Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Issues


  • Please log in to reply

#1
butterrice

butterrice

    Member

  • Member
  • PipPipPip
  • 403 posts
I have been working with Skeptic on my browser issues. He has asked me to post in this forum to make sure my computer is Malware free. Here is the link to the thread between us

http://www.geekstogo...ger-t267928.htm

It's in Operating Systems Windows XP heading Device Manager. In short, I can open IE7 but can not launch any other browser. The last action Skeptic had me do was uninstall Firefox and Google Chrome (two browsers I can not open) then reinstall them. And he had me disable the drivers with a red x and run a malware scan. I disabled the drivers, reinstalled the browsers and rebooted - still could not launch the browsers, but could launch IE7. Here is the malware report:

MalwareBytes Report:
Malwarebytes' Anti-Malware 1.44
Database version: 3711
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/9/2010 12:16:50 AM
mbam-log-2010-02-09 (00-16-50).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 213725
Time elapsed: 1 hour(s), 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Skeptic wants to make sure there isn't any Malware on my computer. So is there something I can do, another scan, to make sure?
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Follow the guide and post your logs (copy and paste - do not use attachments)
http://www.geekstogo...uide-t2852.html

Ron
  • 0

#3
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Okay here is everything....

MALWAREBYTES:
Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/11/2010 8:48:48 PM
mbam-log-2010-02-11 (20-48-48).txt

Scan type: Quick Scan
Objects scanned: 133549
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-12 02:54:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Bea\LOCALS~1\Temp\uwliauog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF84C587E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF84C5BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (*** hidden *** ) 1824

---- EOF - GMER 1.0.15 ----


OTL.TXT
OTL logfile created on: 2/12/2010 5:04:01 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Bea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 176.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 38.00 Gb Free Space | 62.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 51.29 Gb Total Space | 46.92 Gb Free Space | 91.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-CELERON-M
Current User Name: Bea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/12 17:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
PRC - [2010/02/11 20:25:14 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Bea\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/02/09 21:09:02 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2010/02/09 21:09:02 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2010/02/05 22:26:13 | 001,236,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2010/02/05 22:26:13 | 000,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2010/02/05 22:26:09 | 001,093,632 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2010/02/05 19:59:23 | 016,248,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/09/13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/08/17 08:58:24 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/13 08:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/04 01:38:34 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/04/26 00:21:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/03/05 02:40:25 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2006/06/23 10:40:58 | 000,086,016 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/23 10:39:54 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2006/04/29 05:13:46 | 000,766,041 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/01/17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2004/11/01 18:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004/10/08 10:50:52 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe


========== Modules (SafeList) ==========

MOD - [2010/02/12 17:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
MOD - [2007/03/30 13:39:52 | 000,272,992 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloHL.dll
MOD - [2006/06/23 10:40:58 | 000,081,920 | ---- | M] (Logitech) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 22:26:13 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/03 10:12:34 | 001,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/17 08:58:24 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/11 13:17:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/06 22:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/04/26 00:21:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/30 13:39:36 | 000,482,920 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe -- (ioloDMV)
SRV - [2006/06/23 10:40:58 | 000,086,016 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/01/17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 21:07:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/09 21:07:09 | 000,000,000 | ---D | M]

[2010/02/09 20:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Mozilla\Extensions
[2009/08/14 02:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Mozilla\Extensions\[email protected]
[2010/02/09 21:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2010/02/08 22:31:18 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe (Lexmark)
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1180052573437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183974491937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/24 17:07:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/24 17:07:08 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16328941673381888)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/12 17:02:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
[2010/02/11 23:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\gmer
[2010/02/11 20:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/08 22:30:39 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Bea\My Documents\WinsockxpFix.exe
[2010/02/08 21:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\XP TCPIP Repair
[2010/02/08 21:51:22 | 000,578,557 | ---- | C] (WareSoft Software ) -- C:\Documents and Settings\Bea\My Documents\xptcprep.exe
[2010/02/07 18:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2010/02/07 18:26:45 | 000,947,042 | ---- | C] (Phyxion.net - Guru3D.com ) -- C:\Documents and Settings\Bea\My Documents\DriverSweeper_1.5.5_setup__Guru3D.com_.exe
[2010/02/07 11:41:10 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/02/07 11:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2010/02/06 23:47:32 | 000,088,363 | ---- | C] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
[2010/02/06 23:47:31 | 000,064,512 | ---- | C] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe
[2010/02/06 23:47:15 | 001,270,540 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys
[2010/02/06 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Application Data\System Tweaker
[2010/02/06 23:16:55 | 002,698,976 | ---- | C] (Uniblue ) -- C:\Documents and Settings\Bea\My Documents\systemtweaker.exe
[2010/02/06 21:36:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/02/06 21:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Microsoft Corporation
[2010/02/06 21:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/02/06 15:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/06 14:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\LAN Driver Marvell 8.55.4.3
[2010/02/06 14:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Chipset Driver Intel 8.0.0.1009
[2010/02/06 01:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/02/06 01:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\My Drivers
[2010/02/06 01:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Innovative Solutions
[2010/02/06 01:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\iXi Tools
[2010/02/06 00:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/06 00:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/02/06 00:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/02/06 00:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Application Data\Uniblue
[2010/02/06 00:02:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2010/02/05 23:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2010/02/05 23:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\LaunchMgr_Dritek_1.2.0.1208_XPx86
[2010/02/05 23:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2010/02/05 22:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Acer GridVista_2.53.0209_XPx86
[2010/02/05 22:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/02/05 22:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Broadcom_4.10.40_XPx86
[2010/02/05 21:58:18 | 000,546,976 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\ar5211.sys
[2010/02/05 21:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010/02/05 21:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_5.3.0.45_XPx86_A
[2010/02/05 21:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\VGA_Nvidia_8.4.8.5_XPx86
[2010/02/05 21:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\VGA_Intel_6.14.10.4543_XPx86
[2010/02/05 21:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Touchpad_Synaptics_8.3.0.0_XPx86
[2010/02/05 21:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Modem_Agere_2.1.7.5_XPx86
[2010/02/05 21:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.55.4.3_XPx86
[2010/02/05 21:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.59.5.3_XPx86_A
[2010/02/05 21:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2010/02/05 21:17:32 | 000,162,432 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
[2010/02/05 21:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\CardReader_TI_2.0.0.2_XPx86
[2010/02/05 21:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SUYIN NB Cam
[2010/02/05 21:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Camera_Suyin_1.0.0.1_XPx86
[2010/02/05 20:56:36 | 000,245,824 | ---- | C] (Logitech) -- C:\WINDOWS\Instexec.exe
[2010/02/05 20:56:27 | 000,245,824 | R--- | C] (Logitech) -- C:\WINDOWS\System32\InstExec.exe
[2010/02/05 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/02/05 20:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acer
[2010/02/05 20:56:02 | 000,319,488 | ---- | C] (Acer) -- C:\WINDOWS\System32\CamCplRes.dll
[2010/02/05 20:56:02 | 000,086,016 | ---- | C] (Acer) -- C:\WINDOWS\System32\vatee.ax
[2010/02/05 20:56:01 | 000,303,104 | ---- | C] (Acer) -- C:\WINDOWS\System32\camcpl.cpl
[2010/02/05 20:55:57 | 000,167,936 | ---- | C] (Acer) -- C:\WINDOWS\System32\VxLib.dll
[2010/02/05 20:55:57 | 000,151,552 | ---- | C] (Acer) -- C:\WINDOWS\System32\VLib.dll
[2010/02/05 20:55:53 | 000,039,424 | ---- | C] (Acer) -- C:\WINDOWS\System32\VxLibRes.dll
[2010/02/05 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2010/02/05 20:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Camera_Logitech_9.4.4.1082_XPx86
[2010/02/05 20:43:15 | 000,077,942 | ---- | C] (Bison Inc.) -- C:\WINDOWS\System32\BisonRem.dll
[2010/02/05 20:43:14 | 000,806,272 | ---- | C] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\drivers\BisonCam.sys
[2010/02/05 20:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\BisonCam
[2010/02/05 20:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Camera_Bison_5.0.0.8_XPx86
[2010/02/05 20:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/02/05 20:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Bluetooth_Broadcom_5.0.1.1500_XPx86
[2010/02/05 19:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86
[2010/02/05 19:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Chipset_Intel_8.0.0.1009_XPx86
[2010/02/02 23:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/02 23:36:25 | 011,650,440 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Bea\My Documents\Opera_1010_in_Setup.exe
[2010/02/02 23:13:31 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\Bea\My Documents\Firefox Setup 3.6.exe
[2010/02/02 23:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/02 23:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/02 22:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/02 22:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Temp
[2010/02/02 22:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Deployment
[2010/01/31 13:43:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bea\PrivacIE
[2010/01/31 13:30:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bea\IECompatCache
[2010/01/09 19:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/09 06:27:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/22 09:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/24 17:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/11/26 02:56:51 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2007/08/28 21:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/18 17:36:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/25 18:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2007/05/24 17:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/03/02 09:13:41 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/03/02 09:12:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/03/02 09:05:53 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/03/02 09:04:14 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/03/02 09:02:55 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/03/02 09:00:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/03/02 08:59:32 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/03/02 08:58:58 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/03/02 08:51:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/03/02 08:51:09 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/03/02 08:47:01 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2 C:\Documents and Settings\Bea\My Documents\*.tmp files -> C:\Documents and Settings\Bea\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/12 17:11:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job
[2010/02/12 17:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
[2010/02/12 16:59:51 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Report for Geeks to go.doc
[2010/02/12 16:58:15 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/12 16:55:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/12 16:52:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/12 16:52:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/12 16:52:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/12 04:25:04 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003UA.job
[2010/02/12 04:18:58 | 000,121,968 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\OTL.exe
[2010/02/11 23:07:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\gmer.zip
[2010/02/11 23:06:02 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bea\My Documents\~$port for Geeks to go.doc
[2010/02/11 22:58:12 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Bea\ntuser.dat
[2010/02/11 22:57:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bea\ntuser.ini
[2010/02/11 21:14:06 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003Core.job
[2010/02/11 20:39:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/11 20:36:20 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\NTREGOPT.lnk
[2010/02/11 20:36:20 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\ERUNT.lnk
[2010/02/11 20:28:02 | 000,668,796 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/11 20:28:02 | 000,559,764 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/11 20:28:02 | 000,099,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/11 20:16:32 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\My Documents\TFC.exe
[2010/02/11 20:08:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 21:07:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/09 21:05:39 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\Bea\My Documents\Firefox Setup 3.6.exe
[2010/02/08 22:31:18 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/08 22:30:49 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Bea\My Documents\WinsockxpFix.exe
[2010/02/08 21:53:21 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\XP TCPIP Repair.lnk
[2010/02/08 21:52:54 | 000,578,557 | ---- | M] (WareSoft Software ) -- C:\Documents and Settings\Bea\My Documents\xptcprep.exe
[2010/02/07 18:27:07 | 000,947,042 | ---- | M] (Phyxion.net - Guru3D.com ) -- C:\Documents and Settings\Bea\My Documents\DriverSweeper_1.5.5_setup__Guru3D.com_.exe
[2010/02/07 09:01:01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\reg clnrreg code.doc
[2010/02/07 09:00:08 | 000,061,009 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\reg clnr receipt uniblue.pdf
[2010/02/07 08:34:23 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/02/06 23:21:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Serial number for Uniblue.doc
[2010/02/06 23:20:30 | 000,061,146 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Uniblue Driver scan and system tweaker reciept.pdf
[2010/02/06 23:17:44 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\System Tweaker.lnk
[2010/02/06 23:17:08 | 002,698,976 | ---- | M] (Uniblue ) -- C:\Documents and Settings\Bea\My Documents\systemtweaker.exe
[2010/02/06 22:32:11 | 000,182,946 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.59.5.3_XPx86_A.zip
[2010/02/06 22:25:10 | 000,183,006 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\LAN Driver Marvell 8.55.4.3.zip
[2010/02/06 22:10:15 | 000,041,403 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\upgrade win 7 req.mht
[2010/02/06 21:35:45 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/02/06 14:17:50 | 001,748,621 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Chipset Driver Intel 8.0.0.1009.zip
[2010/02/06 00:04:03 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/02/05 23:35:44 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/05 23:35:44 | 000,000,136 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/05 23:35:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/05 23:05:23 | 000,000,083 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/02/05 23:05:00 | 000,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
[2010/02/05 23:05:00 | 000,005,120 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\FILTRCOI.DLL
[2010/02/05 23:04:57 | 000,147,456 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2010/02/05 23:04:54 | 000,049,152 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
[2010/02/05 23:04:24 | 004,187,088 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\LaunchMgr_Dritek_1.2.0.1208_XPx86.zip
[2010/02/05 23:00:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Setup.INI
[2010/02/05 23:00:23 | 000,000,092 | ---- | M] () -- C:\WINDOWS\GridV.UNI
[2010/02/05 22:59:13 | 000,655,741 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Acer GridVista_2.53.0209_XPx86.zip
[2010/02/05 22:26:13 | 002,129,920 | ---- | M] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2010/02/05 22:26:13 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/02/05 22:26:12 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\preflib.dll
[2010/02/05 22:26:08 | 000,069,632 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2010/02/05 22:26:07 | 000,033,664 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2010/02/05 22:25:55 | 000,757,760 | ---- | M] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/02/05 22:25:24 | 076,850,498 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Broadcom_4.10.40_XPx86.zip
[2010/02/05 22:00:35 | 001,667,957 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_4.2.2.7_XPx86.zip
[2010/02/05 21:56:43 | 002,791,534 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_5.3.0.45_XPx86_A.zip
[2010/02/05 21:54:02 | 022,001,318 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\VGA_Nvidia_8.4.8.5_XPx86.zip
[2010/02/05 21:49:12 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2010/02/05 21:49:12 | 000,058,704 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/02/05 21:49:12 | 000,023,216 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/02/05 21:49:12 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
[2010/02/05 21:47:01 | 005,215,049 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\VGA_Intel_6.14.10.4543_XPx86.zip
[2010/02/05 21:42:12 | 000,081,920 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2010/02/05 21:41:34 | 005,597,177 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Touchpad_Synaptics_8.3.0.0_XPx86.zip
[2010/02/05 21:33:48 | 000,693,947 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Modem_Agere_2.1.7.5_XPx86.zip
[2010/02/05 21:30:40 | 000,183,282 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.55.4.3_XPx86.zip
[2010/02/05 21:17:32 | 000,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
[2010/02/05 21:17:01 | 003,656,275 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\CardReader_TI_2.0.0.2_XPx86.zip
[2010/02/05 21:07:47 | 000,000,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acer OrbiCam.lnk
[2010/02/05 21:06:40 | 036,825,342 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Camera_Suyin_1.0.0.1_XPx86.zip
[2010/02/05 20:49:57 | 052,453,460 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Camera_Logitech_9.4.4.1082_XPx86.zip
[2010/02/05 20:42:13 | 003,724,479 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Camera_Bison_5.0.0.8_XPx86.zip
[2010/02/05 20:31:12 | 074,817,555 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Bluetooth_Broadcom_5.0.1.1500_XPx86.zip
[2010/02/05 19:59:19 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/02/05 19:59:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/02/05 19:58:52 | 025,516,506 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86.zip
[2010/02/05 19:34:03 | 001,766,423 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Chipset_Intel_8.0.0.1009_XPx86.zip
[2010/02/02 23:36:26 | 011,650,440 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Bea\My Documents\Opera_1010_in_Setup.exe
[2010/02/02 23:07:52 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/02 22:49:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/01 20:02:23 | 004,844,290 | -H-- | M] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\IconCache.db
[2010/02/01 19:15:12 | 002,001,811 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/01/31 22:43:33 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\ie8 solution.doc
[2010/01/31 22:43:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bea\My Documents\~$8 solution.doc
[2 C:\Documents and Settings\Bea\My Documents\*.tmp files -> C:\Documents and Settings\Bea\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/12 04:07:19 | 000,121,968 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\OTL.exe
[2010/02/11 23:07:39 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\gmer.zip
[2010/02/11 23:06:02 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bea\My Documents\~$port for Geeks to go.doc
[2010/02/11 20:29:20 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\NTREGOPT.lnk
[2010/02/11 20:29:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\ERUNT.lnk
[2010/02/09 21:09:06 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003UA.job
[2010/02/09 21:09:05 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003Core.job
[2010/02/09 21:07:16 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/08 21:53:21 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\XP TCPIP Repair.lnk
[2010/02/08 21:50:53 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Report for Geeks to go.doc
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32C.BAT
[2010/02/07 11:37:16 | 000,640,204 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2010/02/07 11:37:16 | 000,010,843 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010/02/07 09:00:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\reg clnrreg code.doc
[2010/02/07 09:00:08 | 000,061,009 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\reg clnr receipt uniblue.pdf
[2010/02/07 08:34:23 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/02/06 23:21:46 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Serial number for Uniblue.doc
[2010/02/06 23:20:30 | 000,061,146 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Uniblue Driver scan and system tweaker reciept.pdf
[2010/02/06 23:17:44 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\System Tweaker.lnk
[2010/02/06 22:10:15 | 000,041,403 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\upgrade win 7 req.mht
[2010/02/06 21:35:45 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/02/06 14:25:07 | 000,183,006 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\LAN Driver Marvell 8.55.4.3.zip
[2010/02/06 14:17:35 | 001,748,621 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Chipset Driver Intel 8.0.0.1009.zip
[2010/02/06 00:04:03 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/02/05 23:05:23 | 000,000,083 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/02/05 23:04:17 | 004,187,088 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\LaunchMgr_Dritek_1.2.0.1208_XPx86.zip
[2010/02/05 23:00:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup.INI
[2010/02/05 23:00:23 | 000,000,092 | ---- | C] () -- C:\WINDOWS\GridV.UNI
[2010/02/05 22:59:09 | 000,655,741 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Acer GridVista_2.53.0209_XPx86.zip
[2010/02/05 22:25:07 | 076,850,498 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Broadcom_4.10.40_XPx86.zip
[2010/02/05 22:00:32 | 001,667,957 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_4.2.2.7_XPx86.zip
[2010/02/05 21:58:18 | 000,084,470 | ---- | C] () -- C:\WINDOWS\System32\net5211.inf
[2010/02/05 21:58:18 | 000,020,888 | ---- | C] () -- C:\WINDOWS\System32\net5211.cat
[2010/02/05 21:58:18 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2010/02/05 21:56:40 | 002,791,534 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_5.3.0.45_XPx86_A.zip
[2010/02/05 21:54:01 | 022,001,318 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\VGA_Nvidia_8.4.8.5_XPx86.zip
[2010/02/05 21:46:57 | 005,215,049 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\VGA_Intel_6.14.10.4543_XPx86.zip
[2010/02/05 21:41:30 | 005,597,177 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Touchpad_Synaptics_8.3.0.0_XPx86.zip
[2010/02/05 21:33:48 | 000,693,947 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Modem_Agere_2.1.7.5_XPx86.zip
[2010/02/05 21:30:39 | 000,183,282 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.55.4.3_XPx86.zip
[2010/02/05 21:19:51 | 000,182,946 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.59.5.3_XPx86_A.zip
[2010/02/05 21:16:56 | 003,656,275 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\CardReader_TI_2.0.0.2_XPx86.zip
[2010/02/05 21:08:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\DetectHWID.exe
[2010/02/05 21:07:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\mmEffect.ax
[2010/02/05 21:06:33 | 036,825,342 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Camera_Suyin_1.0.0.1_XPx86.zip
[2010/02/05 20:56:27 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2010/02/05 20:49:51 | 052,453,460 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Camera_Logitech_9.4.4.1082_XPx86.zip
[2010/02/05 20:43:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System\StillDrv.dll
[2010/02/05 20:43:15 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System\BisonVfw.dll
[2010/02/05 20:43:15 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20H0220.csr
[2010/02/05 20:43:15 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20F0220.csr
[2010/02/05 20:43:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System\BisonCam.dll
[2010/02/05 20:43:14 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/02/05 20:43:14 | 000,013,448 | ---- | C] () -- C:\WINDOWS\M2000Twn.src
[2010/02/05 20:43:12 | 000,000,485 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acer OrbiCam.lnk
[2010/02/05 20:41:57 | 003,724,479 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Camera_Bison_5.0.0.8_XPx86.zip
[2010/02/05 20:30:54 | 074,817,555 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Bluetooth_Broadcom_5.0.1.1500_XPx86.zip
[2010/02/05 19:58:00 | 025,516,506 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86.zip
[2010/02/05 19:33:57 | 001,766,423 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Chipset_Intel_8.0.0.1009_XPx86.zip
[2010/02/02 23:07:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/31 22:43:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\ie8 solution.doc
[2010/01/31 22:43:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bea\My Documents\~$8 solution.doc
[2010/01/31 13:29:59 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job
[2010/01/28 20:36:37 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Bea\Application Data\msnpromo.txt
[2009/09/01 08:30:27 | 000,000,597 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/27 20:21:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/11/26 03:08:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2007/11/26 03:08:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2007/11/26 03:08:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2007/11/26 03:08:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2007/11/26 02:58:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2007/11/26 02:56:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2007/11/26 02:55:42 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2007/11/19 06:35:42 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/11 23:48:47 | 000,006,314 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2007/07/31 00:00:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/07/21 14:30:59 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 19:13:09 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/07/18 19:13:09 | 000,046,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/07/18 19:13:09 | 000,039,552 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/07/18 19:13:09 | 000,037,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/05/26 08:50:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/26 08:45:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/25 18:44:06 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/05/25 18:44:00 | 000,435,816 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/05/25 18:34:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/05/25 18:33:26 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2007/05/25 18:15:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/24 18:53:58 | 000,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys
[2007/04/25 21:17:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/06/23 10:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006/06/23 10:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006/06/13 10:03:00 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/13 10:03:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/01 07:55:00 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2006/01/17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/03/31 07:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006655_.tmp.dll
[2002/08/13 00:55:38 | 000,467,001 | ---- | C] () -- C:\WINDOWS\System32\W3MKDE.DLL
[2002/08/13 00:55:38 | 000,061,499 | ---- | C] () -- C:\WINDOWS\System32\W3MKDERC.DLL
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/02/07 11:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2010/02/06 00:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/05/16 13:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/04/27 20:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/05/25 18:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/02/06 01:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2007/05/25 18:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/12/06 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/02/06 00:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/08 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/07/18 19:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2008/11/01 21:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/08/23 17:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/16 20:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2007/07/31 00:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/04/05 20:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/06 00:04:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/09/15 22:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 21:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/25 05:22:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/10/11 23:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Blackberry Desktop
[2008/06/05 18:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\CheckPoint
[2009/05/16 13:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\eBay
[2009/08/31 04:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\FrostWire
[2008/04/27 20:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\HotSync
[2007/05/26 13:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Individual Software
[2007/05/25 18:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\InterTrust
[2007/05/25 18:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\iolo
[2007/08/18 02:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Leadertech
[2007/11/26 03:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Lexmark Productivity Studio
[2009/08/14 03:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\LimeWire
[2007/12/09 04:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\MailFrontier(2)
[2010/01/28 20:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\MSNInstaller
[2009/08/18 21:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Netscape
[2007/09/11 23:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\QuitCounter
[2009/03/16 23:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Research In Motion
[2010/02/06 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\System Tweaker
[2010/02/07 08:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Uniblue
[2009/08/25 05:31:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/02/12 16:58:15 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/02/12 16:52:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/02/12 17:11:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/02 12:35:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/02 12:35:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/02 12:35:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/02 12:35:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/24 12:55:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/24 12:55:53 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/24 12:55:53 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


EXTRAS.TXT
OTL Extras logfile created on: 2/12/2010 5:04:01 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Bea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 176.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 38.00 Gb Free Space | 62.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 51.29 Gb Total Space | 46.92 Gb Free Space | 91.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-CELERON-M
Current User Name: Bea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /s

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /s
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe" = C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe:*:Enabled:Yahoo! UPnP AV Media Server -- (Yahoo!)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor -- (Lexmark)
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\Kodak\Printer Dock\Kodak Wireless Printer Computer Setup Assistant.exe" = C:\Program Files\Kodak\Printer Dock\Kodak Wireless Printer Computer Setup Assistant.exe:*:Enabled:Kodak Wireless Printer Computer Setup Assistant -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.18.6 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Bea\My Documents\My Music\FrostWire\FrostWire.exe" = C:\Documents and Settings\Bea\My Documents\My Music\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Disabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B59A227-CAC2-4688-8759-580B4DC5F220}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v5.10.79.14_Foxconn Installation Program
"{1D1032D6-2E54-4CA7-ABE5-76DC5D0A3D76}" = SuyinNBCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.28
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D26569C3-9B03-4669-9EC5-9FCF70933688}" = AcerOrbiCam
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}" = Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATT-AACE" = ATT-AACE
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.18.0
"getPlus®_ocx" = getPlus®_ocx
"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Protection Portfolio" = Protection Portfolio 1.0
"QuitKeeper" = Quit Keeper
"RealPlayer 12.0" = RealPlayer
"SprintMusicManagerA" = Sprint music manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Tweaker_is1" = Uniblue System Tweaker
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP TCP/IP Repair_is1" = XP TCP/IP Repair
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Search Defender" = Yahoo! Search Protection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2010 3:37:11 AM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 3:37:16 AM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 4:56:44 AM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 4:56:49 AM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 5:19:49 AM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 5:20:01 AM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 5:52:56 PM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 5:52:56 PM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 5:52:56 PM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/12/2010 5:52:56 PM | Computer Name = ACER-CELERON-M | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 2/11/2010 11:23:11 PM | Computer Name = ACER-CELERON-M | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2010 11:23:13 PM | Computer Name = ACER-CELERON-M | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2010 11:23:16 PM | Computer Name = ACER-CELERON-M | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2010 11:23:18 PM | Computer Name = ACER-CELERON-M | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2010 11:23:21 PM | Computer Name = ACER-CELERON-M | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2010 11:23:23 PM | Computer Name = ACER-CELERON-M | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2010 11:59:08 PM | Computer Name = ACER-CELERON-M | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 2/12/2010 12:00:05 AM | Computer Name = ACER-CELERON-M | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/12/2010 5:52:56 PM | Computer Name = ACER-CELERON-M | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 2/12/2010 5:53:37 PM | Computer Name = ACER-CELERON-M | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
No sign of anything malware related so far. We really need to run combofix to be sure but I see something major in your error logs:

Error - 2/11/2010 11:23:11 PM | Computer Name = ACER-CELERON-M | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Usually even tho it says D it is the C drive that is having the problem and it is a sign you should make sure you have your data backed up since it may be failing. If you open My Computer, right click on C: and select Properties then Tools then Error Checking, Check Now, check both boxes the Start it will tell you it has to wait for a reboot. Say OK then restart. It will check the hard drive. Takes about 30 minutes. It may figure out what is wrong with the drive and lock out the bad part so it won't be used again.

To run Combofix:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Do not allow it to install the Recovery Console. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#5
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Okay - here are the results:

ERROR CHECKING:

Fixed 4 Bad Blocks.

COMBOFIX:

ComboFix 10-02-12.01 - Bea 02/13/2010 7:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.141 [GMT -5:00]
Running from: c:\documents and settings\Bea\Desktop\George.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\mtwb.dat
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\SGPSA
c:\temp\0b9
c:\temp\0b9\tmpTF.log
c:\windows\system32\_006644_.tmp.dll
c:\windows\system32\_006645_.tmp.dll
c:\windows\system32\_006646_.tmp.dll
c:\windows\system32\_006647_.tmp.dll
c:\windows\system32\_006654_.tmp.dll
c:\windows\system32\_006655_.tmp.dll
c:\windows\system32\_006656_.tmp.dll
c:\windows\system32\_006657_.tmp.dll
c:\windows\system32\_006659_.tmp.dll
c:\windows\system32\_006660_.tmp.dll
c:\windows\system32\_006663_.tmp.dll
c:\windows\system32\_006664_.tmp.dll
c:\windows\system32\_006666_.tmp.dll
c:\windows\system32\_006667_.tmp.dll
c:\windows\system32\_006668_.tmp.dll
c:\windows\system32\_006670_.tmp.dll
c:\windows\system32\_006673_.tmp.dll
c:\windows\system32\_006674_.tmp.dll
c:\windows\system32\_006678_.tmp.dll
c:\windows\system32\_006679_.tmp.dll
c:\windows\system32\_006681_.tmp.dll
c:\windows\system32\_006684_.tmp.dll
c:\windows\system32\_006686_.tmp.dll
c:\windows\system32\_006688_.tmp.dll
c:\windows\system32\_006689_.tmp.dll
c:\windows\system32\_006690_.tmp.dll
c:\windows\system32\_006693_.tmp.dll
c:\windows\system32\_006694_.tmp.dll
c:\windows\system32\_006695_.tmp.dll
c:\windows\system32\_006696_.tmp.dll
c:\windows\system32\_006697_.tmp.dll
c:\windows\system32\_006702_.tmp.dll
c:\windows\system32\_006704_.tmp.dll
c:\windows\system32\_006705_.tmp.dll
c:\windows\system32\bcmwl5.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\T3
c:\windows\system32\T4
c:\windows\system32\T6

.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-12 01:36 . 2010-02-12 01:36 -------- d-----w- c:\program files\ERUNT
2010-02-09 02:53 . 2010-02-09 02:53 -------- d-----w- c:\program files\XP TCPIP Repair
2010-02-07 23:30 . 2004-08-04 03:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-02-07 23:30 . 2008-04-14 01:12 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2010-02-07 23:30 . 2004-08-04 03:29 14336 -c--a-w- c:\windows\system32\dllcache\atinpdxx.sys
2010-02-07 23:30 . 2004-08-04 03:29 14336 ----a-w- c:\windows\system32\drivers\atinpdxx.sys
2010-02-07 23:28 . 2010-02-07 23:33 -------- d-----w- c:\program files\Driver Sweeper
2010-02-07 16:41 . 2009-08-18 18:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-07 16:36 . 2010-02-07 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Broadcom
2010-02-07 04:47 . 2004-10-08 15:50 88363 ----a-w- c:\windows\AGRSMMSG.exe
2010-02-07 04:47 . 2004-04-05 15:49 64512 ----a-w- c:\windows\agrsmdel.exe
2010-02-07 04:47 . 2004-10-08 15:51 1270540 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2010-02-07 04:22 . 2010-02-07 04:22 2837016 ----a-w- c:\documents and settings\Bea\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_27a08_3_1_1005.exe
2010-02-07 04:17 . 2010-02-07 04:17 -------- d-----w- c:\documents and settings\Bea\Application Data\System Tweaker
2010-02-07 02:36 . 2010-02-07 02:36 -------- d-----w- c:\windows\Performance
2010-02-07 02:36 . 2010-02-07 02:36 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Microsoft Corporation
2010-02-07 02:35 . 2010-02-07 02:35 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-02-06 20:11 . 2010-02-06 20:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-06 06:36 . 2010-02-06 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-02-06 06:36 . 2010-02-06 06:36 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Innovative Solutions
2010-02-06 06:17 . 2010-02-06 06:17 -------- d-----w- c:\program files\iXi Tools
2010-02-06 05:52 . 2010-02-06 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-02-06 05:04 . 2010-01-11 04:11 2653070 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2010-02-06 05:02 . 2010-02-06 05:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-02-06 04:05 . 2010-02-06 04:14 -------- d-----w- c:\program files\Launch Manager
2010-02-06 04:00 . 2010-02-06 04:00 -------- d-----w- c:\program files\Acer Inc
2010-02-06 03:30 . 2010-02-06 02:49 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-02-06 03:26 . 2010-02-06 03:25 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2010-02-06 03:26 . 2010-02-07 16:37 -------- d-----w- c:\program files\Broadcom
2010-02-06 02:58 . 2007-05-02 16:00 546976 ----a-w- c:\windows\system32\ar5211.sys
2010-02-06 02:57 . 2010-02-06 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-06 02:18 . 2010-02-06 02:18 -------- d-----w- c:\windows\tiinst
2010-02-06 02:17 . 2010-02-06 02:17 162432 ----a-w- c:\windows\system32\drivers\tifm21.sys
2010-02-06 02:08 . 2006-11-23 00:00 6963805 ----a-w- c:\windows\SUYINVideoClassCam_v5.7.16.0.exe
2010-02-06 02:08 . 2006-09-26 16:47 10049570 ----a-w- c:\windows\SUYINUSB20PCCam_v5.7.8.003-1.8.exe
2010-02-06 02:08 . 2006-11-15 22:39 24576 ----a-w- c:\windows\DetectHWID.exe
2010-02-06 02:08 . 2006-11-11 00:19 10655802 ----a-w- c:\windows\SUYINUSB20PCCam_v5.7.8.003-1.10.exe
2010-02-06 02:07 . 2010-02-06 04:58 -------- d-----w- c:\windows\SUYIN NB Cam
2010-02-06 01:56 . 2006-06-23 15:40 245824 ----a-w- c:\windows\Instexec.exe
2010-02-06 01:56 . 2006-06-23 15:39 245824 ----a-r- c:\windows\system32\InstExec.exe
2010-02-06 01:56 . 2010-02-06 01:56 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-06 01:56 . 2010-02-06 01:56 -------- d-----w- c:\program files\Common Files\Acer
2010-02-06 01:56 . 2006-06-26 20:43 319488 ----a-w- c:\windows\system32\CamCplRes.dll
2010-02-06 01:56 . 2004-11-01 23:22 57344 ----a-w- c:\windows\system32\ElkCtlPS.dll
2010-02-06 01:56 . 2004-11-01 23:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe
2010-02-06 01:56 . 2003-04-18 22:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-02-06 01:55 . 2006-06-26 20:19 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-06 01:55 . 2006-06-26 20:54 167936 ----a-w- c:\windows\system32\VxLib.dll
2010-02-06 01:55 . 2006-06-26 20:52 151552 ----a-w- c:\windows\system32\VLib.dll
2010-02-06 01:55 . 2006-06-26 20:50 39424 ----a-w- c:\windows\system32\VxLibRes.dll
2010-02-06 01:55 . 2010-02-06 01:55 -------- d-----w- c:\program files\Acer
2010-02-06 01:43 . 2006-03-30 05:05 90112 ----a-w- c:\windows\system\BisonVfw.dll
2010-02-06 01:43 . 2006-03-02 19:41 77942 ----a-w- c:\windows\system32\BisonRem.dll
2010-02-06 01:43 . 2005-01-14 18:47 180224 ----a-w- c:\windows\system\StillDrv.dll
2010-02-06 01:43 . 2006-05-10 01:22 806272 ----a-w- c:\windows\system32\drivers\BisonCam.sys
2010-02-06 01:43 . 2006-03-30 05:05 126976 ----a-w- c:\windows\system\BisonCam.dll
2010-02-06 01:43 . 2010-02-06 01:43 -------- d-----w- c:\windows\BisonCam
2010-02-06 01:33 . 2010-02-06 01:33 -------- d-----w- c:\program files\WIDCOMM
2010-02-03 04:44 . 2010-02-10 01:42 -------- d-----w- c:\program files\Opera
2010-02-03 04:05 . 2010-02-03 04:05 -------- d-----w- c:\program files\iPod
2010-02-03 04:05 . 2010-02-03 04:07 -------- d-----w- c:\program files\iTunes
2010-02-03 03:59 . 2010-02-03 03:59 -------- d-----w- c:\program files\Bonjour
2010-02-03 03:55 . 2010-02-03 03:55 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 03:49 . 2010-02-12 01:14 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Temp
2010-02-03 03:48 . 2010-02-10 02:09 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Deployment
2010-02-02 00:11 . 2010-01-05 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-02-02 00:11 . 2010-01-05 10:00 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-01-31 18:43 . 2010-01-31 18:43 -------- d-sh--w- c:\documents and settings\Bea\PrivacIE
2010-01-31 18:30 . 2010-01-31 18:30 -------- d-sh--w- c:\documents and settings\Bea\IECompatCache
2010-01-29 01:38 . 2010-01-29 01:38 -------- d-----w- c:\documents and settings\Bea\Application Data\MSNInstaller
2010-01-27 03:31 . 2010-01-27 03:29 53248 ----a-w- c:\windows\system32\palmdevc.dll
2010-01-27 02:44 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-27 02:28 . 2010-01-27 02:28 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-24 07:32 . 2010-01-24 07:32 -------- d-----w- c:\documents and settings\Bea\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 01:39 . 2009-08-18 05:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 23:29 . 2007-05-25 00:39 -------- d-----w- c:\program files\Realtek
2010-02-07 16:37 . 2007-05-24 23:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 13:34 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\Bea\Application Data\Uniblue
2010-02-07 13:34 . 2010-02-06 05:03 -------- d-----w- c:\program files\Uniblue
2010-02-06 05:05 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-02-06 04:05 . 2006-07-14 17:13 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2010-02-06 04:05 . 2006-07-14 17:13 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-02-06 04:04 . 2004-12-10 16:49 147456 ----a-w- c:\windows\UNINST32.EXE
2010-02-06 04:04 . 2006-07-14 17:13 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-02-06 03:26 . 2006-06-13 15:03 44032 ----a-w- c:\windows\system32\wltrynt.dll
2010-02-06 03:26 . 2006-06-13 15:03 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2010-02-06 03:26 . 2006-06-13 15:03 18944 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2010-02-06 03:26 . 2006-06-13 15:03 1236992 ----a-w- c:\windows\system32\WLTRAY.EXE
2010-02-06 03:26 . 2006-06-13 15:03 86016 ----a-w- c:\windows\system32\preflib.dll
2010-02-06 03:26 . 2006-06-13 15:03 180224 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-02-06 03:26 . 2006-06-13 15:03 1093632 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2010-02-06 03:26 . 2006-06-13 15:03 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2010-02-06 03:26 . 2006-06-13 15:03 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2010-02-06 03:25 . 2006-06-13 15:03 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2010-02-06 03:03 . 2007-05-24 23:18 -------- d-----w- c:\program files\Atheros
2010-02-06 02:42 . 2007-05-24 23:15 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-02-06 00:59 . 2007-05-25 00:39 86016 ----a-w- c:\windows\SoundMan.exe
2010-02-06 00:59 . 2007-05-25 00:39 9709568 ----a-w- c:\windows\RTLCPL.exe
2010-02-06 00:59 . 2007-05-25 00:39 4304384 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys
2010-02-06 00:59 . 2007-05-25 00:39 16248320 ----a-w- c:\windows\RTHDCPL.exe
2010-02-06 00:59 . 2007-05-25 00:39 2158592 ----a-w- c:\windows\MicCal.exe
2010-02-06 00:59 . 2007-05-25 00:39 2808832 ----a-w- c:\windows\alcwzrd.exe
2010-02-06 00:59 . 2007-05-25 00:39 69632 ----a-w- c:\windows\Alcmtr.exe
2010-02-06 00:59 . 2007-05-25 00:40 40960 ----a-w- c:\windows\system32\ChCfg.exe
2010-02-03 04:05 . 2007-11-11 03:14 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 04:06 . 2007-11-26 08:12 -------- d-----w- c:\program files\Lx_cats
2010-01-29 02:05 . 2009-06-04 23:20 -------- d-----w- c:\documents and settings\Bea\Application Data\MSN6
2010-01-27 03:31 . 2007-05-26 13:52 -------- d-----w- c:\program files\CyberLink
2010-01-27 03:30 . 2008-04-28 01:14 -------- d-----w- c:\program files\Palm
2010-01-27 03:29 . 2008-04-28 01:15 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2010-01-27 03:27 . 2009-08-17 16:28 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-27 02:21 . 2008-12-13 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-10 05:47 . 2009-06-15 09:58 -------- d-----w- c:\documents and settings\Bea\Application Data\Move Networks
2010-01-10 05:46 . 2008-07-11 04:21 -------- d-----w- c:\program files\LizardTech
2010-01-10 05:45 . 2007-11-26 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-01-10 05:44 . 2007-11-26 18:44 -------- d-----w- c:\program files\Kodak
2010-01-10 04:28 . 2009-08-17 04:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 00:05 . 2008-12-13 03:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-01-08 05:26 . 2009-10-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-01-08 04:54 . 2007-05-25 23:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-08 04:38 . 2009-03-10 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-07 21:07 . 2009-08-18 05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-08-18 05:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2007-05-24 22:03 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 05:05 . 2009-12-16 05:02 -------- d-----w- c:\program files\QuickTime
2009-12-14 07:08 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2003-03-31 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-03-31 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-28 20:36 . 2009-10-03 15:12 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-27 17:11 . 2003-03-31 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-03-31 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-10 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-06 16248320]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-06 1236992]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
path=c:\documents and settings\Bea\Start Menu\Programs\Startup\Secunia PSI.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\INPROCOMMWireless
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-02-06 00:59 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2010-02-06 02:49 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2010-02-06 02:49 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2010-02-06 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-02-06 04:04 471040 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-06-26 20:47 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2006-06-26 20:55 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-04-17 23:27 9117696 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 18:17 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-02-06 00:59 16248320 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 08:00 132496 -c--a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-14 05:03 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 21:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2007-06-08 14:59 224248 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/25/2009 5:27 AM 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/2/2009 7:56 PM 55152]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [4/26/2007 12:21 AM 99248]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [5/24/2007 6:53 PM 2208]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 15:12]

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003Core.job
- c:\documents and settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 02:09]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003UA.job
- c:\documents and settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 02:09]

2010-02-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2010-02-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-02-13 c:\windows\Tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-SkyTel - SkyTel.EXE
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-AzMixerSel - c:\program files\Realtek\InstallShield\AzMixerSel.exe
MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
MSConfigStartUp-SkyTel - SkyTel.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 07:39
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

c:\program files\iolo\Common\Lib\ioloDMVSvc.exe [1944] 0x81B8E798

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-02-13 07:45:25
ComboFix-quarantined-files.txt 2010-02-13 12:45

Pre-Run: 40,503,779,328 bytes free
Post-Run: 40,515,772,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 41D8218280FC6BBA51FC5CD7CF8D8A3A
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Combofix found Search Guard Plus which locks your browser to their search engine and also repaired (so it says) 4 blocks on your hard drive. Any signs of a problem left?

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

If BitDefender comes back clean then you can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho i would leave the hide extensions option unchecked.)


You do not have the latest Java (Java™ 6 Update 18). Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

Ron

Edited by RKinner, 13 February 2010 - 10:12 AM.

  • 0

#7
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
I still can’t open/launch Google Chrome or Firefox, or Adobe 9. It seems I can open older versions of programs, but nothing new or upgraded.

Here is the Bitdefender report. It says it removed something from the program SearchGuard that you mentioned. I stopped here since BitDefender found something. Let me know if I can continue with the rest of your instructions or if there is something else I should do.


BitDefender Online Scanner
Scan report generated at: Sat, Feb 13, 2010 - 20:54:40

Scan path: C:\Documents and Settings\Bea\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;C:\Documents and Settings\Bea\NetHood\My Web Sites on MSN;C:\Documents and Settings\Bea\NetHood\SharedDocs on Home (Bandbhome);C:\Documents and Settings\Bea\My Documents\Acer GridVista_2.53.0209_XPx86;C:\Documents and Settings\Bea\My Documents\ADHD;C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86\Audio_Realtek_5.10.0.5273_XPx86\Config;C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86\Audio_Realtek_5.10.0.5273_XPx86\MSHDQFE\Win2K3;C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86\Audio_Realtek_5.10.0.5273_XPx86\MSHDQFE\Win2K_XP;C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86\Audio_Realtek_5.10.0.5273_XPx86\WDM;C:\Documents and Settings\Bea\My Documents\Bluetooth_Broadcom_5.0.1.1500_XPx86;C:\Documents and Settings\Bea\My Documents\Camera_Bison_5.0.0.8_XPx86;C:\Documents and Settings\Bea\My Documents\Camera_Logitech_9.4.4.1082_XPx86;C:\Documents and Settings\Bea\My Documents\Camera_Suyin_1.0.0.1_XPx86;C:\Documents and Settings\Bea\My Documents\CardReader_TI_2.0.0.2_XPx86;C:\Documents and Settings\Bea\My Documents\Chipset Driver Intel 8.0.0.1009;C:\Documents and Settings\Bea\My Documents\Chipset_Intel_8.0.0.1009_XPx86;C:\Documents and Settings\Bea\My Documents\Downloads;C:\Documents and Settings\Bea\My Documents\ForceField Shared Files;C:\Documents and Settings\Bea\My Documents\FrostWire;C:\Documents and Settings\Bea\My Documents\gmer;C:\Documents and Settings\Bea\My Documents\Graboid;C:\Documents and Settings\Bea\My Documents\IEFix;C:\Documents and Settings\Bea\My Documents\Incomplete;C:\Documents and Settings\Bea\My Documents\LAN Driver Marvell 8.55.4.3;C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.55.4.3_XPx86;C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.59.5.3_XPx86_A;C:\Documents and Settings\Bea\My Documents\LaunchMgr_Dritek_1.2.0.1208_XPx86;C:\Documents and Settings\Bea\My Documents\LimeWire;C:\Documents and Settings\Bea\My Documents\loan mod tools;C:\Documents and Settings\Bea\My Documents\Maintenance;C:\Documents and Settings\Bea\My Documents\Modem_Agere_2.1.7.5_XPx86;C:\Documents and Settings\Bea\My Documents\My Albums;C:\Documents and Settings\Bea\My Documents\My Digital Editions;C:\Documents and Settings\Bea\My Documents\My Drivers;C:\Documents and Settings\Bea\My Documents\My eBooks;C:\Documents and Settings\Bea\My Documents\My Music;C:\Documents and Settings\Bea\My Documents\My Pictures;C:\Documents and Settings\Bea\My Documents\My Received Files;C:\Documents and Settings\Bea\My Documents\My Stationery;C:\Documents and Settings\Bea\My Documents\My Videos;C:\Documents and Settings\Bea\My Documents\My Webs;C:\Documents and Settings\Bea\My Documents\My Widgets;C:\Documents and Settings\Bea\My Documents\MySpaceIM Pics;C:\Documents and Settings\Bea\My Documents\ResumeMaker;C:\Documents and Settings\Bea\My Documents\SCCS stuff;C:\Documents and Settings\Bea\My Documents\Touchpad_Synaptics_8.3.0.0_XPx86;C:\Documents and Settings\Bea\My Documents\Updater5;C:\Documents and Settings\Bea\My Documents\VGA_Intel_6.14.10.4543_XPx86;C:\Documents and Settings\Bea\My Documents\VGA_Nvidia_8.4.8.5_XPx86;C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_5.3.0.45_XPx86_A;C:\Documents and Settings\Bea\My Documents\Wireless LAN_Broadcom_4.10.40_XPx86;C:\Documents and Settings\Bea\Desktop\BBBatteryWatch;

Statistics
Time 02:01:56
Files 310338
Folders 11038
Boot Sectors 0
Archives 4669
Packed Files 17072

Results
Identified Viruses 1
Infected Files 1
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 1

Engines Info
Virus Definitions 5049139
Engine build AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)
Scan plugins 17
Archive plugins 44
Unpack plugins 8
E-mail plugins 6
System plugins 4

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes


Scanned File Status
C:\Qoobox\Quarantine\C\Program Files\Search Guard Plus\SearchGuardPlus.exe.vir Detected with: Adware.FTat.A
C:\Qoobox\Quarantine\C\Program Files\Search Guard Plus\SearchGuardPlus.exe.vir Deleted

d
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
The files that bitdefender found are in C:\qoobox which is where combofix put them so they are harmless.

Skip removing our tools for now but continue with the rest of the instructions. Does WinPatrol run OK?

Ron
  • 0

#9
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
WinPatrol 2010 is doing fine so far. I updated Adobe Reader and still can't open it. So i can't make the change to the Java that you advised of. I did update Java as well and removed any extra components.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Try opening a program that won't work and note the exact time.

Start, Run, eventvwr.msc , OK to bring up the event logs. Look in Applications for errors that happen at the same time. If you see one then double click on it to open it then click on the bottom of the three buttons to copy the text. Move to a reply and Edit, Paste (ctrl + v) the text. Repeat for all errors at the time of your attempt. Now look in System errors and do the same.

Ron

PS Bedtime for me.
  • 0

Advertisements


#11
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Trying to open:
Google Chrome @ 1:25pm 2/14/10
Mozilla Firefox 2:01pm 2/14/10
Adobe 2:04pm 2/14/10

Okay – I am not seeing any errors in Applications at the same time for any of these. The last error I see is for 2/14/20 1:20:51pm and nothing after. However, I’m seeing an error that is popping up a lot almost every day per the log. It reads:

Type: Error
Date: 2/14/10 (this is the latest)
Time 1:20:51 Pm (this is the last occurrence)
Source Userenv
Category: None
Event:1041
User: NT Authority System
Computer:Acer – Celeron – M


When I double click on it, here is the message:
Windows Cannot query DllName Registry entry for (CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D) and it will not be loaded. This is most likely caused by a faulty registration. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

This message alternates with this (7B849a69-220F-451E-B3FE-2CB811AF94AE).

I went to the help and support center and it said it had no information on 1041 Userenv and directed me to the website. It’s just the Microsoft homepage.

I saw nothing under Systems Error either. The last thing I saw was an “I” ballon stating that my Broadcom network adapter was connected.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I saw the errors earlier. They are caused by IE8 not uninstalling correctly:

http://connect.micro...ninstalling-ie8


(even tho Microsoft says it's not so)

I'm thinking maybe your Secunia Personal Software Inspector may be blocking new software. Try uninstalling it.

It's free so you can always download it again.

Ron
  • 0

#13
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Secunia Personal Software Inspector is not listed in my "add/remove programs" list. I tried to search for it on the C: and doesn't bring back any results. I remember having that program though, and I thought I uninstalled it some time ago. Is there somewhere else I should be looking?
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I saw this so assumed it was still there somewhere:

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
path=c:\documents and settings\Bea\Start Menu\Programs\Startup\Secunia PSI.lnk

If you right click on Start and select Explore it should open to the Startup folder and you can delete it if it is really there.

The program itself should be in c:\program files\Secunia

Another program which doesn't like things to change is spybot tho I have never heard it doing this.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Ron
  • 0

#15
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Okay - I looked through my computer, and I can't find Secunia anywhere. Moving on to Spybot - I went into Advanced Mode and Resident Tea Timer was already unchecked. But Resident SD (if memory serves me correctly. There were two - Teatimer and another) was checked. I left well enough alone and rebooted. Same issue but this time, I seem to be slowing down. Pages are scrolling closed instead of just clicking closed. This is getting weirder.

Would it be of any help to add more memory to my computer and replace my entire OS with Windows 7?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP