17:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyrux0n2.default\extensions\CLIP@chris.synan
[2010/12/17 22:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 20:58:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/15 20:58:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/14 20:31:41 | 000,000,338 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/58.14/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/22.26/uploader2.cab (UploadListView Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7279364504 (WUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ ... oupons.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://charter.net/files/charter/securi ... /fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/14 17:16:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8e6346ce-21a7-11db-ab3d-0011d8087adc}\Shell - "" = AutoRun
O33 - MountPoints2\{8e6346ce-21a7-11db-ab3d-0011d8087adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a89fce52-5988-11db-ab9d-0011d8087adc}\Shell\AutoRun\command - "" = PortableRoboForm.exe
O33 - MountPoints2\{a89fce52-5988-11db-ab9d-0011d8087adc}\Shell\RoboForm2Go\command - "" = PortableRoboForm.exe
O33 - MountPoints2\{fa6c7389-2f4c-11de-b099-0011d8087adc}\Shell - "" = AutoRun
O33 - MountPoints2\{fa6c7389-2f4c-11de-b099-0011d8087adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa6c7389-2f4c-11de-b099-0011d8087adc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fbfca2b1-cec5-11dd-afd8-0011d8087adc}\Shell - "" = AutoRun
O33 - MountPoints2\{fbfca2b1-cec5-11dd-afd8-0011d8087adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbfca2b1-cec5-11dd-afd8-0011d8087adc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 13:56:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/16 07:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/12/16 07:52:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/16 07:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/16 07:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 07:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/15 21:16:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/12/15 20:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/15 20:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/12 17:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/12/12 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2008/12/25 12:30:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2007/09/08 05:50:24 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\ShellLnkSSE.dll

========== Files - Modified Within 30 Days ==========

[2010/12/18 13:59:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/18 13:58:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/18 13:58:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/18 13:42:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 13:21:01 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B9518C9C-754D-460E-BCAA-48ED35BD8E68}.job
[2010/12/18 08:37:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/12/16 17:05:34 | 000,082,120 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2010/12/16 16:58:36 | 000,469,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 08:10:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 21:29:12 | 000,000,326 | ---- | M] () -- C:\Documents and Settings\Administrator\.kmttg_settings
[2010/12/15 21:26:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/15 18:25:14 | 000,042,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/12/08 19:01:38 | 000,025,856 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Documents of Jerry Clinton Thompson.pfl
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/15 21:29:11 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B9518C9C-754D-460E-BCAA-48ED35BD8E68}.job
[2010/11/06 07:28:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/10/12 19:20:02 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Rim.Desktop.Exception.log
[2010/10/12 18:19:01 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/07/24 21:44:57 | 000,917,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/15 18:26:35 | 000,000,389 | ---- | C] () -- C:\WINDOWS\QuickSysInformer.INI
[2010/03/12 19:15:27 | 000,013,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (DOS).CAL
[2010/03/09 19:37:30 | 000,038,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2010/01/22 19:06:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/25 15:42:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/25 15:16:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009/12/25 15:14:21 | 000,217,149 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2009/12/25 15:13:41 | 000,002,066 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/12/05 16:49:45 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/12/05 16:49:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/08/21 21:07:58 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2009/08/21 21:07:58 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2009/08/21 21:07:58 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2009/08/21 21:07:57 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2009/08/21 21:07:57 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2009/08/21 21:07:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2009/08/21 21:07:10 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2009/08/21 21:07:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2009/08/21 21:07:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2009/08/21 21:07:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2009/08/21 21:07:07 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2009/08/08 19:04:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Hidhlp.dll
[2009/08/08 19:04:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\iFT8D91.dll
[2009/08/08 19:04:34 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Xbox.sys
[2009/08/08 19:04:34 | 000,022,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAC607.sys
[2009/04/11 14:56:47 | 000,006,555 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml
[2009/04/11 14:55:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/04/05 19:46:13 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/03/07 18:14:47 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/01 22:30:12 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/01/01 22:30:11 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2008/12/25 12:30:16 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2008/12/25 12:30:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/12/25 12:30:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/12/25 12:30:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/12/20 22:05:07 | 000,000,567 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2008/02/07 18:53:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/01/03 06:22:31 | 000,038,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.ADR
[2008/01/03 06:21:49 | 000,013,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.CAL
[2008/01/02 20:34:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/12/23 12:57:55 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2007/10/16 18:29:25 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/07/21 06:33:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/07/21 06:33:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unace.dll
[2007/07/19 18:08:41 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/14 10:18:41 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/06/06 13:16:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2007/03/04 19:36:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/03/04 14:52:23 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2007/01/29 20:04:36 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/29 20:04:14 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/27 08:52:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/27 08:47:36 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/27 08:47:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
[2006/11/12 17:54:55 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/02 13:28:20 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/10/24 19:14:18 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2006/09/02 06:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2006/09/01 16:39:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\COOWIZCK.INI
[2006/09/01 16:39:28 | 000,000,051 | ---- | C] () -- C:\WINDOWS\coowiz20.ini
[2006/08/17 18:17:25 | 000,000,016 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/08/12 05:59:10 | 000,000,230 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2006/08/12 05:53:42 | 000,000,895 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/08/12 05:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2006/06/27 18:52:04 | 000,000,031 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\.zreglib
[2006/06/09 17:47:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/04/26 19:42:59 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/04/26 19:40:19 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/04/26 19:40:12 | 000,000,595 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/04/08 17:03:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2006/03/09 20:28:53 | 000,011,306 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/05 20:32:13 | 000,000,237 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/03/05 19:03:55 | 000,000,207 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/05 18:59:57 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/03/05 08:10:41 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/19 09:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/02/19 09:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/02/19 09:43:02 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/18 16:02:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/02/18 16:02:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/02/18 16:01:38 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2006/02/18 15:58:53 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2006/02/18 15:16:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2006/02/12 15:21:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/02/12 15:21:49 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2006/02/12 15:21:14 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2006/02/12 15:21:05 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/02/12 15:21:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/02/11 12:01:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/01/15 09:11:30 | 000,000,699 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/14 18:36:41 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/01/14 18:19:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/01/14 18:17:47 | 000,003,289 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/01/14 18:17:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/01/13 21:02:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/12 07:29:08 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_000013_.tmp.dll
[2004/08/12 07:21:13 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_000014_.tmp.dll
[2004/05/21 01:30:02 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2004/01/28 10:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/02/02 23:59:28 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[1999/09/22 01:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/03/27 18:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\1&1
[2010/03/19 19:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ASAP Utilities
[2010/01/04 15:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2008/01/02 19:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeLorme
[2010/03/06 18:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDFab
[2010/08/05 18:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2009/12/15 18:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\F-Secure
[2006/06/18 13:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileMaker
[2008/03/08 16:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2008/02/28 22:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtopala
[2006/03/07 20:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HBA
[2009/05/09 07:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2010/08/08 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
[2006/01/15 15:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ispnews
[2007/10/06 15:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWin
[2010/01/04 21:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\jah
[2010/08/15 19:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JawboneUpdater
[2008/09/10 20:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JottExpress.50E28EE2422BD0599F081C2408B1BFDDBEFC6B6B.1
[2007/12/18 19:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nvu
[2007/01/07 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2010/11/15 21:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OverDrive
[2006/06/28 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SlySoft
[2009/12/05 16:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SPORE
[2008/02/07 18:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2009/02/07 21:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TomTom
[2008/01/02 20:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2010/08/24 05:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2006/03/07 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WILLPower
[2008/09/10 20:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/12/12 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/04/21 19:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YoWindow
[2009/12/24 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audible
[2008/02/15 17:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/06/11 19:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/07/27 17:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CADlogic Limited
[2010/03/09 21:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2009/04/05 19:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/10/23 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2007/12/11 17:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/10/08 20:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/01/31 19:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2007/10/06 15:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/05/09 07:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2008/04/05 06:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2007/01/13 13:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/08/20 18:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/03/09 19:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2007/03/08 18:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2008/02/07 18:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/09 07:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2006/10/21 10:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/03/08 18:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Snaptune
[2008/01/27 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/10/06 15:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/11 21:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
[2009/02/07 21:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/03/14 20:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/03/11 19:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/18 20:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/18 08:37:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2010/12/18 13:21:01 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B9518C9C-754D-460E-BCAA-48ED35BD8E68}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\From The Desk of Jerry.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\doctors note.rtf:Roxio EMC Stream
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6E32B82

< End of report >
Jekejosh
Active Member
 
Posts: 8
Joined: December 11th, 2010, 2:23 pm

Re: Naughty Computer

Unread postby askey127 » December 18th, 2010, 5:10 pm

Jekejosh,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent_DNA\dna.exe" =-
    "C:\Program Files\BitTorrent\bittorrent.exe" =-
    "C:\Program Files\uTorrent\uTorrent.exe" =-
    
    :Files
    C:\Program Files\BitTorrent
    C:\Program Files\uTorrent
    
    :commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
----------------------------------------------
Run OTL Again
This time, when it starts, click the Clean Up button and allow it to remove the tools we used.


Some tips for using Firefox:
-------------------------------------------------------
Update Firefox and Improve Security
Open Firefox. Hit an <Alt> key to pop up the File menu at the top.
Click Help in the top menu, and choose Check for Updates
Let it install any updates it wants.

Install Adblock Plus
Open Firefox if its not running. Hit an <Alt> key again, to pop up the File menu at the top.
Click on Tools, then Add-ons
When the Add-ons dialog comes up, type "Adblock Plus" into the search box, then click on it, and click the Add to Firefox button.
When asked to choose a filter, choose the first one.

Install NoScript
Open Firefox if its not running. Hit an <Alt> key again, to pop up the File menu at the top.
Click on Tools, then Add-ons
When the Add-ons dialog comes up, type "NoScript" into the search box, then click on it, and click the Add to Firefox button.
This blocks scripts from running on any website unless you click on the little "S" in the lower right corner of the screen and choose Allow scripts this page.
You should only allows scripts on trusted websites.
----------------------------------------------
I don't wish to attempt to fix the startup message from IE8.

You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Naughty Computer

Unread postby Jekejosh » December 18th, 2010, 8:28 pm

Thank You Very Much for your help.
Jekejosh
Active Member
 
Posts: 8
Joined: December 11th, 2010, 2:23 pm

Re: Naughty Computer

Unread postby askey127 » December 21st, 2010, 8:06 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware