Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Issues

Started by butterrice , Feb 10 2010 04:18 AM

  • Please log in to reply

#31
RKinner
Posted 16 February 2010 - 06:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
yes
  • 0

Advertisements

#32
butterrice
Posted 16 February 2010 - 07:56 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
In addition to all of this - I have noticed that if I try to search on Google, it changes to FindGala Search.

Okay - here is the combofix report:

ComboFix 10-02-16.01 - Bea 02/16/2010 20:26:52.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.258 [GMT -5:00]
Running from: c:\documents and settings\Bea\Desktop\George.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Security Antivirus *On-access scanning enabled* (Updated) {9784F3E7-BD86-4CBD-93C2-FAEB49D0BB6F}
FW: Security Antivirus *enabled* {C57114EB-1F82-4CEC-BAE6-6953B94E4234}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-16 22:31 . 2010-02-16 22:31 -------- d-----w- C:\_OTL
2010-02-15 10:59 . 2010-02-15 11:03 -------- dc-h--w- c:\windows\ie8
2010-02-14 22:18 . 2010-02-14 22:19 -------- d-----w- c:\windows\system32\NtmsData
2010-02-14 08:14 . 2010-02-14 08:14 -------- d-----w- c:\documents and settings\Bea\Application Data\WinPatrol
2010-02-14 08:14 . 2007-05-24 22:07 0 ----a-w- c:\documents and settings\Bea\Application Data\WinPatrol\Config.sys
2010-02-14 08:14 . 2007-05-24 22:07 0 ----a-w- c:\documents and settings\Bea\Application Data\WinPatrol\Autoexec.bat
2010-02-14 08:14 . 2010-02-14 08:14 -------- d-----w- c:\program files\BillP Studios
2010-02-14 07:57 . 2010-02-14 08:10 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-14 07:44 . 2010-02-14 07:44 348160 ----a-w- c:\documents and settings\Bea\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b4eb10c-n\msvcr71.dll
2010-02-14 07:44 . 2010-02-14 07:44 503808 ----a-w- c:\documents and settings\Bea\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b4eb10c-n\msvcp71.dll
2010-02-14 07:44 . 2010-02-14 07:44 499712 ----a-w- c:\documents and settings\Bea\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b4eb10c-n\jmc.dll
2010-02-14 07:44 . 2010-02-14 07:44 61440 ----a-w- c:\documents and settings\Bea\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42e469e8-n\decora-sse.dll
2010-02-14 07:44 . 2010-02-14 07:44 12800 ----a-w- c:\documents and settings\Bea\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42e469e8-n\decora-d3d.dll
2010-02-13 12:23 . 2010-02-13 12:45 -------- d-----w- C:\George
2010-02-12 01:36 . 2010-02-12 01:36 -------- d-----w- c:\program files\ERUNT
2010-02-09 02:53 . 2010-02-09 02:53 -------- d-----w- c:\program files\XP TCPIP Repair
2010-02-07 23:30 . 2004-08-04 03:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-02-07 23:30 . 2008-04-14 01:12 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2010-02-07 23:30 . 2004-08-04 03:29 14336 -c--a-w- c:\windows\system32\dllcache\atinpdxx.sys
2010-02-07 23:30 . 2004-08-04 03:29 14336 ----a-w- c:\windows\system32\drivers\atinpdxx.sys
2010-02-07 23:28 . 2010-02-07 23:33 -------- d-----w- c:\program files\Driver Sweeper
2010-02-07 16:41 . 2009-08-18 18:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-07 16:36 . 2010-02-07 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Broadcom
2010-02-07 04:47 . 2004-10-08 15:50 88363 ----a-w- c:\windows\AGRSMMSG.exe
2010-02-07 04:47 . 2004-04-05 15:49 64512 ----a-w- c:\windows\agrsmdel.exe
2010-02-07 04:47 . 2004-10-08 15:51 1270540 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2010-02-07 04:22 . 2010-02-07 04:22 2837016 ----a-w- c:\documents and settings\Bea\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_27a08_3_1_1005.exe
2010-02-07 04:17 . 2010-02-07 04:17 -------- d-----w- c:\documents and settings\Bea\Application Data\System Tweaker
2010-02-07 02:36 . 2010-02-07 02:36 -------- d-----w- c:\windows\Performance
2010-02-07 02:36 . 2010-02-07 02:36 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Microsoft Corporation
2010-02-07 02:35 . 2010-02-07 02:35 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-02-06 20:11 . 2010-02-06 20:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-06 06:36 . 2010-02-06 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-02-06 06:36 . 2010-02-06 06:36 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Innovative Solutions
2010-02-06 06:17 . 2010-02-06 06:17 -------- d-----w- c:\program files\iXi Tools
2010-02-06 05:52 . 2010-02-06 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-02-06 05:04 . 2010-01-11 04:11 2653070 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2010-02-06 05:02 . 2010-02-06 05:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-02-06 04:05 . 2010-02-06 04:14 -------- d-----w- c:\program files\Launch Manager
2010-02-06 04:00 . 2010-02-06 04:00 -------- d-----w- c:\program files\Acer Inc
2010-02-06 03:30 . 2010-02-06 02:49 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-02-06 03:26 . 2010-02-06 03:25 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2010-02-06 03:26 . 2010-02-07 16:37 -------- d-----w- c:\program files\Broadcom
2010-02-06 02:58 . 2007-05-02 16:00 546976 ----a-w- c:\windows\system32\ar5211.sys
2010-02-06 02:57 . 2010-02-06 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-06 02:18 . 2010-02-06 02:18 -------- d-----w- c:\windows\tiinst
2010-02-06 02:17 . 2010-02-06 02:17 162432 ----a-w- c:\windows\system32\drivers\tifm21.sys
2010-02-06 02:08 . 2006-11-23 00:00 6963805 ----a-w- c:\windows\SUYINVideoClassCam_v5.7.16.0.exe
2010-02-06 02:08 . 2006-09-26 16:47 10049570 ----a-w- c:\windows\SUYINUSB20PCCam_v5.7.8.003-1.8.exe
2010-02-06 02:08 . 2006-11-15 22:39 24576 ----a-w- c:\windows\DetectHWID.exe
2010-02-06 02:08 . 2006-11-11 00:19 10655802 ----a-w- c:\windows\SUYINUSB20PCCam_v5.7.8.003-1.10.exe
2010-02-06 02:07 . 2010-02-06 04:58 -------- d-----w- c:\windows\SUYIN NB Cam
2010-02-06 01:56 . 2006-06-23 15:40 245824 ----a-w- c:\windows\Instexec.exe
2010-02-06 01:56 . 2006-06-23 15:39 245824 ----a-r- c:\windows\system32\InstExec.exe
2010-02-06 01:56 . 2010-02-06 01:56 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-06 01:56 . 2010-02-06 01:56 -------- d-----w- c:\program files\Common Files\Acer
2010-02-06 01:56 . 2006-06-26 20:43 319488 ----a-w- c:\windows\system32\CamCplRes.dll
2010-02-06 01:56 . 2004-11-01 23:22 57344 ----a-w- c:\windows\system32\ElkCtlPS.dll
2010-02-06 01:56 . 2004-11-01 23:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe
2010-02-06 01:56 . 2003-04-18 22:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-02-06 01:55 . 2006-06-26 20:19 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-06 01:55 . 2006-06-26 20:54 167936 ----a-w- c:\windows\system32\VxLib.dll
2010-02-06 01:55 . 2006-06-26 20:52 151552 ----a-w- c:\windows\system32\VLib.dll
2010-02-06 01:55 . 2006-06-26 20:50 39424 ----a-w- c:\windows\system32\VxLibRes.dll
2010-02-06 01:55 . 2010-02-06 01:55 -------- d-----w- c:\program files\Acer
2010-02-06 01:43 . 2006-03-30 05:05 90112 ----a-w- c:\windows\system\BisonVfw.dll
2010-02-06 01:43 . 2006-03-02 19:41 77942 ----a-w- c:\windows\system32\BisonRem.dll
2010-02-06 01:43 . 2005-01-14 18:47 180224 ----a-w- c:\windows\system\StillDrv.dll
2010-02-06 01:43 . 2006-05-10 01:22 806272 ----a-w- c:\windows\system32\drivers\BisonCam.sys
2010-02-06 01:43 . 2006-03-30 05:05 126976 ----a-w- c:\windows\system\BisonCam.dll
2010-02-06 01:43 . 2010-02-06 01:43 -------- d-----w- c:\windows\BisonCam
2010-02-06 01:33 . 2010-02-06 01:33 -------- d-----w- c:\program files\WIDCOMM
2010-02-03 04:44 . 2010-02-10 01:42 -------- d-----w- c:\program files\Opera
2010-02-03 04:05 . 2010-02-03 04:05 -------- d-----w- c:\program files\iPod
2010-02-03 04:05 . 2010-02-03 04:07 -------- d-----w- c:\program files\iTunes
2010-02-03 03:59 . 2010-02-03 03:59 -------- d-----w- c:\program files\Bonjour
2010-02-03 03:55 . 2010-02-03 03:55 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 03:49 . 2010-02-12 01:14 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Temp
2010-02-03 03:48 . 2010-02-10 02:09 -------- d-----w- c:\documents and settings\Bea\Local Settings\Application Data\Deployment
2010-01-31 18:43 . 2010-01-31 18:43 -------- d-sh--w- c:\documents and settings\Bea\PrivacIE
2010-01-31 18:30 . 2010-01-31 18:30 -------- d-sh--w- c:\documents and settings\Bea\IECompatCache
2010-01-29 01:38 . 2010-01-29 01:38 -------- d-----w- c:\documents and settings\Bea\Application Data\MSNInstaller
2010-01-27 03:31 . 2010-01-27 03:29 53248 ----a-w- c:\windows\system32\palmdevc.dll
2010-01-27 02:44 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-27 02:28 . 2010-01-27 02:28 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-24 07:32 . 2010-01-24 07:32 -------- d-----w- c:\documents and settings\Bea\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 05:19 . 2007-05-25 23:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-14 20:02 . 2009-05-09 03:16 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-14 19:00 . 2010-02-14 19:12 195096 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
2010-02-14 07:48 . 2007-05-30 06:27 -------- d-----w- c:\program files\Java
2010-02-14 07:48 . 2007-05-30 06:27 -------- d-----w- c:\program files\Common Files\Java
2010-02-12 01:39 . 2009-08-18 05:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 23:29 . 2007-05-25 00:39 -------- d-----w- c:\program files\Realtek
2010-02-07 16:37 . 2007-05-24 23:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 13:34 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\Bea\Application Data\Uniblue
2010-02-07 13:34 . 2010-02-06 05:03 -------- d-----w- c:\program files\Uniblue
2010-02-06 05:05 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-02-06 04:05 . 2006-07-14 17:13 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2010-02-06 04:05 . 2006-07-14 17:13 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-02-06 04:04 . 2004-12-10 16:49 147456 ----a-w- c:\windows\UNINST32.EXE
2010-02-06 04:04 . 2006-07-14 17:13 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-02-06 03:26 . 2006-06-13 15:03 44032 ----a-w- c:\windows\system32\wltrynt.dll
2010-02-06 03:26 . 2006-06-13 15:03 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2010-02-06 03:26 . 2006-06-13 15:03 18944 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2010-02-06 03:26 . 2006-06-13 15:03 1236992 ----a-w- c:\windows\system32\WLTRAY.EXE
2010-02-06 03:26 . 2006-06-13 15:03 86016 ----a-w- c:\windows\system32\preflib.dll
2010-02-06 03:26 . 2006-06-13 15:03 180224 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-02-06 03:26 . 2006-06-13 15:03 1093632 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2010-02-06 03:26 . 2006-06-13 15:03 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2010-02-06 03:26 . 2006-06-13 15:03 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2010-02-06 03:25 . 2006-06-13 15:03 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2010-02-06 03:03 . 2007-05-24 23:18 -------- d-----w- c:\program files\Atheros
2010-02-06 02:42 . 2007-05-24 23:15 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-02-06 00:59 . 2007-05-25 00:39 86016 ----a-w- c:\windows\SoundMan.exe
2010-02-06 00:59 . 2007-05-25 00:39 9709568 ----a-w- c:\windows\RTLCPL.exe
2010-02-06 00:59 . 2007-05-25 00:39 4304384 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys
2010-02-06 00:59 . 2007-05-25 00:39 16248320 ----a-w- c:\windows\RTHDCPL.exe
2010-02-06 00:59 . 2007-05-25 00:39 2158592 ----a-w- c:\windows\MicCal.exe
2010-02-06 00:59 . 2007-05-25 00:39 2808832 ----a-w- c:\windows\alcwzrd.exe
2010-02-06 00:59 . 2007-05-25 00:39 69632 ----a-w- c:\windows\Alcmtr.exe
2010-02-06 00:59 . 2007-05-25 00:40 40960 ----a-w- c:\windows\system32\ChCfg.exe
2010-02-03 04:05 . 2007-11-11 03:14 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 04:06 . 2007-11-26 08:12 -------- d-----w- c:\program files\Lx_cats
2010-01-29 02:05 . 2009-06-04 23:20 -------- d-----w- c:\documents and settings\Bea\Application Data\MSN6
2010-01-27 03:31 . 2007-05-26 13:52 -------- d-----w- c:\program files\CyberLink
2010-01-27 03:30 . 2008-04-28 01:14 -------- d-----w- c:\program files\Palm
2010-01-27 03:29 . 2008-04-28 01:15 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2010-01-27 03:27 . 2009-08-17 16:28 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-27 02:21 . 2008-12-13 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-10 05:47 . 2009-06-15 09:58 -------- d-----w- c:\documents and settings\Bea\Application Data\Move Networks
2010-01-10 05:46 . 2008-07-11 04:21 -------- d-----w- c:\program files\LizardTech
2010-01-10 05:45 . 2007-11-26 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-01-10 05:44 . 2007-11-26 18:44 -------- d-----w- c:\program files\Kodak
2010-01-10 04:28 . 2009-08-17 04:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 00:05 . 2008-12-13 03:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-01-08 05:26 . 2009-10-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-01-08 04:38 . 2009-03-10 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-07 21:07 . 2009-08-18 05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-08-18 05:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-08-17 13:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2007-05-24 22:03 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2003-03-31 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-03-31 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-28 20:36 . 2009-10-03 15:12 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-27 17:11 . 2003-03-31 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-03-31 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-13_12.39.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-16 23:38 . 2010-02-16 23:38 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat
+ 2003-03-31 12:00 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
- 2003-03-31 12:00 . 2007-08-13 23:01 48128 c:\windows\system32\mshtmler.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
- 2003-03-31 12:00 . 2007-08-13 23:32 45568 c:\windows\system32\mshta.exe
+ 2003-03-31 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 15:58 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 01:03 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-10-25 02:01 . 2010-02-14 08:11 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-10-25 02:01 . 2010-01-08 04:50 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2003-03-31 12:00 . 2009-03-08 09:34 43008 c:\windows\system32\licmgr10.dll
+ 2003-03-31 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
+ 2006-10-17 15:58 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2007-05-25 01:41 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2006-10-17 15:28 . 2007-08-13 23:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-10-17 15:28 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-05-25 01:41 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-17 15:56 . 2007-08-13 23:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2006-10-17 15:56 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-04-25 08:41 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2003-03-31 12:00 . 2009-03-08 09:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-05-25 01:41 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-10-17 15:57 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-11-07 07:26 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2006-10-17 15:44 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
+ 2010-02-15 11:07 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB978506-IE8\spmsg.dll
+ 2010-02-15 11:07 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB978506-IE8\spcustom.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-02-15 11:08 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB978207-IE8\spmsg.dll
+ 2010-02-15 11:08 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB978207-IE8\spcustom.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2010-02-15 11:06 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2010-02-15 11:06 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB976325-IE8\spmsg.dll
+ 2010-02-15 11:06 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB976325-IE8\spcustom.dll
+ 2010-02-15 11:06 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2010-02-15 11:06 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2010-02-15 16:12 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll
+ 2010-02-15 16:12 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll
+ 2010-02-15 11:01 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 44544 c:\windows\ie8\pngfilt.dll
+ 2010-02-15 10:59 . 2007-08-13 23:01 48128 c:\windows\ie8\mshtmler.dll
+ 2010-02-15 10:59 . 2007-08-13 23:32 45568 c:\windows\ie8\mshta.exe
+ 2010-02-15 10:59 . 2007-08-13 23:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-02-15 10:59 . 2010-01-05 10:00 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-02-15 10:59 . 2007-08-13 23:44 40960 c:\windows\ie8\licmgr10.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 27648 c:\windows\ie8\jsproxy.dll
+ 2010-02-15 10:59 . 2007-08-13 23:39 92672 c:\windows\ie8\inseng.dll
+ 2010-02-15 10:59 . 2007-08-13 23:36 36352 c:\windows\ie8\imgutil.dll
+ 2010-02-15 10:59 . 2007-08-13 23:39 55296 c:\windows\ie8\iesetup.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 44544 c:\windows\ie8\iernonce.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 78336 c:\windows\ie8\ieencode.dll
+ 2010-02-15 10:59 . 2009-12-31 15:33 70656 c:\windows\ie8\ie4uinit.exe
+ 2010-02-15 10:59 . 2010-01-05 10:00 63488 c:\windows\ie8\icardie.dll
+ 2010-02-15 10:59 . 2007-08-13 23:18 60416 c:\windows\ie8\hmmapi.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 17408 c:\windows\ie8\corpol.dll
+ 2010-02-15 10:59 . 2007-08-13 23:39 71680 c:\windows\ie8\admparse.dll
+ 2009-01-05 20:44 . 2009-01-05 20:44 53248 c:\windows\bdoscandel.exe
+ 2010-02-15 11:07 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB978506-IE8\iecompat.dll
+ 2006-10-17 16:05 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2003-03-31 12:00 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
+ 2003-03-31 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
- 2003-03-31 12:00 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2003-03-31 12:00 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
+ 2003-03-31 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
- 2003-03-31 12:00 . 2007-08-13 23:54 156160 c:\windows\system32\msls31.dll
+ 2006-11-08 01:03 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2003-03-31 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2010-02-14 07:44 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
+ 2010-02-14 07:44 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
+ 2010-02-14 07:44 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2006-11-08 01:03 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2003-03-31 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2003-03-31 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 15:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
+ 2003-03-31 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2003-03-31 12:00 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
+ 2007-05-25 01:41 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-08 01:03 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-12-19 18:08 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2006-10-17 16:05 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 16:05 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2006-10-17 16:04 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-05-25 01:41 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-25 01:41 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2003-03-31 12:00 . 2007-08-13 23:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2003-03-31 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-04-25 08:41 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 16:04 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-25 01:41 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 07:27 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-04-25 08:41 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 07:27 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 07:26 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 07:26 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-05-25 01:41 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-05-25 01:41 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 07:26 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
+ 2010-02-14 07:45 . 2010-02-14 07:45 178176 c:\windows\Installer\4b6d8ef.msi
+ 2010-02-15 11:07 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB978506-IE8\updspapi.dll
+ 2010-02-15 11:07 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB978506-IE8\update.exe
+ 2010-02-15 11:07 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB978506-IE8\spuninst\updspapi.dll
+ 2010-02-15 11:07 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978506-IE8\spuninst\spuninst.exe
+ 2010-02-15 11:07 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978506-IE8\spuninst.exe
+ 2010-02-15 11:08 . 2009-10-29 07:45 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-02-15 11:08 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB978207-IE8\updspapi.dll
+ 2010-02-15 11:08 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB978207-IE8\update.exe
+ 2010-02-15 11:08 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-02-15 11:08 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-02-15 11:08 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978207-IE8\spuninst.exe
+ 2010-02-15 11:08 . 2009-10-29 07:45 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-02-15 11:08 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-02-15 11:06 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2010-02-15 11:06 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\updspapi.dll
+ 2010-02-15 11:06 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB976325-IE8\update.exe
+ 2010-02-15 11:06 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2010-02-15 11:06 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2010-02-15 11:06 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst.exe
+ 2010-02-15 11:06 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2010-02-15 11:06 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2010-02-15 11:06 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2010-02-15 11:06 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2010-02-15 11:06 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2010-02-15 11:06 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2010-02-15 16:12 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll
+ 2010-02-15 16:12 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe
+ 2010-02-15 16:12 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-02-15 16:12 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-02-15 16:12 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe
+ 2010-02-15 16:12 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 832512 c:\windows\ie8\wininet.dll
+ 2010-02-15 10:59 . 2007-08-13 23:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-02-15 10:59 . 2010-01-05 10:00 233472 c:\windows\ie8\webcheck.dll
+ 2010-02-15 10:59 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2010-02-15 10:59 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 105984 c:\windows\ie8\url.dll
+ 2010-02-15 11:01 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-02-15 11:01 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-02-15 10:59 . 2006-09-06 20:43 213216 c:\windows\ie8\spuninst.exe
+ 2010-02-15 10:59 . 2010-01-05 10:00 102912 c:\windows\ie8\occache.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 671232 c:\windows\ie8\mstime.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 193024 c:\windows\ie8\msrating.dll
+ 2010-02-15 10:59 . 2007-08-13 23:54 156160 c:\windows\ie8\msls31.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 477696 c:\windows\ie8\mshtmled.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 459264 c:\windows\ie8\msfeeds.dll
+ 2010-02-15 10:59 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2010-02-15 10:59 . 2009-12-18 13:05 634648 c:\windows\ie8\iexplore.exe
+ 2010-02-15 10:59 . 2007-08-13 23:54 180736 c:\windows\ie8\ieui.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 268288 c:\windows\ie8\iertutil.dll
+ 2010-02-15 10:59 . 2007-08-13 23:54 287744 c:\windows\ie8\ieproxy.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 192512 c:\windows\ie8\iepeers.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 385024 c:\windows\ie8\iedkcs32.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 380928 c:\windows\ie8\ieapfltr.dll
+ 2010-02-15 10:59 . 2009-12-18 13:04 161792 c:\windows\ie8\ieakui.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 230400 c:\windows\ie8\ieaksie.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 153088 c:\windows\ie8\ieakeng.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 214528 c:\windows\ie8\dxtrans.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 347136 c:\windows\ie8\dxtmsft.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 124928 c:\windows\ie8\advpack.dll
+ 2010-02-06 01:52 . 2010-02-06 01:52 464272 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2009-01-05 20:44 . 2009-01-05 20:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 19:44 . 2010-02-13 23:49 142848 c:\windows\BDOSCAN8\libfn.dll
- 2009-01-05 19:44 . 2009-08-24 08:33 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 19:44 . 2009-01-05 20:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
- 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 19:44 . 2010-02-13 23:52 107800 c:\windows\BDOSCAN8\bdcore.dll
+ 2003-03-31 12:00 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2009-12-21 19:14 5942784 c:\windows\system32\mshtml.dll
+ 2006-10-17 15:57 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-06 03:01 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2007-05-25 01:41 . 2009-12-21 19:14 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-05-25 01:41 . 2009-12-21 19:14 5942784 c:\windows\system32\dllcache\mshtml.dll
+ 2007-04-25 08:41 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-04-17 09:28 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2010-02-14 08:06 . 2010-02-14 08:06 3940352 c:\windows\Installer\4c9f892.msi
+ 2010-02-15 11:08 . 2009-10-29 07:45 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2010-02-15 11:06 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2010-02-15 11:06 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2010-02-15 11:06 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 1168384 c:\windows\ie8\urlmon.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 3599360 c:\windows\ie8\mshtml.dll
+ 2010-02-15 10:59 . 2010-01-05 10:00 6067200 c:\windows\ie8\ieframe.dll
+ 2010-02-15 10:59 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
- 2007-05-25 01:55 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
+ 2007-05-25 01:55 . 2010-02-01 16:26 30364104 c:\windows\system32\MRT.exe
+ 2006-11-08 01:03 . 2009-12-21 19:14 11070464 c:\windows\system32\ieframe.dll
+ 2007-04-25 08:41 . 2009-12-21 19:14 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2010-02-15 11:08 . 2009-10-29 07:45 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2010-02-15 11:06 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
path=c:\documents and settings\Bea\Start Menu\Programs\Startup\Secunia PSI.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Bea^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-02-06 00:59 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2010-02-06 03:26 1236992 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-10 02:09 135664 ----atw- c:\documents and settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2010-02-06 02:49 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2010-02-06 02:49 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2010-02-06 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-02-06 04:04 471040 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-06-26 20:47 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 23:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2006-06-26 20:55 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-06-23 15:39 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-04-17 23:27 9117696 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 18:17 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-02-06 00:59 16248320 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-14 05:03 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 21:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2007-06-08 14:59 224248 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloDMV"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/25/2009 5:27 AM 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/2/2009 7:56 PM 55152]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [4/26/2007 12:21 AM 99248]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [5/24/2007 6:53 PM 2208]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 15:12]

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003Core.job
- c:\documents and settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 02:09]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003UA.job
- c:\documents and settings\Bea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 02:09]

2010-02-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2010-02-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Bea\Application Data\Mozilla\Firefox\Profiles\7ey52m4f.default\
FF - plugin: c:\documents and settings\Bea\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Security Antivirus - c:\documents and settings\All Users\Application Data\920b81e\SA920b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 20:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-02-16 20:45:48
ComboFix-quarantined-files.txt 2010-02-17 01:45
ComboFix2.txt 2010-02-13 12:45

Pre-Run: 43,244,744,704 bytes free
Post-Run: 43,204,501,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F734413019E179D3B68F09A94F52AA73

Edited by butterrice, 16 February 2010 - 08:12 PM.

  • 0

#33
RKinner
Posted 16 February 2010 - 08:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looks a lot better tho Combofix still thinks the antivirus is still there. Run OTL again and MBAM (quick scan) and post their logs.

It's possible that you are being attacked from the network. Let's install Comodo Firewall.

Comodo is a bit trickier. You get it:
http://www.personalf...all.comodo.com/

Decline any free offers and make sure you only have the firewall checked. (Top option of three if I remember correctly). They will try and talk you into some other stuff but just be firm. There is an option for a virus scan but I would decline it. They are prone to false positives. They will ask you if you are sure your system is clean. Tell them yes.

Comodo will annoy you to death at first since any time something wants to go out it will have to ask permission. You can tell it to remember your answer then it won't ask you again for that software. You will need to let svchost.exe and your browser go out as well as the MS anti-virus.

Ron
  • 0

#34
butterrice
Posted 16 February 2010 - 09:07 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Okay - Comodo installed,Microsoft Security Essentials is running. Here are the logs:

MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3748
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/16/2010 9:43:43 PM
mbam-log-2010-02-16 (21-43-43).txt

Scan type: Quick Scan
Objects scanned: 133559
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL:

OTL logfile created on: 2/16/2010 9:26:56 PM - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Bea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 40.27 Gb Free Space | 66.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 51.29 Gb Total Space | 46.97 Gb Free Space | 91.56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-CELERON-M
Current User Name: Bea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/12 17:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
PRC - [2010/02/05 22:26:13 | 000,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2010/02/05 22:26:09 | 001,093,632 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/10/10 16:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/04 01:38:34 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/04/26 00:21:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/03/05 02:40:25 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2006/06/23 10:40:58 | 000,086,016 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/04/29 05:13:46 | 000,766,041 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/01/17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2004/10/08 10:50:52 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe


========== Modules (SafeList) ==========

MOD - [2010/02/12 17:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
MOD - [2007/03/26 13:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2006/06/23 10:40:58 | 000,081,920 | ---- | M] (Logitech) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 22:26:13 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/03 10:12:34 | 001,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/11 13:17:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/06 22:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/04/26 00:21:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/30 13:39:36 | 000,482,920 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe -- (ioloDMV)
SRV - [2006/06/23 10:40:58 | 000,086,016 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/01/17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/15 00:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/14 03:06:25 | 000,000,000 | ---D | M]

[2010/02/15 00:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Mozilla\Extensions
[2009/08/14 02:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Mozilla\Extensions\[email protected]
[2010/02/15 02:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Mozilla\Firefox\Profiles\7ey52m4f.default\extensions
[2010/02/14 02:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2010/02/15 17:07:43 | 000,002,803 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe (Lexmark)
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1180052573437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183974491937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/24 17:07:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/16 20:24:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/16 20:21:15 | 000,000,000 | ---D | C] -- C:\George7612G
[2010/02/16 17:31:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/15 05:59:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/14 17:18:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/14 03:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Application Data\WinPatrol
[2010/02/14 03:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/02/14 03:14:26 | 000,999,160 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Bea\My Documents\wpsetup.exe
[2010/02/14 03:02:32 | 027,386,256 | ---- | C] ( ) -- C:\Documents and Settings\Bea\My Documents\AdbeRdr930_en_US.exe
[2010/02/14 02:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/13 07:24:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/13 07:24:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/13 07:24:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/13 07:24:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/13 07:23:28 | 000,000,000 | ---D | C] -- C:\George
[2010/02/13 07:22:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/12 17:02:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
[2010/02/11 23:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\gmer
[2010/02/11 20:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/08 22:30:39 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Bea\My Documents\WinsockxpFix.exe
[2010/02/08 21:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\XP TCPIP Repair
[2010/02/08 21:51:22 | 000,578,557 | ---- | C] (WareSoft Software ) -- C:\Documents and Settings\Bea\My Documents\xptcprep.exe
[2010/02/07 18:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2010/02/07 18:26:45 | 000,947,042 | ---- | C] (Phyxion.net - Guru3D.com ) -- C:\Documents and Settings\Bea\My Documents\DriverSweeper_1.5.5_setup__Guru3D.com_.exe
[2010/02/07 11:41:10 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/02/07 11:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2010/02/06 23:47:32 | 000,088,363 | ---- | C] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
[2010/02/06 23:47:31 | 000,064,512 | ---- | C] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe
[2010/02/06 23:47:15 | 001,270,540 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys
[2010/02/06 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Application Data\System Tweaker
[2010/02/06 23:16:55 | 002,698,976 | ---- | C] (Uniblue ) -- C:\Documents and Settings\Bea\My Documents\systemtweaker.exe
[2010/02/06 21:36:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/02/06 21:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Microsoft Corporation
[2010/02/06 21:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/02/06 15:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/06 14:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\LAN Driver Marvell 8.55.4.3
[2010/02/06 14:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Chipset Driver Intel 8.0.0.1009
[2010/02/06 01:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/02/06 01:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\My Drivers
[2010/02/06 01:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Innovative Solutions
[2010/02/06 01:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\iXi Tools
[2010/02/06 00:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/06 00:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/02/06 00:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/02/06 00:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Application Data\Uniblue
[2010/02/06 00:02:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2010/02/05 23:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2010/02/05 23:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\LaunchMgr_Dritek_1.2.0.1208_XPx86
[2010/02/05 23:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2010/02/05 22:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Acer GridVista_2.53.0209_XPx86
[2010/02/05 22:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/02/05 22:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Broadcom_4.10.40_XPx86
[2010/02/05 21:58:18 | 000,546,976 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\ar5211.sys
[2010/02/05 21:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010/02/05 21:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_5.3.0.45_XPx86_A
[2010/02/05 21:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\VGA_Nvidia_8.4.8.5_XPx86
[2010/02/05 21:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\VGA_Intel_6.14.10.4543_XPx86
[2010/02/05 21:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Touchpad_Synaptics_8.3.0.0_XPx86
[2010/02/05 21:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Modem_Agere_2.1.7.5_XPx86
[2010/02/05 21:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.55.4.3_XPx86
[2010/02/05 21:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.59.5.3_XPx86_A
[2010/02/05 21:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2010/02/05 21:17:32 | 000,162,432 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
[2010/02/05 21:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\CardReader_TI_2.0.0.2_XPx86
[2010/02/05 21:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SUYIN NB Cam
[2010/02/05 21:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Camera_Suyin_1.0.0.1_XPx86
[2010/02/05 20:56:36 | 000,245,824 | ---- | C] (Logitech) -- C:\WINDOWS\Instexec.exe
[2010/02/05 20:56:27 | 000,245,824 | R--- | C] (Logitech) -- C:\WINDOWS\System32\InstExec.exe
[2010/02/05 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/02/05 20:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acer
[2010/02/05 20:56:02 | 000,319,488 | ---- | C] (Acer) -- C:\WINDOWS\System32\CamCplRes.dll
[2010/02/05 20:56:02 | 000,086,016 | ---- | C] (Acer) -- C:\WINDOWS\System32\vatee.ax
[2010/02/05 20:56:01 | 000,303,104 | ---- | C] (Acer) -- C:\WINDOWS\System32\camcpl.cpl
[2010/02/05 20:55:57 | 000,167,936 | ---- | C] (Acer) -- C:\WINDOWS\System32\VxLib.dll
[2010/02/05 20:55:57 | 000,151,552 | ---- | C] (Acer) -- C:\WINDOWS\System32\VLib.dll
[2010/02/05 20:55:53 | 000,039,424 | ---- | C] (Acer) -- C:\WINDOWS\System32\VxLibRes.dll
[2010/02/05 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2010/02/05 20:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Camera_Logitech_9.4.4.1082_XPx86
[2010/02/05 20:43:15 | 000,077,942 | ---- | C] (Bison Inc.) -- C:\WINDOWS\System32\BisonRem.dll
[2010/02/05 20:43:14 | 000,806,272 | ---- | C] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\drivers\BisonCam.sys
[2010/02/05 20:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\BisonCam
[2010/02/05 20:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Camera_Bison_5.0.0.8_XPx86
[2010/02/05 20:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/02/05 20:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Bluetooth_Broadcom_5.0.1.1500_XPx86
[2010/02/05 19:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86
[2010/02/05 19:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\My Documents\Chipset_Intel_8.0.0.1009_XPx86
[2010/02/02 23:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/02 23:36:25 | 011,650,440 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Bea\My Documents\Opera_1010_in_Setup.exe
[2010/02/02 23:13:31 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\Bea\My Documents\Firefox Setup 3.6.exe
[2010/02/02 23:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/02 23:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/02 22:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/02 22:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Temp
[2010/02/02 22:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bea\Local Settings\Application Data\Deployment
[2010/01/09 19:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/09 06:27:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/22 09:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/24 17:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/11/26 02:56:51 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2007/08/28 21:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/18 17:36:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/25 18:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2007/05/24 17:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/03/02 09:13:41 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/03/02 09:12:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/03/02 09:05:53 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/03/02 09:04:14 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/03/02 09:02:55 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/03/02 09:00:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/03/02 08:59:32 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/03/02 08:58:58 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/03/02 08:51:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/03/02 08:51:09 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/03/02 08:47:01 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Documents and Settings\Bea\My Documents\*.tmp files -> C:\Documents and Settings\Bea\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/16 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job
[2010/02/16 21:25:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/16 21:22:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/16 21:20:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/16 21:20:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/16 21:20:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/16 21:14:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003UA.job
[2010/02/16 21:14:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003Core.job
[2010/02/16 20:40:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/16 20:24:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/16 20:19:52 | 003,860,256 | R--- | M] () -- C:\Documents and Settings\Bea\Desktop\George.exe
[2010/02/16 18:37:28 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Bea\ntuser.dat
[2010/02/16 18:37:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bea\ntuser.ini
[2010/02/15 17:27:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/02/15 17:27:17 | 000,000,136 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/15 17:07:43 | 000,002,803 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/15 06:08:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/15 01:10:54 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Report for Geeks to go.doc
[2010/02/15 01:00:46 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\Google Chrome.lnk
[2010/02/15 00:19:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/14 03:14:29 | 000,999,160 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Bea\My Documents\wpsetup.exe
[2010/02/14 03:02:35 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Bea\My Documents\AdbeRdr930_en_US.exe
[2010/02/13 20:54:41 | 000,020,831 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\bitdefender.html
[2010/02/12 17:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\Desktop\OTL.exe
[2010/02/12 04:18:58 | 000,121,968 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\OTL.exe
[2010/02/11 23:07:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\gmer.zip
[2010/02/11 23:06:02 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bea\My Documents\~$port for Geeks to go.doc
[2010/02/11 20:39:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/11 20:36:20 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\NTREGOPT.lnk
[2010/02/11 20:36:20 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\ERUNT.lnk
[2010/02/11 20:28:02 | 000,668,796 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/11 20:28:02 | 000,559,764 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/11 20:28:02 | 000,099,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/11 20:16:32 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bea\My Documents\TFC.exe
[2010/02/09 21:07:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/09 21:05:39 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\Bea\My Documents\Firefox Setup 3.6.exe
[2010/02/08 22:30:49 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Bea\My Documents\WinsockxpFix.exe
[2010/02/08 21:53:21 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\XP TCPIP Repair.lnk
[2010/02/08 21:52:54 | 000,578,557 | ---- | M] (WareSoft Software ) -- C:\Documents and Settings\Bea\My Documents\xptcprep.exe
[2010/02/07 18:27:07 | 000,947,042 | ---- | M] (Phyxion.net - Guru3D.com ) -- C:\Documents and Settings\Bea\My Documents\DriverSweeper_1.5.5_setup__Guru3D.com_.exe
[2010/02/07 09:01:01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\reg clnrreg code.doc
[2010/02/07 09:00:08 | 000,061,009 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\reg clnr receipt uniblue.pdf
[2010/02/07 08:34:23 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/02/06 23:21:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Serial number for Uniblue.doc
[2010/02/06 23:20:30 | 000,061,146 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Uniblue Driver scan and system tweaker reciept.pdf
[2010/02/06 23:17:44 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\System Tweaker.lnk
[2010/02/06 23:17:08 | 002,698,976 | ---- | M] (Uniblue ) -- C:\Documents and Settings\Bea\My Documents\systemtweaker.exe
[2010/02/06 22:32:11 | 000,182,946 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.59.5.3_XPx86_A.zip
[2010/02/06 22:25:10 | 000,183,006 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\LAN Driver Marvell 8.55.4.3.zip
[2010/02/06 22:10:15 | 000,041,403 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\upgrade win 7 req.mht
[2010/02/06 21:35:45 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/02/06 14:17:50 | 001,748,621 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Chipset Driver Intel 8.0.0.1009.zip
[2010/02/06 00:04:03 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/02/05 23:05:23 | 000,000,083 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/02/05 23:05:00 | 000,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
[2010/02/05 23:05:00 | 000,005,120 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\FILTRCOI.DLL
[2010/02/05 23:04:57 | 000,147,456 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2010/02/05 23:04:54 | 000,049,152 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
[2010/02/05 23:04:24 | 004,187,088 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\LaunchMgr_Dritek_1.2.0.1208_XPx86.zip
[2010/02/05 23:00:23 | 000,000,092 | ---- | M] () -- C:\WINDOWS\GridV.UNI
[2010/02/05 22:59:13 | 000,655,741 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Acer GridVista_2.53.0209_XPx86.zip
[2010/02/05 22:26:13 | 002,129,920 | ---- | M] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2010/02/05 22:26:13 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/02/05 22:26:12 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\preflib.dll
[2010/02/05 22:26:08 | 000,069,632 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2010/02/05 22:26:07 | 000,033,664 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2010/02/05 22:25:55 | 000,757,760 | ---- | M] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/02/05 22:25:24 | 076,850,498 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Broadcom_4.10.40_XPx86.zip
[2010/02/05 22:00:35 | 001,667,957 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_4.2.2.7_XPx86.zip
[2010/02/05 21:56:43 | 002,791,534 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_5.3.0.45_XPx86_A.zip
[2010/02/05 21:54:02 | 022,001,318 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\VGA_Nvidia_8.4.8.5_XPx86.zip
[2010/02/05 21:49:12 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2010/02/05 21:49:12 | 000,058,704 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/02/05 21:49:12 | 000,023,216 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/02/05 21:49:12 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
[2010/02/05 21:47:01 | 005,215,049 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\VGA_Intel_6.14.10.4543_XPx86.zip
[2010/02/05 21:42:12 | 000,081,920 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2010/02/05 21:41:34 | 005,597,177 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Touchpad_Synaptics_8.3.0.0_XPx86.zip
[2010/02/05 21:33:48 | 000,693,947 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Modem_Agere_2.1.7.5_XPx86.zip
[2010/02/05 21:30:40 | 000,183,282 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.55.4.3_XPx86.zip
[2010/02/05 21:17:32 | 000,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
[2010/02/05 21:17:01 | 003,656,275 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\CardReader_TI_2.0.0.2_XPx86.zip
[2010/02/05 21:07:47 | 000,000,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acer OrbiCam.lnk
[2010/02/05 21:06:40 | 036,825,342 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Camera_Suyin_1.0.0.1_XPx86.zip
[2010/02/05 20:49:57 | 052,453,460 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Camera_Logitech_9.4.4.1082_XPx86.zip
[2010/02/05 20:42:13 | 003,724,479 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Camera_Bison_5.0.0.8_XPx86.zip
[2010/02/05 20:31:12 | 074,817,555 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Bluetooth_Broadcom_5.0.1.1500_XPx86.zip
[2010/02/05 19:59:19 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/02/05 19:59:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/02/05 19:58:52 | 025,516,506 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86.zip
[2010/02/05 19:34:03 | 001,766,423 | ---- | M] () -- C:\Documents and Settings\Bea\My Documents\Chipset_Intel_8.0.0.1009_XPx86.zip
[2010/02/02 23:36:26 | 011,650,440 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Bea\My Documents\Opera_1010_in_Setup.exe
[2010/02/02 23:07:52 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/02 22:49:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Documents and Settings\Bea\My Documents\*.tmp files -> C:\Documents and Settings\Bea\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/16 20:24:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/16 20:24:14 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/15 01:00:46 | 000,002,268 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\Google Chrome.lnk
[2010/02/14 03:06:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/14 02:03:46 | 000,020,831 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\bitdefender.html
[2010/02/13 07:24:57 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/13 07:24:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/13 07:24:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/13 07:24:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/13 07:24:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/13 07:21:04 | 003,860,256 | R--- | C] () -- C:\Documents and Settings\Bea\Desktop\George.exe
[2010/02/12 04:07:19 | 000,121,968 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\OTL.exe
[2010/02/11 23:07:39 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\gmer.zip
[2010/02/11 23:06:02 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bea\My Documents\~$port for Geeks to go.doc
[2010/02/11 20:29:20 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\NTREGOPT.lnk
[2010/02/11 20:29:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\ERUNT.lnk
[2010/02/09 21:09:06 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003UA.job
[2010/02/09 21:09:05 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003Core.job
[2010/02/09 21:07:16 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/08 21:53:21 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\XP TCPIP Repair.lnk
[2010/02/08 21:50:53 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Report for Geeks to go.doc
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32D.BAT
[2010/02/07 11:37:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32D.BAT
[2010/02/07 11:37:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32C.BAT
[2010/02/07 11:37:16 | 000,010,843 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010/02/07 11:37:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010/02/07 11:37:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010/02/07 09:00:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\reg clnrreg code.doc
[2010/02/07 09:00:08 | 000,061,009 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\reg clnr receipt uniblue.pdf
[2010/02/07 08:34:23 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/02/06 23:21:46 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Serial number for Uniblue.doc
[2010/02/06 23:20:30 | 000,061,146 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Uniblue Driver scan and system tweaker reciept.pdf
[2010/02/06 23:17:44 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Bea\Desktop\System Tweaker.lnk
[2010/02/06 22:10:15 | 000,041,403 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\upgrade win 7 req.mht
[2010/02/06 21:35:45 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/02/06 14:25:07 | 000,183,006 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\LAN Driver Marvell 8.55.4.3.zip
[2010/02/06 14:17:35 | 001,748,621 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Chipset Driver Intel 8.0.0.1009.zip
[2010/02/06 00:04:03 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/02/05 23:05:23 | 000,000,083 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/02/05 23:04:17 | 004,187,088 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\LaunchMgr_Dritek_1.2.0.1208_XPx86.zip
[2010/02/05 23:00:23 | 000,000,092 | ---- | C] () -- C:\WINDOWS\GridV.UNI
[2010/02/05 22:59:09 | 000,655,741 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Acer GridVista_2.53.0209_XPx86.zip
[2010/02/05 22:25:07 | 076,850,498 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Broadcom_4.10.40_XPx86.zip
[2010/02/05 22:00:32 | 001,667,957 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_4.2.2.7_XPx86.zip
[2010/02/05 21:58:18 | 000,084,470 | ---- | C] () -- C:\WINDOWS\System32\net5211.inf
[2010/02/05 21:58:18 | 000,020,888 | ---- | C] () -- C:\WINDOWS\System32\net5211.cat
[2010/02/05 21:56:40 | 002,791,534 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Wireless LAN_Atheros_5.3.0.45_XPx86_A.zip
[2010/02/05 21:54:01 | 022,001,318 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\VGA_Nvidia_8.4.8.5_XPx86.zip
[2010/02/05 21:46:57 | 005,215,049 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\VGA_Intel_6.14.10.4543_XPx86.zip
[2010/02/05 21:41:30 | 005,597,177 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Touchpad_Synaptics_8.3.0.0_XPx86.zip
[2010/02/05 21:33:48 | 000,693,947 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Modem_Agere_2.1.7.5_XPx86.zip
[2010/02/05 21:30:39 | 000,183,282 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.55.4.3_XPx86.zip
[2010/02/05 21:19:51 | 000,182,946 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Lan_Marvell_8.59.5.3_XPx86_A.zip
[2010/02/05 21:16:56 | 003,656,275 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\CardReader_TI_2.0.0.2_XPx86.zip
[2010/02/05 21:08:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\DetectHWID.exe
[2010/02/05 21:07:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\mmEffect.ax
[2010/02/05 21:06:33 | 036,825,342 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Camera_Suyin_1.0.0.1_XPx86.zip
[2010/02/05 20:56:27 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2010/02/05 20:49:51 | 052,453,460 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Camera_Logitech_9.4.4.1082_XPx86.zip
[2010/02/05 20:43:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System\StillDrv.dll
[2010/02/05 20:43:15 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System\BisonVfw.dll
[2010/02/05 20:43:15 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20H0220.csr
[2010/02/05 20:43:15 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20F0220.csr
[2010/02/05 20:43:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System\BisonCam.dll
[2010/02/05 20:43:14 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/02/05 20:43:14 | 000,013,448 | ---- | C] () -- C:\WINDOWS\M2000Twn.src
[2010/02/05 20:43:12 | 000,000,485 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acer OrbiCam.lnk
[2010/02/05 20:41:57 | 003,724,479 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Camera_Bison_5.0.0.8_XPx86.zip
[2010/02/05 20:30:54 | 074,817,555 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Bluetooth_Broadcom_5.0.1.1500_XPx86.zip
[2010/02/05 19:58:00 | 025,516,506 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Audio_Realtek_5.10.0.5273_XPx86.zip
[2010/02/05 19:33:57 | 001,766,423 | ---- | C] () -- C:\Documents and Settings\Bea\My Documents\Chipset_Intel_8.0.0.1009_XPx86.zip
[2010/02/02 23:07:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/28 20:36:37 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Bea\Application Data\msnpromo.txt
[2009/09/01 08:30:27 | 000,000,597 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/27 20:21:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/11/26 03:08:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2007/11/26 03:08:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2007/11/26 03:08:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2007/11/26 03:08:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2007/11/26 02:58:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2007/11/26 02:56:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2007/11/26 02:55:42 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2007/11/19 06:35:42 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/11 23:48:47 | 000,006,314 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2007/07/31 00:00:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/07/21 14:30:59 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 19:13:09 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/07/18 19:13:09 | 000,046,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/07/18 19:13:09 | 000,039,552 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/07/18 19:13:09 | 000,037,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/05/26 08:50:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/26 08:45:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/25 18:44:06 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/05/25 18:44:00 | 000,435,816 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/05/25 18:34:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/05/25 18:33:26 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2007/05/25 18:15:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/24 18:53:58 | 000,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys
[2007/04/25 21:17:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/06/23 10:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006/06/23 10:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006/06/13 10:03:00 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/13 10:03:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/01 07:55:00 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2006/01/17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2002/08/13 00:55:38 | 000,467,001 | ---- | C] () -- C:\WINDOWS\System32\W3MKDE.DLL
[2002/08/13 00:55:38 | 000,061,499 | ---- | C] () -- C:\WINDOWS\System32\W3MKDERC.DLL
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/02/07 11:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2010/02/06 00:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/05/16 13:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/04/27 20:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/05/25 18:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/02/06 01:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2007/05/25 18:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/12/06 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/02/06 00:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/08 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/07/18 19:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2009/08/23 17:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/16 20:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2007/07/31 00:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/04/05 20:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/06 00:04:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/09/15 22:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 21:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/25 05:22:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/10/11 23:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Blackberry Desktop
[2008/06/05 18:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\CheckPoint
[2009/05/16 13:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\eBay
[2009/08/31 04:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\FrostWire
[2008/04/27 20:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\HotSync
[2007/05/26 13:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Individual Software
[2007/05/25 18:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\InterTrust
[2007/05/25 18:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\iolo
[2007/08/18 02:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Leadertech
[2007/11/26 03:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Lexmark Productivity Studio
[2009/08/14 03:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\LimeWire
[2007/12/09 04:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\MailFrontier(2)
[2010/01/28 20:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\MSNInstaller
[2009/08/18 21:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Netscape
[2007/09/11 23:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\QuitCounter
[2009/03/16 23:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Research In Motion
[2010/02/06 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\System Tweaker
[2010/02/07 08:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Uniblue
[2010/02/14 03:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\WinPatrol
[2009/08/25 05:31:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/02/16 21:25:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/02/16 21:20:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/02/16 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job

========== Purity Check ==========


< End of report >
  • 0

#35
butterrice
Posted 16 February 2010 - 09:14 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
When I try to search in Google, it is still switching to this "find Gala" search engine. To use Google I have to physically put the url in.
  • 0

#36
RKinner
Posted 17 February 2010 - 12:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
In IE, Tools, Manage Add-ons, Search Providers, Make sure Google is number 1. Delete Gala.

Ron
  • 0

#37
butterrice
Posted 17 February 2010 - 07:19 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Gala is not even listed. It shows Google as my default. I have discovered that when I type in google in the address bar, a rogue site of Google appears. It's not even a real google page. Could this be the Google Redirect virus that wreaks havoc on the whole computer?
  • 0

#38
RKinner
Posted 17 February 2010 - 08:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall Frostwire. It appears to be nothing more than a virus delivery system.

Let's run tdsskiller. If it stops and asks you something just hit Enter. It will create a log C:\tdsskiller-something.txt which I'd like to see.

http://support.kaspe...s?qid=208280684

Ron
  • 0

#39
butterrice
Posted 18 February 2010 - 07:27 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
I d/l the program, and hit run. The black text box came up and told me to "hit any key to continue". When I do that - nothing happens.
  • 0

#40
RKinner
Posted 18 February 2010 - 09:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Did you right click on it and Extract All first? That should create a folder of the same name and inside the folder should be the file you need to run.

Ron
  • 0

Advertisements

#41
butterrice
Posted 18 February 2010 - 09:45 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Yeah - I had to extract after d/l it. The seperate folder is on my desktop. When I click it, I hit run. A black box comes up and in the box it states to "hit any key to continue" when I do that, nothing happens. Like the other programs before it, an hour glass pops up, but nothing happens.
  • 0

#42
RKinner
Posted 19 February 2010 - 01:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can you copy it to c:\ then

Start, Run, cmd , OK to bring up a new command window then type with an Enter after each line:

cd \

(CD SPACE \ )

tdsskiller.exe

(Does it leave an error message?)

Ron
  • 0

#43
butterrice
Posted 19 February 2010 - 05:41 AM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Yes - it says "tdsskiller.exe is not recognized as an internal or external command, operable program or batch file"
  • 0

#44
RKinner
Posted 19 February 2010 - 11:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
in the command window type:

cd \

(CD SPACE \)

dir /a t*.* > junk.txt

(DIR SPACE /A SPACE asterisk.asterisk SPACE > SPACE junk.txt)

notepad junk.txt

(notepad SPACE junk.txt)

copy the text and paste it to a reply.

Ron
  • 0

#45
butterrice
Posted 19 February 2010 - 04:19 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Here ya go-

Volume in drive C has no label.
Volume Serial Number is 8019-DC61

Directory of C:\

02/18/2010 08:21 PM 28,746 TDSSKiller.2.2.4_18.02.2010_20.21.14_log.txt
02/18/2010 08:22 PM 29,126 TDSSKiller.2.2.4_18.02.2010_20.22.34_log.txt
02/18/2010 08:25 PM 28,746 TDSSKiller.2.2.4_18.02.2010_20.25.47_log.txt
02/18/2010 08:35 PM 28,746 TDSSKiller.2.2.4_18.02.2010_20.35.45_log.txt
02/18/2010 08:37 PM 28,746 TDSSKiller.2.2.4_18.02.2010_20.37.28_log.txt
02/19/2010 06:39 AM 28,746 TDSSKiller.2.2.4_19.02.2010_06.39.10_log.txt
02/19/2010 06:43 AM 28,746 TDSSKiller.2.2.4_19.02.2010_06.43.02_log.txt
02/13/2010 07:38 AM <DIR> Temp
7 File(s) 201,602 bytes
1 Dir(s) 42,978,693,120 bytes free
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP