Jump to content

Recommended Posts

for a few days now I have had connection problems and if I unplug my computer it helps some of the time. I would like to know if this has to do with Google and Microsoft departing or divorcing. I have Clear.com and should be using Google. My mail is coming back to me and trashing. I just deleted all the filters to see if that would help . I run XP Pro , use modem and router. Need to remove recently discontinued McAfee that was constantly interrupted . I love this program and hope to get some help. Mine is a purchased version.

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

I need to remove McAfee, the renewal was in May 2010 and I didn't purchase it again. Recent Add/Remove programs that I am aware of are McAfee, SuperAntiSpyware free version in order to down load the purchased version. The web would not come up and has been doint that for several weeks, I am the sole user . No one but me uses this home computer, and I am not in a work group. I do not run a server, and have been on Facebook sense December 2009. My email has been comprimised, and sent bills to programs I never owned or used ( to my knowledge) . I had to shut my computer down manually after the attacheed scan was finished. There was the End Program Error Message requesting to cancle the log off or I would lose information. I pressed "End Program Now" and then another End Error Message popped up and that was "End Program Connections Tray" I then pressed the off button and held it until the computer shut down. Log attached

OTL logfile created on: 6/4/2010 2:22:56 AM - Run 2

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Judith\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 701.00 Mb Available Physical Memory | 69.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 54.91 Gb Free Space | 73.68% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JUDITH-1C7E16C3

Current User Name: Judith

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/04 01:48:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

PRC - [2010/04/24 10:49:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Judith\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/12/06 05:09:30 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

PRC - [2005/09/21 16:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE

PRC - [2005/09/21 11:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010/06/04 01:48:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2004/12/10 23:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel®

DRV - [2004/06/07 11:43:51 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®

DRV - [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com

IE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

[2010/06/03 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions

[2010/06/03 18:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions

[2010/06/03 18:11:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2010/02/02 13:13:32 | 000,000,685 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/16 06:38:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/04 01:48:16 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\SUPERAntiSpyware.com

[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/06/03 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/06/03 22:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpywarePro

[2010/06/03 21:55:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Judith\Recent

[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Local Settings\Application Data\Mozilla

[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\Mozilla

[2010/06/03 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/06/03 17:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/05/06 18:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/04 02:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F36817E0-CA3C-4786-A33B-28B8069AA52A}.job

[2010/06/04 02:17:00 | 000,092,290 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG

[2010/06/04 01:55:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003UA.job

[2010/06/04 01:49:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe

[2010/06/04 01:48:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

[2010/06/03 22:11:09 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Judith\ntuser.dat

[2010/06/03 22:09:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2010/06/03 21:53:41 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/06/03 21:53:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/03 21:53:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/03 21:53:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/03 19:04:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Judith\ntuser.ini

[2010/06/03 18:21:14 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp

[2010/06/03 17:58:11 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Google Chrome.lnk

[2010/06/03 17:56:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/03 16:57:28 | 003,784,400 | -H-- | M] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\IconCache.db

[2010/06/03 13:05:27 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt

[2010/06/03 10:55:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003Core.job

[2010/05/26 13:20:07 | 000,021,082 | ---- | M] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx

[2010/05/13 23:29:42 | 000,131,296 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\whats wrong with this.JPG

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/04 02:17:00 | 000,092,290 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG

[2010/06/04 01:49:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe

[2010/06/03 22:09:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2010/06/03 18:21:14 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp

[2010/06/03 13:05:27 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt

[2010/05/26 13:20:07 | 000,021,082 | ---- | C] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx

[2010/05/18 18:13:23 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Judith\avgrep.txt

[2010/05/13 23:29:42 | 000,131,296 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\whats wrong with this.JPG

[2010/02/17 21:53:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010/01/24 03:16:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2010/01/17 10:11:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/11/17 13:04:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2009/11/17 13:04:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2009/11/16 16:16:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/11/16 08:33:41 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009/11/16 08:16:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/11/16 06:50:12 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2006/07/30 22:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini

[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

< End of report >

Link to post
Share on other sites

Hello, please try to run GMER also, if it gives any trouble, try it with the Sections option only checked.

Please rerun OTL, make sure under Extra Registry Use Safelist is checked and rerun the scan. This will create extra.txt. Please post that in your next reply.

If you have any trouble with the scans, just let me know :)

Link to post
Share on other sites

Extras, for OTL . I did run GMER but do not see a log for it.

OTL Extras logfile created on: 6/4/2010 2:06:36 AM - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Judith\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 712.00 Mb Available Physical Memory | 70.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 54.91 Gb Free Space | 73.68% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JUDITH-1C7E16C3

Current User Name: Judith

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help

"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan

"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700

"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}" = XMLinst

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"Diablo" = Diablo

"Diablo II" = Diablo II

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Officejet All-In-One Series" = HP Officejet All-In-One Series

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"Intel® 536EP Modem" = Intel® 536EP Modem

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PROSet" = Intel® PRO Network Adapters and Drivers

"Talisman Online_is1" = Talisman Online Ver.1578

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Search Defender" = Yahoo! Search Protection

"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Diablo" = Diablo

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/1/2010 7:30:56 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 6/3/2010 3:55:54 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 4:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 6:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:16:34 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:26:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:27:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:30:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 6/3/2010 8:32:15 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:34:40 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 30 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 29 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help

"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan

"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700

"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}" = XMLinst

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"Diablo" = Diablo

"Diablo II" = Diablo II

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Officejet All-In-One Series" = HP Officejet All-In-One Series

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"Intel® 536EP Modem" = Intel® 536EP Modem

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PROSet" = Intel® PRO Network Adapters and Drivers

"Talisman Online_is1" = Talisman Online Ver.1578

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Search Defender" = Yahoo! Search Protection

"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Diablo" = Diablo

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/1/2010 7:30:56 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 6/3/2010 3:55:54 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 4:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 6:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:16:34 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:26:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:27:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:30:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 6/3/2010 8:32:15 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

Error - 6/3/2010 8:34:40 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 30 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 29 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

< End of report >

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

The computer is getting worse. I can hardly type

ComboFix 10-06-03.01 - Judith 06/04/2010 10:10:22.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.646 [GMT -7:00]

Running from: c:\documents and settings\Judith\Desktop\Combo-Fix3.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))

.

2010-06-04 05:09 . 2010-06-04 05:09 63488 ----a-w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-04 05:09 . 2010-06-04 05:09 52224 ----a-w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-04 05:09 . 2010-06-04 05:09 117760 ----a-w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-04 05:09 . 2010-06-04 05:09 -------- d-----w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com

2010-06-04 05:09 . 2010-06-04 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-04 05:08 . 2010-06-04 05:09 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-06-04 05:06 . 2010-06-04 05:06 -------- d-----w- c:\program files\SUPERAntiSpywarePro

2010-06-04 01:12 . 2010-06-04 01:12 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-06-04 01:12 . 2010-06-04 01:12 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-06-04 01:09 . 2010-06-04 01:09 -------- d-----w- c:\documents and settings\Judith\Local Settings\Application Data\Mozilla

2010-06-04 00:14 . 2010-06-04 00:14 -------- d-----w- c:\windows\system32\wbem\Repository

2010-05-07 01:12 . 2010-05-07 01:12 -------- d-----w- c:\windows\McAfee.com

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-04 01:12 . 2009-11-16 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-04 00:56 . 2009-11-16 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-04 00:52 . 2009-12-20 00:17 -------- d-----w- c:\program files\Google

2010-06-04 00:15 . 2010-04-24 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-04 00:14 . 2009-11-16 16:14 -------- d-----w- c:\program files\TalismanOnline

2010-06-04 00:13 . 2010-01-28 01:14 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-10 22:14 . 2009-11-16 21:28 -------- d-----w- c:\program files\Diablo II

2010-05-08 19:45 . 2009-11-17 22:13 -------- d-----w- c:\documents and settings\Judith\Application Data\HpUpdate

2010-05-01 18:26 . 2009-11-16 15:30 -------- d-----w- c:\program files\HP

2010-04-26 23:23 . 2010-04-26 23:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-04-26 04:42 . 2010-02-17 22:01 -------- d-----w- c:\documents and settings\Judith\Application Data\Malwarebytes

2010-04-26 04:42 . 2010-02-17 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-25 01:28 . 2010-04-25 01:28 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-04-24 23:58 . 2009-11-16 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-04-24 23:57 . 2010-04-24 23:17 -------- d-----w- c:\program files\Windows Installer Clean Up

2010-04-24 23:21 . 2010-04-24 23:21 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe

2010-04-24 23:17 . 2010-04-24 23:17 3584 ----a-r- c:\documents and settings\Judith\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-04-24 23:16 . 2010-04-24 23:16 -------- d-----w- c:\program files\MSECACHE

2010-04-24 23:05 . 2009-11-16 22:54 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-04-24 23:04 . 2010-04-24 23:04 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2010-04-24 17:48 . 2010-04-24 17:48 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2010-04-24 17:45 . 2009-11-16 16:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2010-04-24 17:43 . 2010-04-24 17:43 -------- d-----w- c:\program files\Defraggler

2010-04-24 17:42 . 2010-03-26 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-04-24 17:37 . 2010-04-18 10:13 -------- d-----w- c:\program files\Windows Live

2010-04-24 17:37 . 2010-04-18 10:14 -------- d-----w- c:\program files\Microsoft

2010-04-24 17:37 . 2010-04-18 10:18 -------- d-----w- c:\program files\Microsoft Silverlight

2010-04-18 10:17 . 2010-04-18 10:17 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-04-18 09:58 . 2010-04-18 09:58 -------- d-----w- c:\program files\Common Files\Windows Live

2010-03-30 07:46 . 2010-04-26 04:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 07:45 . 2010-04-26 04:42 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-23 20:21 . 2010-03-23 20:21 0 ----a-w- c:\windows\nsreg.dat

2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-02-16_00.55.56 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-11-16 14:15 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe

+ 2009-11-16 14:15 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

- 2009-11-17 20:04 . 2010-01-29 08:15 21840 c:\windows\system32\SIntfNT.dll

+ 2009-11-17 20:04 . 2010-03-02 09:18 21840 c:\windows\system32\SIntfNT.dll

+ 2009-11-17 20:04 . 2010-03-02 09:18 17212 c:\windows\system32\SIntf32.dll

- 2009-11-17 20:04 . 2010-01-29 08:15 17212 c:\windows\system32\SIntf32.dll

+ 2010-02-18 04:53 . 2010-03-02 09:18 12067 c:\windows\system32\SIntf16.dll

+ 2004-08-04 12:00 . 2010-04-24 17:48 71524 c:\windows\system32\perfc009.dat

+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll

+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll

+ 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll

- 2004-08-04 12:00 . 2008-04-14 13:42 11264 c:\windows\system32\msrle32.dll

- 2007-08-14 02:54 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll

- 2010-01-28 01:26 . 2010-01-28 01:26 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2010-06-04 01:12 . 2010-06-04 01:12 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2010-04-25 01:28 . 2010-04-25 01:28 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

- 2010-01-28 02:12 . 2010-01-28 02:12 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

- 2004-08-04 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll

- 2010-01-17 07:56 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2010-01-17 07:56 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll

+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll

+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll

+ 2009-11-16 14:23 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-11-16 14:23 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2007-08-14 02:54 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll

+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll

+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll

- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll

+ 2004-08-04 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll

+ 2010-02-16 02:37 . 2010-04-24 18:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2009-11-16 13:42 . 2010-02-15 23:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-11-16 13:42 . 2010-04-24 18:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-11-16 13:42 . 2010-02-15 23:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-02-16 02:37 . 2010-04-24 18:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll

+ 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll

- 2004-08-04 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll

- 2009-11-16 15:21 . 2010-01-17 17:47 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-11-16 15:21 . 2010-01-17 17:47 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-11-16 15:21 . 2010-01-17 17:47 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-12-22 04:09 . 2009-12-22 04:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll

+ 2009-12-22 09:57 . 2009-12-22 09:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe

+ 2009-12-22 04:02 . 2009-12-22 04:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll

+ 2009-12-22 07:21 . 2009-12-22 07:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe

+ 2009-12-22 07:37 . 2009-12-22 07:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe

+ 2009-12-22 02:39 . 2009-12-22 02:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe

+ 2009-12-22 02:27 . 2009-12-22 02:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll

+ 2009-12-22 02:27 . 2009-12-22 02:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll

+ 2008-10-25 16:18 . 2008-10-25 16:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL

+ 2008-10-25 16:18 . 2008-10-25 16:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE

+ 2010-04-24 18:49 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll

+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll

+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll

+ 2010-03-03 08:07 . 2010-03-03 08:07 81920 c:\windows\ALCFDRTM.EXE

+ 2010-04-24 18:48 . 2008-04-14 13:41 84480 c:\windows\$NtUninstallKB979309$\cabview.dll

+ 2010-02-24 15:42 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe

+ 2010-02-24 15:42 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll

+ 2010-02-16 17:43 . 2008-04-14 13:41 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll

+ 2010-02-16 17:42 . 2004-08-04 12:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll

+ 2010-02-16 17:42 . 2008-04-14 13:42 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll

+ 2010-02-16 17:42 . 2008-04-14 13:41 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll

+ 2010-02-16 17:42 . 2009-06-10 14:13 84992 c:\windows\$NtUninstallKB977914$\avifil32.dll

+ 2010-02-16 17:42 . 2008-04-14 13:42 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll

+ 2010-04-24 18:53 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll

+ 2010-04-24 18:53 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980182-IE8\update\spcustom.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980182-IE8\spmsg.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 12800 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\xpshims.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 55296 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeedsbs.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 25600 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\jsproxy.dll

+ 2010-04-24 18:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll

+ 2010-04-24 17:52 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll

+ 2010-04-24 18:53 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll

+ 2010-04-24 18:48 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll

+ 2010-04-24 18:48 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll

+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978706\spmsg.dll

+ 2010-04-24 18:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll

+ 2010-04-24 18:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll

+ 2010-02-16 17:44 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll

+ 2010-02-16 17:44 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978262\spmsg.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978251\spmsg.dll

+ 2010-02-16 17:43 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll

+ 2010-02-16 17:43 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978037\spmsg.dll

+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977914\spmsg.dll

+ 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll

+ 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll

+ 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll

+ 2009-11-27 16:28 . 2009-11-27 16:28 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll

+ 2010-02-17 09:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977165\update\spcustom.dll

+ 2010-02-17 09:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977165\spmsg.dll

+ 2010-02-24 15:42 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll

+ 2010-02-24 15:42 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975713\spmsg.dll

+ 2010-04-24 18:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll

+ 2010-04-24 18:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975560\spmsg.dll

+ 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll

+ 2010-02-16 17:44 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll

+ 2010-02-16 17:44 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971468\spmsg.dll

+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll

+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll

+ 2010-05-23 04:20 . 2010-05-23 04:24 2828 c:\windows\SoftwareDistribution\EventCache\{7BE3BAA0-F785-40B8-A5EC-F06ECB86CF60}.bin

+ 2010-01-15 03:21 . 2010-01-15 03:21 5644 c:\windows\McAfee.com\FreeScan\config.dat

+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll

+ 2010-02-16 17:42 . 2004-08-04 12:00 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll

+ 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll

- 2007-11-07 10:19 . 2007-11-07 10:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2007-11-07 08:19 . 2007-11-07 10:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

- 2007-11-07 10:19 . 2007-11-07 10:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 08:19 . 2007-11-07 10:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 03:23 . 2007-11-07 05:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

- 2007-11-07 05:23 . 2007-11-07 05:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

- 2008-10-25 05:15 . 2006-12-02 06:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 05:54 . 2006-12-02 06:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 05:54 . 2006-12-02 06:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

- 2008-10-25 05:15 . 2006-12-02 06:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 05:54 . 2006-12-02 06:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

- 2008-10-25 05:15 . 2006-12-02 06:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

- 2006-10-26 21:40 . 2006-10-26 21:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

+ 2005-09-23 05:48 . 2006-10-26 21:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

- 2006-10-26 21:40 . 2006-10-26 21:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-23 05:48 . 2006-10-26 21:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-23 05:48 . 2006-10-26 21:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

- 2006-10-26 21:40 . 2006-10-26 21:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll

+ 2004-08-04 12:00 . 2008-04-14 13:42 176640 c:\windows\system32\wintrust(3).dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll

- 2004-08-04 12:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet.dll

+ 2004-08-04 12:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet(7).dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\wininet(4)(2).dll

+ 2004-08-04 12:00 . 2009-03-08 12:33 420352 c:\windows\system32\vbscript(2).dll

- 2004-08-04 12:00 . 2008-04-14 13:42 474112 c:\windows\system32\shlwapi.dll

+ 2004-08-04 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll

+ 2004-08-04 12:00 . 2010-04-24 17:48 441764 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll

- 2004-08-04 12:00 . 2009-03-08 12:32 611840 c:\windows\system32\mstime.dll

- 2009-11-16 13:35 . 2008-04-14 13:42 343040 c:\windows\system32\mspaint.exe

+ 2009-11-16 13:35 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe

- 2007-08-14 02:54 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll

+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe

- 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll

+ 2004-08-04 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

+ 2009-11-16 13:36 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll

- 2009-11-16 13:36 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-04 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-04 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe

+ 2004-08-04 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe

+ 2004-08-04 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys

+ 2004-08-04 12:00 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys

+ 2004-08-04 12:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys

+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll

- 2007-08-14 02:54 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll

+ 2007-08-14 02:54 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll

- 2007-08-14 02:54 . 2009-03-08 12:33 420352 c:\windows\system32\dllcache\vbscript.dll

+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys

+ 2009-11-16 14:47 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys

- 2006-09-23 21:12 . 2006-09-23 21:12 474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2006-09-23 21:12 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2007-08-14 02:44 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll

- 2007-08-14 02:44 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll

- 2007-08-14 02:54 . 2009-03-08 12:32 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe

- 2009-11-16 14:23 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-11-16 14:23 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-11-16 14:46 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys

+ 2007-08-14 02:38 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll

- 2007-08-14 02:38 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll

- 2009-11-16 14:46 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll

+ 2009-11-16 14:46 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll

+ 2010-01-17 07:56 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll

- 2007-08-14 02:54 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll

- 2007-08-14 02:39 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-08-14 02:39 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-08-14 02:39 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2007-08-14 02:39 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll

+ 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll

+ 2010-05-06 12:40 . 2010-05-06 12:40 382361 c:\windows\McAfee.com\FreeScan\avvnames.dat

+ 2010-05-06 12:40 . 2010-05-06 12:40 473873 c:\windows\McAfee.com\FreeScan\avvclean.dat

+ 2001-07-13 14:04 . 2001-07-13 14:04 253952 c:\windows\Jasc Media Center Plus.scr

- 2001-07-13 15:04 . 2001-07-13 15:04 253952 c:\windows\Jasc Media Center Plus.scr

+ 2010-04-24 23:17 . 2010-04-24 23:17 472064 c:\windows\Installer\92874.msi

- 2009-11-16 15:21 . 2010-01-17 17:47 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-11-16 15:21 . 2010-01-17 17:47 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2009-11-16 15:21 . 2010-01-17 17:47 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

- 2009-11-16 15:21 . 2010-01-17 17:47 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-12-22 02:35 . 2009-12-22 02:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll

+ 2009-12-22 04:05 . 2009-12-22 04:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe

+ 2009-12-22 02:34 . 2009-12-22 02:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll

+ 2009-11-10 03:18 . 2009-11-10 03:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll

+ 2009-12-22 04:02 . 2009-12-22 04:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe

+ 2009-12-22 02:43 . 2009-12-22 02:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll

+ 2009-12-22 09:57 . 2009-12-22 09:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe

+ 2009-12-22 02:15 . 2009-12-22 02:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll

+ 2009-12-22 03:32 . 2009-12-22 03:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe

+ 2009-12-22 03:15 . 2009-12-22 03:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe

+ 2008-10-25 15:52 . 2008-10-25 15:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL

+ 2008-10-25 15:52 . 2008-10-25 15:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL

+ 2010-04-24 18:49 . 2009-03-08 12:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe

+ 2010-04-24 18:49 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe

+ 2010-04-24 18:49 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll

+ 2010-04-24 18:49 . 2009-03-08 12:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll

+ 2010-04-24 18:49 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe

+ 2010-02-24 15:42 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll

+ 2010-02-24 15:42 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe

+ 2010-02-24 15:42 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll

+ 2009-11-16 14:46 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2009-05-14 22:41 . 2009-05-14 22:41 380144 c:\windows\Downloaded Program Files\sabspx.dll

+ 2010-04-24 18:53 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll

+ 2010-04-24 18:53 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe

+ 2010-04-24 18:53 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys

+ 2010-04-24 18:53 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll

+ 2010-04-24 18:53 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe

+ 2010-04-24 18:48 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll

+ 2010-04-24 18:48 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe

+ 2010-02-24 15:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll

+ 2010-02-24 15:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2008-04-14 13:42 343040 c:\windows\$NtUninstallKB978706$\mspaint.exe

+ 2010-04-24 18:50 . 2008-04-14 13:42 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll

+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe

+ 2010-04-24 18:50 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys

+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe

+ 2010-04-24 18:50 . 2008-04-14 13:41 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll

+ 2010-02-16 17:44 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll

+ 2010-02-16 17:44 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys

+ 2010-02-16 17:43 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll

+ 2010-02-16 17:43 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe

+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe

+ 2010-02-17 09:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll

+ 2010-02-17 09:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2008-04-14 13:42 474112 c:\windows\$NtUninstallKB975713$\shlwapi.dll

+ 2010-04-24 18:50 . 2009-05-27 00:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll

+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe

+ 2010-02-16 17:44 . 2008-12-11 10:57 333952 c:\windows\$NtUninstallKB971468$\srv.sys

+ 2010-02-16 17:44 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll

+ 2010-02-16 17:44 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe

+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981332-IE8\update\update.exe

+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe

+ 2010-04-24 17:50 . 2010-03-10 06:18 420352 c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll

+ 2010-04-24 18:53 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll

+ 2010-04-24 18:53 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe

+ 2010-04-24 18:53 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe

+ 2010-04-24 17:52 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys

+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980182-IE8\update\updspapi.dll

+ 2010-04-24 18:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980182-IE8\update\update.exe

+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980182-IE8\spuninst.exe

+ 2010-04-24 17:50 . 2010-02-25 06:19 919040 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 206848 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\occache.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 611840 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mstime.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 594432 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeeds.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 247808 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieproxy.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 184320 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iepeers.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 387584 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iedkcs32.dll

+ 2010-04-24 17:50 . 2010-02-24 09:34 173056 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ie4uinit.exe

+ 2010-04-24 18:53 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll

+ 2010-04-24 18:53 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe

+ 2010-04-24 18:53 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe

+ 2010-04-24 18:48 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll

+ 2010-04-24 18:48 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe

+ 2010-04-24 18:48 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978706\update\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978706\update\update.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978706\spuninst.exe

+ 2009-12-16 18:27 . 2009-12-16 18:27 343040 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe

+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe

+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe

+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe

+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe

+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys

+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll

+ 2010-02-16 17:44 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978262\update\updspapi.dll

+ 2010-02-16 17:44 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978262\update\update.exe

+ 2010-02-16 17:44 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978262\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978251\update\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978251\update\update.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978251\spuninst.exe

+ 2010-02-10 03:46 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys

+ 2010-02-16 17:43 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978037\update\updspapi.dll

+ 2010-02-16 17:43 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978037\update\update.exe

+ 2010-02-16 17:43 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978037\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977914\update\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977914\update\update.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977914\spuninst.exe

+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll

+ 2010-04-24 18:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe

+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe

+ 2010-02-17 09:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977165\update\updspapi.dll

+ 2010-02-17 09:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977165\update\update.exe

+ 2010-02-17 09:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977165\spuninst.exe

+ 2010-02-24 15:42 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll

+ 2010-02-24 15:42 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe

+ 2010-02-24 15:42 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe

+ 2010-02-24 15:38 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975713\update\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975713\update\update.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975713\spuninst.exe

+ 2009-12-08 09:01 . 2009-12-08 09:01 474112 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll

+ 2010-04-24 18:50 . 2009-05-27 00:10 382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll

+ 2010-04-24 18:50 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB975561\update\update.exe

+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975561\spuninst.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975560\update\updspapi.dll

+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975560\update\update.exe

+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975560\spuninst.exe

+ 2010-02-16 17:44 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971468\update\updspapi.dll

+ 2010-02-16 17:44 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971468\update\update.exe

+ 2010-02-16 17:44 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971468\spuninst.exe

+ 2010-02-10 03:47 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys

+ 2004-08-04 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon(6).dll

+ 2004-08-04 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon(2)(3).dll

+ 2004-08-04 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll

+ 2004-08-04 12:00 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe

+ 2004-08-03 22:59 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe

+ 2004-08-04 12:00 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll

+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2007-08-14 02:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll

- 2007-08-14 02:34 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll

+ 2007-08-14 02:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil(2)(3).dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll

+ 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll

+ 2009-11-16 14:47 . 2010-02-17 16:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-11-16 14:47 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-11-16 14:47 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2009-11-16 14:49 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll

- 2009-11-16 14:49 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll

+ 2007-08-14 02:54 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll

+ 2010-04-24 17:52 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe

- 2009-11-16 14:23 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll

+ 2009-11-16 14:23 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll

+ 2010-02-05 00:24 . 2010-02-05 00:24 9122304 c:\windows\Installer\e1857.msp

+ 2010-02-21 08:00 . 2010-02-21 08:00 8480768 c:\windows\Installer\e1846.msp

+ 2010-04-25 01:34 . 2010-04-25 01:34 3940352 c:\windows\Installer\b544c.msi

+ 2010-04-27 22:43 . 2010-04-27 22:43 1523712 c:\windows\Installer\944b95.msi

+ 2010-02-05 01:24 . 2010-02-05 01:24 9122304 c:\windows\Installer\7b3eb29.msp

+ 2010-02-21 09:00 . 2010-02-21 09:00 8480768 c:\windows\Installer\7b3eb18.msp

+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\653973.msp

+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\54ee2.msp

+ 2010-02-21 08:03 . 2010-02-21 08:03 4472832 c:\windows\Installer\4410d91.msp

+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\3d8ad.msp

+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\399df.msp

+ 2010-02-21 08:03 . 2010-02-21 08:03 4472832 c:\windows\Installer\376a6f.msp

+ 2010-02-05 00:24 . 2010-02-05 00:24 9122304 c:\windows\Installer\376a58.msp

+ 2010-02-21 08:00 . 2010-02-21 08:00 8480768 c:\windows\Installer\376a47.msp

+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\21d8092.msp

- 2009-11-16 15:21 . 2010-01-17 17:47 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-11-16 15:21 . 2010-06-04 00:56 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-12-22 02:29 . 2009-12-22 02:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll

+ 2009-12-22 02:00 . 2009-12-22 02:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JSByteCodeWin.bin

+ 2009-12-22 07:31 . 2009-12-22 07:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll

+ 2008-08-26 06:50 . 2008-08-26 06:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL

+ 2009-03-06 12:00 . 2009-03-06 12:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL

+ 2008-11-10 18:49 . 2008-11-10 18:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL

+ 2008-11-25 06:16 . 2008-11-25 06:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE

+ 2010-04-24 18:49 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll

+ 2010-04-24 18:49 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll

+ 2009-11-16 14:47 . 2010-02-17 16:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-11-16 14:47 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-11-16 14:47 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-04-24 18:53 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe

+ 2010-04-24 18:53 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe

+ 2010-04-24 18:53 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

+ 2010-04-24 18:53 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe

+ 2010-02-17 09:05 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB977165$\ntoskrnl.exe

+ 2010-02-17 09:05 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB977165$\ntkrpamp.exe

+ 2010-02-17 09:05 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe

+ 2010-02-17 09:05 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe

+ 2010-04-24 18:50 . 2008-04-14 13:42 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe

+ 2010-02-16 17:42 . 2009-06-03 19:09 1291264 c:\windows\$NtUninstallKB975560$\quartz.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 1209856 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\urlmon.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 5946880 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 1986048 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iertutil.dll

+ 2010-04-24 17:52 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

+ 2010-04-24 17:52 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe

+ 2010-04-24 17:52 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe

+ 2010-04-24 17:52 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe

+ 2009-12-09 07:52 . 2009-12-09 07:52 2189312 c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

+ 2010-02-10 03:45 . 2009-12-08 17:40 2023936 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrpamp.exe

+ 2009-12-09 07:10 . 2009-12-09 07:10 2066176 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

+ 2010-02-10 03:46 . 2009-12-08 18:20 2145280 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlmp.exe

+ 2010-04-24 17:52 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe

+ 2009-11-27 17:23 . 2009-11-27 17:23 1291776 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll

+ 2009-12-26 18:38 . 2010-06-04 00:14 33643420 c:\windows\system32\Restore\rstrlog.dat

+ 2009-11-16 14:23 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe

+ 2007-08-14 02:54 . 2010-02-25 18:54 11070976 c:\windows\system32\ieframe.dll

+ 2007-08-14 02:54 . 2010-02-25 18:54 11070976 c:\windows\system32\ieframe(2)(3).dll

+ 2009-11-16 14:23 . 2010-02-25 18:54 11070976 c:\windows\system32\dllcache\ieframe.dll

+ 2010-05-06 12:40 . 2010-05-06 12:40 65725606 c:\windows\McAfee.com\FreeScan\avvscan.dat

+ 2010-04-18 10:18 . 2010-04-18 10:18 15706112 c:\windows\Installer\def5cf.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\b54ed.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\927f3.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\92771.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\926d6.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\92658.msp

+ 2010-03-22 23:03 . 2010-03-22 23:03 11732992 c:\windows\Installer\4410da2.msp

+ 2010-03-22 23:03 . 2010-03-22 23:03 11732992 c:\windows\Installer\376a80.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\3769ba.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\3585bc.msp

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\1ab1f.msp

+ 2010-04-18 12:02 . 2010-04-18 12:02 15710720 c:\windows\Installer\14324e0.msp

+ 2009-12-22 07:21 . 2009-12-22 07:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll

+ 2009-04-04 02:46 . 2009-04-04 02:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL

+ 2010-04-24 18:49 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll

+ 2010-04-24 17:50 . 2010-02-25 06:19 11073024 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"Google Update"="c:\documents and settings\Judith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-28 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]

c:\documents and settings\Judith\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-11-16 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/25/2010 9:42 PM 303952]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2010 9:42 PM 20824]

--- Other Services/Drivers In Memory ---

*Deregistered* - kwdoqaoc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003Core.job

- c:\documents and settings\Judith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 22:09]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003UA.job

- c:\documents and settings\Judith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 22:09]

2010-06-04 c:\windows\Tasks\User_Feed_Synchronization-{F36817E0-CA3C-4786-A33B-28B8069AA52A}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com

mStart Page = hxxp://www.yahoo.com

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc

SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-04 10:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(656)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-04 11:03:08

ComboFix-quarantined-files.txt 2010-06-04 18:02

Pre-Run: 59,109,179,392 bytes free

Post-Run: 59,105,267,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2B9F148B067A0A17D44A7C4E72561516

Link to post
Share on other sites

At this point, what exactly makes the computer hard to work with? Is it slow, unstable or something else?

I am asking because I see no trace whatsoever of malware here (it is not said it isn't there, therefore I need an as detailed description as possible about the exact issues you are having).

Link to post
Share on other sites

Note please I don't know much about computers but after I ran GMER and then shut down I got a warning that all information in fudog would be lost, I can still see that in regedit and do not know what that means. The computer is extremely slow. I can hardly open Outlook and do not know If I was supposed to run Windows Install Clean up . There seems to be much that needs to be removed in that program . I also took a few snaps of things I think need attention . I didn't upload those, due to trying to wait for more instructions. Thank you for all your help.

Link to post
Share on other sites

I also took a few snaps of things I think need attention . I didn't upload those, due to trying to wait for more instructions.
That would be helpful :P

If you have problems with uploading those snapshots, please let me know.

Link to post
Share on other sites

OTL logfile created on: 6/5/2010 10:41:05 AM - Run 3

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Judith\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 651.00 Mb Available Physical Memory | 64.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 54.99 Gb Free Space | 73.79% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JUDITH-1C7E16C3

Current User Name: Judith

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/05 10:38:03 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

PRC - [2010/04/24 10:49:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Judith\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/09/21 16:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE

PRC - [2005/09/21 11:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010/06/05 10:38:03 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2004/12/10 23:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel®

DRV - [2004/06/07 11:43:51 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®

DRV - [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com

IE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

[2010/06/03 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions

[2010/06/03 18:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions

[2010/06/03 18:11:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2010/02/02 13:13:32 | 000,000,685 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\ab17d95b-93c1-4def-ba6d-9baadd12779a.com (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/16 06:38:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/05 10:38:01 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

[2010/06/04 12:52:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/06/04 11:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/06/04 10:08:39 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/06/04 02:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Desktop\Game Notes

[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\SUPERAntiSpyware.com

[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/06/03 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/06/03 22:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpywarePro

[2010/06/03 21:55:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Judith\Recent

[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Local Settings\Application Data\Mozilla

[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\Mozilla

[2010/06/03 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/06/03 17:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/05/06 18:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/05 10:39:17 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Judith\ntuser.dat

[2010/06/05 10:38:03 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe

[2010/06/05 10:38:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F36817E0-CA3C-4786-A33B-28B8069AA52A}.job

[2010/06/05 10:00:56 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/06/05 10:00:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/05 10:00:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/05 10:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/04 23:55:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003UA.job

[2010/06/04 15:16:34 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010/06/04 15:16:33 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll

[2010/06/04 15:16:33 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll

[2010/06/04 14:30:17 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Paint Shop Pro 7.lnk

[2010/06/04 10:49:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/04 10:08:43 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/06/04 10:06:33 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Judith\Desktop\Combo-Fix3.exe

[2010/06/04 06:37:56 | 004,317,666 | -H-- | M] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\IconCache.db

[2010/06/04 02:17:00 | 000,092,290 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG

[2010/06/04 01:49:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe

[2010/06/03 22:09:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2010/06/03 19:04:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Judith\ntuser.ini

[2010/06/03 18:21:14 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp

[2010/06/03 17:58:11 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Google Chrome.lnk

[2010/06/03 17:56:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/03 13:05:27 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt

[2010/06/03 10:55:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003Core.job

[2010/05/26 13:20:07 | 000,021,082 | ---- | M] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/04 10:08:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/06/04 10:08:42 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/04 02:17:00 | 000,092,290 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG

[2010/06/04 01:49:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe

[2010/06/03 22:09:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2010/06/03 18:21:14 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp

[2010/06/03 13:05:27 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt

[2010/05/26 13:20:07 | 000,021,082 | ---- | C] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx

[2010/05/18 18:13:23 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Judith\avgrep.txt

[2010/02/17 21:53:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010/01/24 03:16:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2010/01/17 10:11:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/11/17 13:04:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2009/11/17 13:04:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2009/11/16 16:16:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/11/16 08:33:41 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009/11/16 08:16:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/11/16 06:50:12 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2006/07/30 22:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini

[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

< End of report >

Link to post
Share on other sites

Lets check out with the following steps your internet settings are correct and see if "your" google is indeed the legit one :P

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

Link to post
Share on other sites

Windows IP Configuration

Host Name . . . . . . . . . . . . : judith-1c7e16c3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-E6-88-70

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Saturday, June 05, 2010 10:00:25 AM

Lease Expires . . . . . . . . . . : Saturday, June 12, 2010 10:00:25 AM

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 192.168.0.1

Name: google.com

Addresses: 74.125.53.106, 74.125.53.105, 74.125.53.99, 74.125.53.103

74.125.53.104, 74.125.53.147

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 192.168.0.1

Name: yahoo.com

Addresses: 209.191.122.70, 69.147.125.65, 72.30.2.43, 67.195.160.76

98.137.149.56

Pinging google.com [74.125.53.147] with 32 bytes of data:

Reply from 74.125.53.147: bytes=32 time=65ms TTL=53

Reply from 74.125.53.147: bytes=32 time=76ms TTL=53

Ping statistics for 74.125.53.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 65ms, Maximum = 76ms, Average = 70ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=85ms TTL=54

Reply from 98.137.149.56: bytes=32 time=88ms TTL=54

Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 88ms, Average = 86ms

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 11 11 e6 88 70 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20

192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20

224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20

255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1

Default Gateway: 192.168.0.1

===========================================================================

Persistent Routes:

None

Link to post
Share on other sites

Yes I do have a router but I have never set it and when I purchased it , I was told not to do any thing to it. I also called the company and was told the same thing , just a few days ago. But the Google looks very strange and there was a problem you may have helped me get rid of . That was the fudog program and I think that came in the back door of paint shopPro 7 and not only was used but the person even made a order form to purchase candy-eye for PaintShop Pro in my computer. I saw that and deleted it a few weeks ago , but continued to have problems and get disconneced. That PaintShop order form was also part of a folder or file that said logging in from Germany.

Link to post
Share on other sites

Hi again,

FuDog is related to Yahoo SearchProtection and is not malware.

Your google page is the right one according to the IP address in the lookup we did. Could you please make a screenshot to show me what seems "not right" about it?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.