playclue Posted June 4, 2010 ID:261526 Share Posted June 4, 2010 for a few days now I have had connection problems and if I unplug my computer it helps some of the time. I would like to know if this has to do with Google and Microsoft departing or divorcing. I have Clear.com and should be using Google. My mail is coming back to me and trashing. I just deleted all the filters to see if that would help . I run XP Pro , use modem and router. Need to remove recently discontinued McAfee that was constantly interrupted . I love this program and hope to get some help. Mine is a purchased version. Link to post Share on other sites More sharing options...
Elise Posted June 4, 2010 ID:261595 Share Posted June 4, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER log Link to post Share on other sites More sharing options...
playclue Posted June 4, 2010 Author ID:261664 Share Posted June 4, 2010 I need to remove McAfee, the renewal was in May 2010 and I didn't purchase it again. Recent Add/Remove programs that I am aware of are McAfee, SuperAntiSpyware free version in order to down load the purchased version. The web would not come up and has been doint that for several weeks, I am the sole user . No one but me uses this home computer, and I am not in a work group. I do not run a server, and have been on Facebook sense December 2009. My email has been comprimised, and sent bills to programs I never owned or used ( to my knowledge) . I had to shut my computer down manually after the attacheed scan was finished. There was the End Program Error Message requesting to cancle the log off or I would lose information. I pressed "End Program Now" and then another End Error Message popped up and that was "End Program Connections Tray" I then pressed the off button and held it until the computer shut down. Log attached OTL logfile created on: 6/4/2010 2:22:56 AM - Run 2OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Judith\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,022.00 Mb Total Physical Memory | 701.00 Mb Available Physical Memory | 69.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 54.91 Gb Free Space | 73.68% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: JUDITH-1C7E16C3Current User Name: JudithLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/06/04 01:48:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exePRC - [2010/04/24 10:49:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Judith\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exePRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exePRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/12/06 05:09:30 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exePRC - [2005/09/21 16:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXEPRC - [2005/09/21 11:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE========== Modules (SafeList) ==========MOD - [2010/06/04 01:48:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exeMOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®========== Driver Services (SafeList) ==========DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2004/12/10 23:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel®DRV - [2004/06/07 11:43:51 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®DRV - [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comIE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.comIE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========[2010/06/03 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions[2010/06/03 18:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions[2010/06/03 18:11:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}O1 HOSTS File: ([2010/02/02 13:13:32 | 000,000,685 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTSO1 - Hosts: 127.0.0.1 localhostO4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)O24 - Desktop WallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/11/16 06:38:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/06/04 01:48:16 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\SUPERAntiSpyware.com[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com[2010/06/03 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2010/06/03 22:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpywarePro[2010/06/03 21:55:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Judith\Recent[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Local Settings\Application Data\Mozilla[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\Mozilla[2010/06/03 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2010/06/03 17:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google[2010/05/06 18:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/06/04 02:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F36817E0-CA3C-4786-A33B-28B8069AA52A}.job[2010/06/04 02:17:00 | 000,092,290 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG[2010/06/04 01:55:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003UA.job[2010/06/04 01:49:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe[2010/06/04 01:48:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe[2010/06/03 22:11:09 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Judith\ntuser.dat[2010/06/03 22:09:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk[2010/06/03 21:53:41 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010/06/03 21:53:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/06/03 21:53:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/06/03 21:53:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/06/03 19:04:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Judith\ntuser.ini[2010/06/03 18:21:14 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp[2010/06/03 17:58:11 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Google Chrome.lnk[2010/06/03 17:56:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/06/03 16:57:28 | 003,784,400 | -H-- | M] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\IconCache.db[2010/06/03 13:05:27 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt[2010/06/03 10:55:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003Core.job[2010/05/26 13:20:07 | 000,021,082 | ---- | M] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx[2010/05/13 23:29:42 | 000,131,296 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\whats wrong with this.JPG[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/06/04 02:17:00 | 000,092,290 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG[2010/06/04 01:49:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe[2010/06/03 22:09:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk[2010/06/03 18:21:14 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp[2010/06/03 13:05:27 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt[2010/05/26 13:20:07 | 000,021,082 | ---- | C] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx[2010/05/18 18:13:23 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Judith\avgrep.txt[2010/05/13 23:29:42 | 000,131,296 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\whats wrong with this.JPG[2010/02/17 21:53:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll[2010/01/24 03:16:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI[2010/01/17 10:11:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009/11/17 13:04:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll[2009/11/17 13:04:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll[2009/11/16 16:16:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2009/11/16 08:33:41 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll[2009/11/16 08:16:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2009/11/16 06:50:12 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll[2006/07/30 22:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI< End of report > Link to post Share on other sites More sharing options...
Elise Posted June 4, 2010 ID:261675 Share Posted June 4, 2010 Hello, please try to run GMER also, if it gives any trouble, try it with the Sections option only checked.Please rerun OTL, make sure under Extra Registry Use Safelist is checked and rerun the scan. This will create extra.txt. Please post that in your next reply.If you have any trouble with the scans, just let me know Link to post Share on other sites More sharing options...
playclue Posted June 4, 2010 Author ID:261732 Share Posted June 4, 2010 Extras, for OTL . I did run GMER but do not see a log for it. OTL Extras logfile created on: 6/4/2010 2:06:36 AM - Run 1OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Judith\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,022.00 Mb Total Physical Memory | 712.00 Mb Available Physical Memory | 70.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 54.91 Gb Free Space | 73.68% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: JUDITH-1C7E16C3Current User Name: JudithLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}" = XMLinst"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"CCleaner" = CCleaner"Defraggler" = Defraggler"Diablo" = Diablo"Diablo II" = Diablo II"HijackThis" = HijackThis 2.0.2"HOMESTUDENTR" = Microsoft Office Home and Student 2007"HP Imaging Device Functions" = HP Imaging Device Functions 7.0"HP Officejet All-In-One Series" = HP Officejet All-In-One Series"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0"HPExtendedCapabilities" = HP Customer Participation Program 7.0"HPOCR" = OCR Software by I.R.I.S 7.0"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie8" = Windows Internet Explorer 8"Intel® 536EP Modem" = Intel® 536EP Modem"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"Nero - Burning Rom!UninstallKey" = Nero OEM"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Drivers" = NVIDIA Drivers"PROSet" = Intel® PRO Network Adapters and Drivers"Talisman Online_is1" = Talisman Online Ver.1578"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"Yahoo! Search Defender" = Yahoo! Search Protection"YInstHelper" = Yahoo! Install Manager========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Diablo" = Diablo"Google Chrome" = Google Chrome========== Last 10 Event Log Errors ==========[ Application Events ]Error - 6/1/2010 7:30:56 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1001Description = Fault bucket 1180947459.Error - 6/3/2010 3:55:54 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 4:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 6:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:16:34 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:26:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:27:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:30:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1002Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 6/3/2010 8:32:15 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:34:40 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = [ System Events ]Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. < End of report >========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}" = XMLinst"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"CCleaner" = CCleaner"Defraggler" = Defraggler"Diablo" = Diablo"Diablo II" = Diablo II"HijackThis" = HijackThis 2.0.2"HOMESTUDENTR" = Microsoft Office Home and Student 2007"HP Imaging Device Functions" = HP Imaging Device Functions 7.0"HP Officejet All-In-One Series" = HP Officejet All-In-One Series"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0"HPExtendedCapabilities" = HP Customer Participation Program 7.0"HPOCR" = OCR Software by I.R.I.S 7.0"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie8" = Windows Internet Explorer 8"Intel® 536EP Modem" = Intel® 536EP Modem"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"Nero - Burning Rom!UninstallKey" = Nero OEM"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Drivers" = NVIDIA Drivers"PROSet" = Intel® PRO Network Adapters and Drivers"Talisman Online_is1" = Talisman Online Ver.1578"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"Yahoo! Search Defender" = Yahoo! Search Protection"YInstHelper" = Yahoo! Install Manager========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Diablo" = Diablo"Google Chrome" = Google Chrome========== Last 10 Event Log Errors ==========[ Application Events ]Error - 6/1/2010 7:30:56 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1001Description = Fault bucket 1180947459.Error - 6/3/2010 3:55:54 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 4:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 6:55:55 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:16:34 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:26:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:27:30 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:30:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = Application Hang | ID = 1002Description = Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 6/3/2010 8:32:15 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = Error - 6/3/2010 8:34:40 PM | Computer Name = JUDITH-1C7E16C3 | Source = Google Update | ID = 20Description = [ System Events ]Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 8:30:38 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 8:52:53 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 6/3/2010 10:06:23 PM | Computer Name = JUDITH-1C7E16C3 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. < End of report > Link to post Share on other sites More sharing options...
Elise Posted June 4, 2010 ID:261744 Share Posted June 4, 2010 Hello again,COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
playclue Posted June 4, 2010 Author ID:261860 Share Posted June 4, 2010 The computer is getting worse. I can hardly typeComboFix 10-06-03.01 - Judith 06/04/2010 10:10:22.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.646 [GMT -7:00]Running from: c:\documents and settings\Judith\Desktop\Combo-Fix3.exe.((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 ))))))))))))))))))))))))))))))).2010-06-04 05:09 . 2010-06-04 05:09 63488 ----a-w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll2010-06-04 05:09 . 2010-06-04 05:09 52224 ----a-w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll2010-06-04 05:09 . 2010-06-04 05:09 117760 ----a-w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL2010-06-04 05:09 . 2010-06-04 05:09 -------- d-----w- c:\documents and settings\Judith\Application Data\SUPERAntiSpyware.com2010-06-04 05:09 . 2010-06-04 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2010-06-04 05:08 . 2010-06-04 05:09 -------- d-----w- c:\program files\SUPERAntiSpyware2010-06-04 05:06 . 2010-06-04 05:06 -------- d-----w- c:\program files\SUPERAntiSpywarePro2010-06-04 01:12 . 2010-06-04 01:12 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe2010-06-04 01:12 . 2010-06-04 01:12 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe2010-06-04 01:09 . 2010-06-04 01:09 -------- d-----w- c:\documents and settings\Judith\Local Settings\Application Data\Mozilla2010-06-04 00:14 . 2010-06-04 00:14 -------- d-----w- c:\windows\system32\wbem\Repository2010-05-07 01:12 . 2010-05-07 01:12 -------- d-----w- c:\windows\McAfee.com.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-06-04 01:12 . 2009-11-16 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-06-04 00:56 . 2009-11-16 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-06-04 00:52 . 2009-12-20 00:17 -------- d-----w- c:\program files\Google2010-06-04 00:15 . 2010-04-24 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-04 00:14 . 2009-11-16 16:14 -------- d-----w- c:\program files\TalismanOnline2010-06-04 00:13 . 2010-01-28 01:14 -------- d-----w- c:\program files\Common Files\Adobe2010-05-10 22:14 . 2009-11-16 21:28 -------- d-----w- c:\program files\Diablo II2010-05-08 19:45 . 2009-11-17 22:13 -------- d-----w- c:\documents and settings\Judith\Application Data\HpUpdate2010-05-01 18:26 . 2009-11-16 15:30 -------- d-----w- c:\program files\HP2010-04-26 23:23 . 2010-04-26 23:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee2010-04-26 04:42 . 2010-02-17 22:01 -------- d-----w- c:\documents and settings\Judith\Application Data\Malwarebytes2010-04-26 04:42 . 2010-02-17 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-04-25 01:28 . 2010-04-25 01:28 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe2010-04-24 23:58 . 2009-11-16 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2010-04-24 23:57 . 2010-04-24 23:17 -------- d-----w- c:\program files\Windows Installer Clean Up2010-04-24 23:21 . 2010-04-24 23:21 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe2010-04-24 23:17 . 2010-04-24 23:17 3584 ----a-r- c:\documents and settings\Judith\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe2010-04-24 23:16 . 2010-04-24 23:16 -------- d-----w- c:\program files\MSECACHE2010-04-24 23:05 . 2009-11-16 22:54 -------- d-----w- c:\program files\Common Files\Adobe AIR2010-04-24 23:04 . 2010-04-24 23:04 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe2010-04-24 17:48 . 2010-04-24 17:48 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP2010-04-24 17:45 . 2009-11-16 16:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore2010-04-24 17:43 . 2010-04-24 17:43 -------- d-----w- c:\program files\Defraggler2010-04-24 17:42 . 2010-03-26 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion2010-04-24 17:37 . 2010-04-18 10:13 -------- d-----w- c:\program files\Windows Live2010-04-24 17:37 . 2010-04-18 10:14 -------- d-----w- c:\program files\Microsoft2010-04-24 17:37 . 2010-04-18 10:18 -------- d-----w- c:\program files\Microsoft Silverlight2010-04-18 10:17 . 2010-04-18 10:17 -------- d-----w- c:\program files\Microsoft Sync Framework2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition2010-04-18 09:58 . 2010-04-18 09:58 -------- d-----w- c:\program files\Common Files\Windows Live2010-03-30 07:46 . 2010-04-26 04:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-30 07:45 . 2010-04-26 04:42 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-23 20:21 . 2010-03-23 20:21 0 ----a-w- c:\windows\nsreg.dat2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll.((((((((((((((((((((((((((((( SnapShot@2010-02-16_00.55.56 ))))))))))))))))))))))))))))))))))))))))).- 2009-11-16 14:15 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe+ 2009-11-16 14:15 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe- 2009-11-17 20:04 . 2010-01-29 08:15 21840 c:\windows\system32\SIntfNT.dll+ 2009-11-17 20:04 . 2010-03-02 09:18 21840 c:\windows\system32\SIntfNT.dll+ 2009-11-17 20:04 . 2010-03-02 09:18 17212 c:\windows\system32\SIntf32.dll- 2009-11-17 20:04 . 2010-01-29 08:15 17212 c:\windows\system32\SIntf32.dll+ 2010-02-18 04:53 . 2010-03-02 09:18 12067 c:\windows\system32\SIntf16.dll+ 2004-08-04 12:00 . 2010-04-24 17:48 71524 c:\windows\system32\perfc009.dat+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll+ 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll- 2004-08-04 12:00 . 2008-04-14 13:42 11264 c:\windows\system32\msrle32.dll- 2007-08-14 02:54 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll+ 2007-08-14 02:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll- 2010-01-28 01:26 . 2010-01-28 01:26 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe+ 2010-06-04 01:12 . 2010-06-04 01:12 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe+ 2010-04-25 01:28 . 2010-04-25 01:28 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe- 2010-01-28 02:12 . 2010-01-28 02:12 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe- 2004-08-04 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll+ 2004-08-04 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll- 2010-01-17 07:56 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll+ 2010-01-17 07:56 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll+ 2009-11-16 14:23 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll- 2009-11-16 14:23 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll+ 2007-08-14 02:54 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll- 2007-08-14 02:54 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll+ 2004-08-04 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll+ 2010-02-16 02:37 . 2010-04-24 18:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat- 2009-11-16 13:42 . 2010-02-15 23:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat+ 2009-11-16 13:42 . 2010-04-24 18:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat- 2009-11-16 13:42 . 2010-02-15 23:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat+ 2010-02-16 02:37 . 2010-04-24 18:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat+ 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll+ 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll- 2004-08-04 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll- 2009-11-16 15:21 . 2010-01-17 17:47 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe- 2009-11-16 15:21 . 2010-01-17 17:47 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe- 2009-11-16 15:21 . 2010-01-17 17:47 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe+ 2009-12-22 04:09 . 2009-12-22 04:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll+ 2009-12-22 09:57 . 2009-12-22 09:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe+ 2009-12-22 04:02 . 2009-12-22 04:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll+ 2009-12-22 07:21 . 2009-12-22 07:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe+ 2009-12-22 07:37 . 2009-12-22 07:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe+ 2009-12-22 02:39 . 2009-12-22 02:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe+ 2009-12-22 02:27 . 2009-12-22 02:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll+ 2009-12-22 02:27 . 2009-12-22 02:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll+ 2008-10-25 16:18 . 2008-10-25 16:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL+ 2008-10-25 16:18 . 2008-10-25 16:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE+ 2010-04-24 18:49 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll+ 2010-03-03 08:07 . 2010-03-03 08:07 81920 c:\windows\ALCFDRTM.EXE+ 2010-04-24 18:48 . 2008-04-14 13:41 84480 c:\windows\$NtUninstallKB979309$\cabview.dll+ 2010-02-24 15:42 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe+ 2010-02-24 15:42 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll+ 2010-02-16 17:43 . 2008-04-14 13:41 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll+ 2010-02-16 17:42 . 2004-08-04 12:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll+ 2010-02-16 17:42 . 2008-04-14 13:42 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll+ 2010-02-16 17:42 . 2008-04-14 13:41 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll+ 2010-02-16 17:42 . 2009-06-10 14:13 84992 c:\windows\$NtUninstallKB977914$\avifil32.dll+ 2010-02-16 17:42 . 2008-04-14 13:42 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll+ 2010-04-24 18:53 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll+ 2010-04-24 18:53 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980182-IE8\update\spcustom.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980182-IE8\spmsg.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 12800 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\xpshims.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 55296 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeedsbs.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 25600 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\jsproxy.dll+ 2010-04-24 18:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll+ 2010-04-24 17:52 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll+ 2010-04-24 18:53 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll+ 2010-04-24 18:48 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll+ 2010-04-24 18:48 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978706\spmsg.dll+ 2010-04-24 18:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll+ 2010-04-24 18:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll+ 2010-02-16 17:44 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll+ 2010-02-16 17:44 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978262\spmsg.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978251\spmsg.dll+ 2010-02-16 17:43 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll+ 2010-02-16 17:43 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978037\spmsg.dll+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977914\spmsg.dll+ 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll+ 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll+ 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll+ 2009-11-27 16:28 . 2009-11-27 16:28 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll+ 2010-02-17 09:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977165\update\spcustom.dll+ 2010-02-17 09:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977165\spmsg.dll+ 2010-02-24 15:42 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll+ 2010-02-24 15:42 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975713\spmsg.dll+ 2010-04-24 18:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll+ 2010-04-24 18:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975560\spmsg.dll+ 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll+ 2010-02-16 17:44 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll+ 2010-02-16 17:44 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971468\spmsg.dll+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll+ 2010-05-23 04:20 . 2010-05-23 04:24 2828 c:\windows\SoftwareDistribution\EventCache\{7BE3BAA0-F785-40B8-A5EC-F06ECB86CF60}.bin+ 2010-01-15 03:21 . 2010-01-15 03:21 5644 c:\windows\McAfee.com\FreeScan\config.dat+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll+ 2010-02-16 17:42 . 2004-08-04 12:00 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll+ 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll- 2007-11-07 10:19 . 2007-11-07 10:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll+ 2007-11-07 08:19 . 2007-11-07 10:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll- 2007-11-07 10:19 . 2007-11-07 10:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll+ 2007-11-07 08:19 . 2007-11-07 10:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll+ 2007-11-07 03:23 . 2007-11-07 05:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll- 2007-11-07 05:23 . 2007-11-07 05:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll- 2008-10-25 05:15 . 2006-12-02 06:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll+ 2006-12-02 05:54 . 2006-12-02 06:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll+ 2006-12-02 05:54 . 2006-12-02 06:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll- 2008-10-25 05:15 . 2006-12-02 06:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll+ 2006-12-02 05:54 . 2006-12-02 06:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll- 2008-10-25 05:15 . 2006-12-02 06:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll- 2006-10-26 21:40 . 2006-10-26 21:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll+ 2005-09-23 05:48 . 2006-10-26 21:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll- 2006-10-26 21:40 . 2006-10-26 21:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll+ 2005-09-23 05:48 . 2006-10-26 21:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll+ 2005-09-23 05:48 . 2006-10-26 21:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll- 2006-10-26 21:40 . 2006-10-26 21:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll+ 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll+ 2004-08-04 12:00 . 2008-04-14 13:42 176640 c:\windows\system32\wintrust(3).dll+ 2004-08-04 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll- 2004-08-04 12:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet.dll+ 2004-08-04 12:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet(7).dll+ 2004-08-04 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\wininet(4)(2).dll+ 2004-08-04 12:00 . 2009-03-08 12:33 420352 c:\windows\system32\vbscript(2).dll- 2004-08-04 12:00 . 2008-04-14 13:42 474112 c:\windows\system32\shlwapi.dll+ 2004-08-04 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll+ 2004-08-04 12:00 . 2010-04-24 17:48 441764 c:\windows\system32\perfh009.dat- 2004-08-04 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll+ 2004-08-04 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll+ 2004-08-04 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll- 2004-08-04 12:00 . 2009-03-08 12:32 611840 c:\windows\system32\mstime.dll- 2009-11-16 13:35 . 2008-04-14 13:42 343040 c:\windows\system32\mspaint.exe+ 2009-11-16 13:35 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe- 2007-08-14 02:54 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll+ 2007-08-14 02:54 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe- 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll+ 2004-08-04 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll+ 2009-11-16 13:36 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll- 2009-11-16 13:36 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll+ 2004-08-04 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll- 2004-08-04 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll+ 2004-08-04 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll- 2004-08-04 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll- 2004-08-04 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe+ 2004-08-04 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe+ 2004-08-04 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys+ 2004-08-04 12:00 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys+ 2004-08-04 12:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll+ 2007-08-14 02:54 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll- 2007-08-14 02:54 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll+ 2007-08-14 02:54 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll- 2007-08-14 02:54 . 2009-03-08 12:33 420352 c:\windows\system32\dllcache\vbscript.dll+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys+ 2009-11-16 14:47 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys- 2006-09-23 21:12 . 2006-09-23 21:12 474112 c:\windows\system32\dllcache\shlwapi.dll+ 2006-09-23 21:12 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll+ 2007-08-14 02:44 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll- 2007-08-14 02:44 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll+ 2007-08-14 02:54 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll- 2007-08-14 02:54 . 2009-03-08 12:32 611840 c:\windows\system32\dllcache\mstime.dll+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe- 2009-11-16 14:23 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll+ 2009-11-16 14:23 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll+ 2009-11-16 14:46 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys+ 2007-08-14 02:38 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll- 2007-08-14 02:38 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll- 2009-11-16 14:46 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll+ 2009-11-16 14:46 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll+ 2010-01-17 07:56 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll+ 2007-08-14 02:54 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll- 2007-08-14 02:54 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll- 2007-08-14 02:39 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2007-08-14 02:39 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2007-08-14 02:39 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe- 2007-08-14 02:39 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll+ 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll+ 2010-05-06 12:40 . 2010-05-06 12:40 382361 c:\windows\McAfee.com\FreeScan\avvnames.dat+ 2010-05-06 12:40 . 2010-05-06 12:40 473873 c:\windows\McAfee.com\FreeScan\avvclean.dat+ 2001-07-13 14:04 . 2001-07-13 14:04 253952 c:\windows\Jasc Media Center Plus.scr- 2001-07-13 15:04 . 2001-07-13 15:04 253952 c:\windows\Jasc Media Center Plus.scr+ 2010-04-24 23:17 . 2010-04-24 23:17 472064 c:\windows\Installer\92874.msi- 2009-11-16 15:21 . 2010-01-17 17:47 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe- 2009-11-16 15:21 . 2010-01-17 17:47 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe- 2009-11-16 15:21 . 2010-01-17 17:47 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe- 2009-11-16 15:21 . 2010-01-17 17:47 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe+ 2009-12-22 02:35 . 2009-12-22 02:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll+ 2009-12-22 04:05 . 2009-12-22 04:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe+ 2009-12-22 02:34 . 2009-12-22 02:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll+ 2009-11-10 03:18 . 2009-11-10 03:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll+ 2009-12-22 04:02 . 2009-12-22 04:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe+ 2009-12-22 02:43 . 2009-12-22 02:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll+ 2009-12-22 09:57 . 2009-12-22 09:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe+ 2009-12-22 02:15 . 2009-12-22 02:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll+ 2009-12-22 03:32 . 2009-12-22 03:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe+ 2009-12-22 03:15 . 2009-12-22 03:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe+ 2008-10-25 15:52 . 2008-10-25 15:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL+ 2008-10-25 15:52 . 2008-10-25 15:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL+ 2010-04-24 18:49 . 2009-03-08 12:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe+ 2010-04-24 18:49 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe+ 2010-04-24 18:49 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll+ 2010-04-24 18:49 . 2009-03-08 12:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll+ 2010-04-24 18:49 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe+ 2010-02-24 15:42 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll+ 2010-02-24 15:42 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe+ 2010-02-24 15:42 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll+ 2009-11-16 14:46 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys+ 2009-05-14 22:41 . 2009-05-14 22:41 380144 c:\windows\Downloaded Program Files\sabspx.dll+ 2010-04-24 18:53 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll+ 2010-04-24 18:53 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe+ 2010-04-24 18:53 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys+ 2010-04-24 18:53 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll+ 2010-04-24 18:53 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe+ 2010-04-24 18:48 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll+ 2010-04-24 18:48 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe+ 2010-02-24 15:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll+ 2010-02-24 15:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2008-04-14 13:42 343040 c:\windows\$NtUninstallKB978706$\mspaint.exe+ 2010-04-24 18:50 . 2008-04-14 13:42 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe+ 2010-04-24 18:50 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe+ 2010-04-24 18:50 . 2008-04-14 13:41 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll+ 2010-02-16 17:44 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll+ 2010-02-16 17:44 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys+ 2010-02-16 17:43 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll+ 2010-02-16 17:43 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe+ 2010-02-17 09:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll+ 2010-02-17 09:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2008-04-14 13:42 474112 c:\windows\$NtUninstallKB975713$\shlwapi.dll+ 2010-04-24 18:50 . 2009-05-27 00:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe+ 2010-02-16 17:44 . 2008-12-11 10:57 333952 c:\windows\$NtUninstallKB971468$\srv.sys+ 2010-02-16 17:44 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll+ 2010-02-16 17:44 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981332-IE8\update\update.exe+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe+ 2010-04-24 17:50 . 2010-03-10 06:18 420352 c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll+ 2010-04-24 18:53 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll+ 2010-04-24 18:53 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe+ 2010-04-24 18:53 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe+ 2010-04-24 17:52 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys+ 2010-04-24 18:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980182-IE8\update\updspapi.dll+ 2010-04-24 18:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980182-IE8\update\update.exe+ 2010-04-24 18:49 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980182-IE8\spuninst.exe+ 2010-04-24 17:50 . 2010-02-25 06:19 919040 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 206848 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\occache.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 611840 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mstime.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 594432 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeeds.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 247808 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieproxy.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 184320 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iepeers.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 387584 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iedkcs32.dll+ 2010-04-24 17:50 . 2010-02-24 09:34 173056 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ie4uinit.exe+ 2010-04-24 18:53 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll+ 2010-04-24 18:53 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe+ 2010-04-24 18:53 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe+ 2010-04-24 18:48 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll+ 2010-04-24 18:48 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe+ 2010-04-24 18:48 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978706\update\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978706\update\update.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978706\spuninst.exe+ 2009-12-16 18:27 . 2009-12-16 18:27 343040 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll+ 2010-02-16 17:44 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978262\update\updspapi.dll+ 2010-02-16 17:44 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978262\update\update.exe+ 2010-02-16 17:44 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978262\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978251\update\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978251\update\update.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978251\spuninst.exe+ 2010-02-10 03:46 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys+ 2010-02-16 17:43 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978037\update\updspapi.dll+ 2010-02-16 17:43 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978037\update\update.exe+ 2010-02-16 17:43 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978037\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977914\update\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977914\update\update.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977914\spuninst.exe+ 2010-04-24 18:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll+ 2010-04-24 18:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe+ 2010-04-24 18:50 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe+ 2010-02-17 09:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977165\update\updspapi.dll+ 2010-02-17 09:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977165\update\update.exe+ 2010-02-17 09:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977165\spuninst.exe+ 2010-02-24 15:42 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll+ 2010-02-24 15:42 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe+ 2010-02-24 15:42 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe+ 2010-02-24 15:38 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975713\update\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975713\update\update.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975713\spuninst.exe+ 2009-12-08 09:01 . 2009-12-08 09:01 474112 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll+ 2010-04-24 18:50 . 2009-05-27 00:10 382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll+ 2010-04-24 18:50 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB975561\update\update.exe+ 2010-04-24 18:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975561\spuninst.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975560\update\updspapi.dll+ 2010-02-16 17:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975560\update\update.exe+ 2010-02-16 17:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975560\spuninst.exe+ 2010-02-16 17:44 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971468\update\updspapi.dll+ 2010-02-16 17:44 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971468\update\update.exe+ 2010-02-16 17:44 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971468\spuninst.exe+ 2010-02-10 03:47 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys+ 2004-08-04 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll+ 2004-08-04 12:00 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon(6).dll+ 2004-08-04 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon(2)(3).dll+ 2004-08-04 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll+ 2004-08-04 12:00 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe+ 2004-08-03 22:59 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe+ 2004-08-04 12:00 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll+ 2007-08-14 02:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll- 2007-08-14 02:34 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll+ 2007-08-14 02:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil(2)(3).dll+ 2007-08-14 02:54 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll+ 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll+ 2009-11-16 14:47 . 2010-02-17 16:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe+ 2009-11-16 14:47 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe+ 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe+ 2009-11-16 14:47 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe+ 2009-11-16 14:49 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll- 2009-11-16 14:49 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll+ 2007-08-14 02:54 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll+ 2010-04-24 17:52 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe- 2009-11-16 14:23 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll+ 2009-11-16 14:23 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll+ 2010-02-05 00:24 . 2010-02-05 00:24 9122304 c:\windows\Installer\e1857.msp+ 2010-02-21 08:00 . 2010-02-21 08:00 8480768 c:\windows\Installer\e1846.msp+ 2010-04-25 01:34 . 2010-04-25 01:34 3940352 c:\windows\Installer\b544c.msi+ 2010-04-27 22:43 . 2010-04-27 22:43 1523712 c:\windows\Installer\944b95.msi+ 2010-02-05 01:24 . 2010-02-05 01:24 9122304 c:\windows\Installer\7b3eb29.msp+ 2010-02-21 09:00 . 2010-02-21 09:00 8480768 c:\windows\Installer\7b3eb18.msp+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\653973.msp+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\54ee2.msp+ 2010-02-21 08:03 . 2010-02-21 08:03 4472832 c:\windows\Installer\4410d91.msp+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\3d8ad.msp+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\399df.msp+ 2010-02-21 08:03 . 2010-02-21 08:03 4472832 c:\windows\Installer\376a6f.msp+ 2010-02-05 00:24 . 2010-02-05 00:24 9122304 c:\windows\Installer\376a58.msp+ 2010-02-21 08:00 . 2010-02-21 08:00 8480768 c:\windows\Installer\376a47.msp+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\21d8092.msp- 2009-11-16 15:21 . 2010-01-17 17:47 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe+ 2009-11-16 15:21 . 2010-06-04 00:56 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe+ 2009-12-22 02:29 . 2009-12-22 02:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll+ 2009-12-22 02:00 . 2009-12-22 02:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JSByteCodeWin.bin+ 2009-12-22 07:31 . 2009-12-22 07:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll+ 2008-08-26 06:50 . 2008-08-26 06:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL+ 2009-03-06 12:00 . 2009-03-06 12:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL+ 2008-11-10 18:49 . 2008-11-10 18:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL+ 2008-11-25 06:16 . 2008-11-25 06:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE+ 2010-04-24 18:49 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll+ 2010-04-24 18:49 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll+ 2009-11-16 14:47 . 2010-02-17 16:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe+ 2009-11-16 14:47 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe+ 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe+ 2009-11-16 14:47 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe+ 2010-04-24 18:53 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe+ 2010-04-24 18:53 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe+ 2010-04-24 18:53 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe+ 2010-04-24 18:53 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe+ 2010-02-17 09:05 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB977165$\ntoskrnl.exe+ 2010-02-17 09:05 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB977165$\ntkrpamp.exe+ 2010-02-17 09:05 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe+ 2010-02-17 09:05 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe+ 2010-04-24 18:50 . 2008-04-14 13:42 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe+ 2010-02-16 17:42 . 2009-06-03 19:09 1291264 c:\windows\$NtUninstallKB975560$\quartz.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 1209856 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\urlmon.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 5946880 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 1986048 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iertutil.dll+ 2010-04-24 17:52 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe+ 2010-04-24 17:52 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe+ 2010-04-24 17:52 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe+ 2010-04-24 17:52 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe+ 2009-12-09 07:52 . 2009-12-09 07:52 2189312 c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe+ 2010-02-10 03:45 . 2009-12-08 17:40 2023936 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrpamp.exe+ 2009-12-09 07:10 . 2009-12-09 07:10 2066176 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe+ 2010-02-10 03:46 . 2009-12-08 18:20 2145280 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlmp.exe+ 2010-04-24 17:52 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe+ 2009-11-27 17:23 . 2009-11-27 17:23 1291776 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll+ 2009-12-26 18:38 . 2010-06-04 00:14 33643420 c:\windows\system32\Restore\rstrlog.dat+ 2009-11-16 14:23 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe+ 2007-08-14 02:54 . 2010-02-25 18:54 11070976 c:\windows\system32\ieframe.dll+ 2007-08-14 02:54 . 2010-02-25 18:54 11070976 c:\windows\system32\ieframe(2)(3).dll+ 2009-11-16 14:23 . 2010-02-25 18:54 11070976 c:\windows\system32\dllcache\ieframe.dll+ 2010-05-06 12:40 . 2010-05-06 12:40 65725606 c:\windows\McAfee.com\FreeScan\avvscan.dat+ 2010-04-18 10:18 . 2010-04-18 10:18 15706112 c:\windows\Installer\def5cf.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\b54ed.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\927f3.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\92771.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\926d6.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\92658.msp+ 2010-03-22 23:03 . 2010-03-22 23:03 11732992 c:\windows\Installer\4410da2.msp+ 2010-03-22 23:03 . 2010-03-22 23:03 11732992 c:\windows\Installer\376a80.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\3769ba.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\3585bc.msp+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\1ab1f.msp+ 2010-04-18 12:02 . 2010-04-18 12:02 15710720 c:\windows\Installer\14324e0.msp+ 2009-12-22 07:21 . 2009-12-22 07:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll+ 2009-04-04 02:46 . 2009-04-04 02:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL+ 2010-04-24 18:49 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll+ 2010-04-24 17:50 . 2010-02-25 06:19 11073024 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieframe.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]"Google Update"="c:\documents and settings\Judith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-28 86016]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]c:\documents and settings\Judith\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-11-16 344064][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/25/2010 9:42 PM 303952]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2010 9:42 PM 20824]--- Other Services/Drivers In Memory ---*Deregistered* - kwdoqaoc[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12getPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003Core.job- c:\documents and settings\Judith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 22:09]2010-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003UA.job- c:\documents and settings\Judith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 22:09]2010-06-04 c:\windows\Tasks\User_Feed_Synchronization-{F36817E0-CA3C-4786-A33B-28B8069AA52A}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]..------- Supplementary Scan -------.uStart Page = https://www.google.commStart Page = hxxp://www.yahoo.comuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000.- - - - ORPHANS REMOVED - - - -SafeBoot-mcmscsvcSafeBoot-MCODS**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-06-04 10:48Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(740)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(656)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2010-06-04 11:03:08ComboFix-quarantined-files.txt 2010-06-04 18:02Pre-Run: 59,109,179,392 bytes freePost-Run: 59,105,267,712 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 2B9F148B067A0A17D44A7C4E72561516 Link to post Share on other sites More sharing options...
Elise Posted June 4, 2010 ID:261871 Share Posted June 4, 2010 At this point, what exactly makes the computer hard to work with? Is it slow, unstable or something else?I am asking because I see no trace whatsoever of malware here (it is not said it isn't there, therefore I need an as detailed description as possible about the exact issues you are having). Link to post Share on other sites More sharing options...
playclue Posted June 4, 2010 Author ID:261876 Share Posted June 4, 2010 Note please I don't know much about computers but after I ran GMER and then shut down I got a warning that all information in fudog would be lost, I can still see that in regedit and do not know what that means. The computer is extremely slow. I can hardly open Outlook and do not know If I was supposed to run Windows Install Clean up . There seems to be much that needs to be removed in that program . I also took a few snaps of things I think need attention . I didn't upload those, due to trying to wait for more instructions. Thank you for all your help. Link to post Share on other sites More sharing options...
playclue Posted June 4, 2010 Author ID:261890 Share Posted June 4, 2010 Outlook will not shut down right, the web will not shut down right and I have to turn off my computer manually. Link to post Share on other sites More sharing options...
Elise Posted June 5, 2010 ID:262083 Share Posted June 5, 2010 I also took a few snaps of things I think need attention . I didn't upload those, due to trying to wait for more instructions.That would be helpful If you have problems with uploading those snapshots, please let me know. Link to post Share on other sites More sharing options...
playclue Posted June 5, 2010 Author ID:262092 Share Posted June 5, 2010 Thank you, I was not sure if that was going to work, the Facebook upload program gave me script problems and I can't use that one now. Link to post Share on other sites More sharing options...
Elise Posted June 5, 2010 ID:262104 Share Posted June 5, 2010 Can you please delete that copy of OTL.exe, download a new one and see if you still get the Access Violation error? Link to post Share on other sites More sharing options...
playclue Posted June 5, 2010 Author ID:262324 Share Posted June 5, 2010 Please give me removal instructions. Also my Google web page looks like a faked one. Link to post Share on other sites More sharing options...
playclue Posted June 5, 2010 Author ID:262338 Share Posted June 5, 2010 OTL logfile created on: 6/5/2010 10:41:05 AM - Run 3OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Judith\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,022.00 Mb Total Physical Memory | 651.00 Mb Available Physical Memory | 64.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 54.99 Gb Free Space | 73.79% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: JUDITH-1C7E16C3Current User Name: JudithLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/06/05 10:38:03 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exePRC - [2010/04/24 10:49:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Judith\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exePRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exePRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/09/21 16:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXEPRC - [2005/09/21 11:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE========== Modules (SafeList) ==========MOD - [2010/06/05 10:38:03 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exeMOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®========== Driver Services (SafeList) ==========DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2004/12/10 23:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel®DRV - [2004/06/07 11:43:51 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®DRV - [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comIE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.comIE - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========[2010/06/03 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions[2010/06/03 18:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions[2010/06/03 18:11:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\co8d02mz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}O1 HOSTS File: ([2010/02/02 13:13:32 | 000,000,685 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTSO1 - Hosts: 127.0.0.1 localhostO4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\ab17d95b-93c1-4def-ba6d-9baadd12779a.com (SUPERAntiSpyware.com)O4 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\Judith\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-1547161642-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)O24 - Desktop WallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Judith\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/11/16 06:38:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/06/05 10:38:01 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe[2010/06/04 12:52:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010/06/04 11:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2010/06/04 10:08:39 | 000,000,000 | RHSD | C] -- C:\cmdcons[2010/06/04 02:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Desktop\Game Notes[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\SUPERAntiSpyware.com[2010/06/03 22:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com[2010/06/03 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2010/06/03 22:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpywarePro[2010/06/03 21:55:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Judith\Recent[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Local Settings\Application Data\Mozilla[2010/06/03 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\Mozilla[2010/06/03 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2010/06/03 17:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google[2010/05/06 18:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/06/05 10:39:17 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Judith\ntuser.dat[2010/06/05 10:38:03 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\Desktop\OTL.exe[2010/06/05 10:38:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F36817E0-CA3C-4786-A33B-28B8069AA52A}.job[2010/06/05 10:00:56 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010/06/05 10:00:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/06/05 10:00:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/06/05 10:00:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/06/04 23:55:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003UA.job[2010/06/04 15:16:34 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll[2010/06/04 15:16:33 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll[2010/06/04 15:16:33 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll[2010/06/04 14:30:17 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Paint Shop Pro 7.lnk[2010/06/04 10:49:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010/06/04 10:08:43 | 000,000,281 | RHS- | M] () -- C:\boot.ini[2010/06/04 10:06:33 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Judith\Desktop\Combo-Fix3.exe[2010/06/04 06:37:56 | 004,317,666 | -H-- | M] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\IconCache.db[2010/06/04 02:17:00 | 000,092,290 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG[2010/06/04 01:49:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe[2010/06/03 22:09:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk[2010/06/03 19:04:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Judith\ntuser.ini[2010/06/03 18:21:14 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp[2010/06/03 17:58:11 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Google Chrome.lnk[2010/06/03 17:56:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/06/03 13:05:27 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt[2010/06/03 10:55:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1645522239-839522115-1003Core.job[2010/05/26 13:20:07 | 000,021,082 | ---- | M] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/06/04 10:08:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2010/06/04 10:08:42 | 000,260,272 | ---- | C] () -- C:\cmldr[2010/06/04 02:17:00 | 000,092,290 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\access error message.JPG[2010/06/04 01:49:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\n5jbk5qw.exe[2010/06/03 22:09:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk[2010/06/03 18:21:14 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\Error code for winhtttpsendrequest.bmp[2010/06/03 13:05:27 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\stinger1001624.opt[2010/05/26 13:20:07 | 000,021,082 | ---- | C] () -- C:\Documents and Settings\Judith\My Documents\The Trial of the Templars.docx[2010/05/18 18:13:23 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Judith\avgrep.txt[2010/02/17 21:53:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll[2010/01/24 03:16:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI[2010/01/17 10:11:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009/11/17 13:04:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll[2009/11/17 13:04:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll[2009/11/16 16:16:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2009/11/16 08:33:41 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll[2009/11/16 08:16:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2009/11/16 06:50:12 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll[2006/07/30 22:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI< End of report > Link to post Share on other sites More sharing options...
Elise Posted June 5, 2010 ID:262409 Share Posted June 5, 2010 Lets check out with the following steps your internet settings are correct and see if "your" google is indeed the legit one Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.Click OK to exit the Properties and OK to exit the other windows as well.Now, click Start > Run and type cmd in the runbox.A command window will open. Type ipconfig /flushdns and press enter.Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:@echo off(ipconfig /allnslookup google.comnslookup yahoo.comping -n 2 google.comping -n 2 yahoo.comroute print) >>Log1.txtstart notepad Log1.txtdel %0Go to the File menu at the top of the Notepad and select Save as.Select save in: desktopFill in File name: test.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate and double-click tast.bat on the desktop.A notepad opens, copy and paste the content it (log1.txt) to your reply. Link to post Share on other sites More sharing options...
playclue Posted June 5, 2010 Author ID:262439 Share Posted June 5, 2010 There is nothing to highlight in the system tray Link to post Share on other sites More sharing options...
playclue Posted June 5, 2010 Author ID:262462 Share Posted June 5, 2010 This is what I see, it appears to be a workgroup Link to post Share on other sites More sharing options...
playclue Posted June 6, 2010 Author ID:262542 Share Posted June 6, 2010 This says I have or had a lease , I never had one Link to post Share on other sites More sharing options...
playclue Posted June 6, 2010 Author ID:262562 Share Posted June 6, 2010 Windows IP Configuration Host Name . . . . . . . . . . . . : judith-1c7e16c3 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-11-11-E6-88-70 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Saturday, June 05, 2010 10:00:25 AM Lease Expires . . . . . . . . . . : Saturday, June 12, 2010 10:00:25 AMDNS request timed out. timeout was 2 seconds.Server: UnKnownAddress: 192.168.0.1Name: google.comAddresses: 74.125.53.106, 74.125.53.105, 74.125.53.99, 74.125.53.103 74.125.53.104, 74.125.53.147DNS request timed out. timeout was 2 seconds.Server: UnKnownAddress: 192.168.0.1Name: yahoo.comAddresses: 209.191.122.70, 69.147.125.65, 72.30.2.43, 67.195.160.76 98.137.149.56Pinging google.com [74.125.53.147] with 32 bytes of data:Reply from 74.125.53.147: bytes=32 time=65ms TTL=53Reply from 74.125.53.147: bytes=32 time=76ms TTL=53Ping statistics for 74.125.53.147: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 65ms, Maximum = 76ms, Average = 70msPinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=85ms TTL=54Reply from 98.137.149.56: bytes=32 time=88ms TTL=54Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 85ms, Maximum = 88ms, Average = 86ms===========================================================================Interface List0x1 ........................... MS TCP Loopback interface0x2 ...00 11 11 e6 88 70 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport======================================================================================================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20 192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20 224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20 255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1Default Gateway: 192.168.0.1===========================================================================Persistent Routes: None Link to post Share on other sites More sharing options...
Elise Posted June 6, 2010 ID:262649 Share Posted June 6, 2010 In order to determine where the problem might be, could you please boot into Safe Mode with Networking and let me know how that behaves?Does that work normally? And how is the internet there? Link to post Share on other sites More sharing options...
playclue Posted June 6, 2010 Author ID:263044 Share Posted June 6, 2010 I logged in with Safemode, it appeared the same . When I booted up again I saw that safemode option again and thought i would be seeing safe mode but I am not . That is not what I normally see. Link to post Share on other sites More sharing options...
Elise Posted June 7, 2010 ID:263273 Share Posted June 7, 2010 It looks like you are using a router. Please reset it and let me know how things are after that. Link to post Share on other sites More sharing options...
playclue Posted June 7, 2010 Author ID:263295 Share Posted June 7, 2010 Yes I do have a router but I have never set it and when I purchased it , I was told not to do any thing to it. I also called the company and was told the same thing , just a few days ago. But the Google looks very strange and there was a problem you may have helped me get rid of . That was the fudog program and I think that came in the back door of paint shopPro 7 and not only was used but the person even made a order form to purchase candy-eye for PaintShop Pro in my computer. I saw that and deleted it a few weeks ago , but continued to have problems and get disconneced. That PaintShop order form was also part of a folder or file that said logging in from Germany. Link to post Share on other sites More sharing options...
Elise Posted June 7, 2010 ID:263320 Share Posted June 7, 2010 Hi again,FuDog is related to Yahoo SearchProtection and is not malware.Your google page is the right one according to the IP address in the lookup we did. Could you please make a screenshot to show me what seems "not right" about it?ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.Push the button.Push Link to post Share on other sites More sharing options...
Recommended Posts