Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: DonnaB on June 06, 2012, 04:52:12 AM

Title: Windows XP Internet Security 2012
Post by: DonnaB on June 06, 2012, 04:52:12 AM
Hello!  :hallo:

This is my son Bryans XP that was/is infected with the above named rogue AV. I have cleaned it to some extent then had to put it aside back in April due to no time to work on it. Could you help me cleanse the left overs please?

Issues while creating logs requested:

Could not access links from Log Posting Instructions thread to download the programs to get the logs so downloaded to my laptop then I transfered to his desktop via USB to run the programs.

Once logs were ready to post I could not click on link under Posting Instructions to access Analysis and Malware Removal forum to Click on New Topic to post the logs though I was able to click on Home to access Analysis and Malware Removal.

Other than that no other issues (pop ups, held for ransom, etc.) to speak of except the below issue with IE.

Please note:

Not sure why IE7 displays in the log. If I click on Help > About Internet Explorer it does display IE8 logo though the version # is 7.0.5730.13

I've never encountered that before!  :shocked:

Logs below:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Bryan at 2012-06-05 23:00:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (44%) free of 38 GB
Total RAM: 1271 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:05 PM, on 6/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bryan\Desktop\RSIT.exe
C:\Program Files\trend micro\Bryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = by HUDMAN PCS
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (file missing)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261622535235
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

--
End of file - 5214 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://www.facebook.com/"
prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {27c60876-b5c9-4335-b4f3-52b26782220c}:0.9.3, engine@conduit.com:3.2.5.2, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\
engine@conduit.com
{27c60876-b5c9-4335-b4f3-52b26782220c}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\searchplugins\
bing.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo2.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-11-28 3744552]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"Monitor"=C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2010-11-19 193880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe"="C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe"="C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=serwvdrv.dll
"VIDC.DIVX"=divx.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-06-05 23:00:43 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2012-06-05 23:01:05 ----D---- C:\Program Files\Trend Micro
2012-06-05 23:00:44 ----D---- C:\WINDOWS\Prefetch
2012-06-05 22:49:14 ----RD---- C:\Program Files
2012-06-05 22:05:39 ----D---- C:\WINDOWS\Temp
2012-06-05 10:43:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-05 09:57:28 ----D---- C:\WINDOWS\system32\CatRoot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-23 47360]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2008-04-01 18560]
S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2006-03-01 618880]
S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2005-05-06 47360]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2005-05-06 36880]
S3 motandroidusb;Mot ADB Interface Driver; C:\WINDOWS\System32\Drivers\motoandroid.sys [2009-07-10 25856]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2007-11-02 6400]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2010-11-19 4916568]
R2 MotoHelper;MotoHelper Service; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.09 2012-06-05 23:01:08

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.8.0.193-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Jasc Paint Shop Pro 9 GDI+ Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
K-Lite Mega Codec Pack 5.5.1-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}
LeapFrog Tag Plugin-->MsiExec.exe /X{E51FFEFB-68E2-4516-B293-35DC83B9767E}
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MotoHelper 2.0.24 Driver 4.7.1-->C:\Program Files\Motorola\MotoHelper\uninstall.exe
MotoHelper MergeModules-->MsiExec.exe /I{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}
Motorola Mobile Drivers Installation 4.7.1-->MsiExec.exe /X{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Opera-->C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
PeerBlock 1.0.0 (r181)-->"C:\Program Files\PeerBlock\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2416400)-->"C:\WINDOWS\ie7updates\KB2416400-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2482017)-->"C:\WINDOWS\ie7updates\KB2482017-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2497640)-->"C:\WINDOWS\ie7updates\KB2497640-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2530548)-->"C:\WINDOWS\ie7updates\KB2530548-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2544521)-->"C:\WINDOWS\ie7updates\KB2544521-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2559049)-->"C:\WINDOWS\ie7updates\KB2559049-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2586448)-->"C:\WINDOWS\ie7updates\KB2586448-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9  -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Theme Hospital-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL2.isu"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)-->MsiExec.exe /X{E51FFEFB-68E2-4516-B293-35DC83B9767E}
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)-->C:\PROGRA~1\DIFX\507DAFEF8EE1D9B8\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\flyusb_E1B194E4380F1C20BBC476848F70DDC967C29749\flyusb.inf
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)-->C:\PROGRA~1\DIFX\507DAFEF8EE1D9B8\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\leapfrog-0_B30D43972967E3C09B8E635B22BC13082452FEEA\leapfrog-02-03-05-012-1373324.inf
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\Windows\System32\ymmapi.dll

======Hosts File======

127.0.0.1   mpa.one.microsoft.com
127.0.0.1   genuine.microsoft.com
127.0.0.1   activate.adobe.com
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: DIM3K
Event Code: 1002
Message: The IP address lease 192.168.2.3 for the Network Card with network address 00132001A756 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 82
Source Name: Dhcp
Time Written: 20111013180441.000000-300
Event Type: error
User:

Computer Name: DIM3K
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 80
Source Name: W32Time
Time Written: 20111013130018.000000-300
Event Type: warning
User:

Computer Name: DIM3K
Event Code: 1002
Message: The IP address lease 192.168.2.2 for the Network Card with network address 00132001A756 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 43
Source Name: Dhcp
Time Written: 20111010235937.000000-300
Event Type: error
User:

Computer Name: DIM3K
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 38
Source Name: W32Time
Time Written: 20111010065952.000000-300
Event Type: warning
User:

Computer Name: DIM3K
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 20
Source Name: W32Time
Time Written: 20111007004814.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: DIM3K
Event Code: 0
Message:
Record Number: 669
Source Name: LeapFrog Connect Device Service
Time Written: 20101228142436.000000-360
Event Type: warning
User:

Computer Name: DIM3K
Event Code: 0
Message:
Record Number: 659
Source Name: LeapFrog Connect Device Service
Time Written: 20101227110948.000000-360
Event Type:
User:

Computer Name: DIM3K
Event Code: 0
Message:
Record Number: 658
Source Name: LeapFrog Connect Device Service
Time Written: 20101227110948.000000-360
Event Type: warning
User:

Computer Name: DIM3K
Event Code: 0
Message:
Record Number: 653
Source Name: LeapFrog Connect Device Service
Time Written: 20101226100045.000000-360
Event Type:
User:

Computer Name: DIM3K
Event Code: 0
Message:
Record Number: 652
Source Name: LeapFrog Connect Device Service
Time Written: 20101226100045.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 1.6.0_20
Run by Bryan at 23:03:01 on 2012-06-05
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1271.823 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/home.php
uWindow Title = by HUDMAN PCS
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261622535235
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{986BAD36-AADD-4C7D-B8D1-0C0BC345B974} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F491941F-E3EB-4E19-AB82-EA425D83B7AE} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bryan\application data\mozilla\firefox\profiles\upz37x4t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\documents and settings\bryan\application data\mozilla\firefox\profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\bryan\application data\mozilla\firefox\profiles\upz37x4t.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-20 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-19 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-19 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 44768]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-26 18560]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-2-8 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-2-8 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-2-8 8320]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-1-6 14424]
.
=============== Created Last 30 ================
.
2012-06-06 03:43:40   --------   d-sh--w-   c:\documents and settings\bryan\IECompatCache
.
==================== Find3M  ====================
.
.
============= FINISH: 23:04:27.46 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/23/2009 10:30:27 AM
System Uptime: 6/5/2012 2:00:06 PM (9 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0R8060
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 16.44 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1C660DD6&0&00F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1C660DD6&0&00F0
Service: rtl8139
.
==== System Restore Points ===================
.
RP400: 4/6/2012 10:46:54 PM - System Checkpoint
RP401: 4/7/2012 11:19:40 PM - System Checkpoint
RP402: 6/5/2012 2:24:42 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
avast! Free Antivirus
CCleaner
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.8.0.193
Foxit Reader
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 Patch
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
K-Lite Mega Codec Pack 5.5.1
LeapFrog Connect
LeapFrog Tag Plugin
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.7.1
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6 Ultra Edition
Opera
PeerBlock 1.0.0 (r181)
PowerDVD
PowerISO
QuickTime
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)<br
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 06, 2012, 08:02:34 PM
Hi, Donna.

It is strange that RSIT correctly shows IE9 and DDS is showing IE7.  Note that the DDS log got cut off by the forum software.  No need to post the rest of it though since the RSIT log is posted. 

I'm not seeing uTorrent in installed programs but there certainly are a lot of signs that it was on Bryan's computer.  Its lecture time, Mom. :)

Please uninstall Java(TM) 6 Update 20 then download JavaRa (http://singularlabs.com/software/javara/) and unzip it to your desktop.

Then download and install (http://www.oracle.com/technetwork/java/javase/downloads/jre-7u4-download-1591157.html%5B/url).   

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

Following that, Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).

Now, please run ComboFix:
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 06, 2012, 10:34:21 PM
Hi Corrine,

Thanks for your help. 

I uninstalled uTorrent myself as requested in the Log Posting Instructions. Could have swore I saw LimeWire on the machine also but it wasn't listed in Add/Remove and I didn't search further. Could have just been a folder I came across somewhere. 

QuoteIts lecture time, Mom. :)

It sure is! He promised me wouldn't install any more P2P's after what we went through trying to clean his Win7 not long ago. This computer is the WinXP that he pulled out of the closet to use while we cleaned the Win7 and I believe he infected the XP with either his AndroidX or a USB. I keep telling him how communicable these infections are if he shares USB devices.

Funny about the Attach.txt log. That is the Attach.txt log that was cut off correct? I'm not familiar with DDS so posting here for your help educates me as well on programs I am not taught about in training. I had noticed something strange happen when attempting to select all when copying the log to post. Reviewing the log saved to the desktop shows that some of the uninstall list is in the middle of the Windows Updates listings. Copy and paste error possibly?!? Entries were being highlighted in the txt log without me doing so. They may have rearranged themselves in the logs on their own due to this and I didn't realize it.

I see that the checkup.txt log didn't post either though I do recall it was displayed when I clicked on Preview post before submitting.
I knew Java was out of date and the checkup log did show that as well but wanted to post for help with the computer as is and not tinker too much on updating or removing any programs so you could see where and what we're dealing with here.

Had to transfer Combofix via USB to his computer and once the scan commenced I was informed that ZeroAccess is located in tcp/ip. I transferred the Combofix log back to my computer to post since I started this post while it was still scanning. I'll perform the next steps you provide on the infected machine.

Here's the log:

ComboFix 12-06-06.02 - Bryan 06/06/2012  16:45:26.1.1 - x86
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2a148888
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bryan\Application Data\5fc6eeb8
c:\documents and settings\Bryan\Application Data\app
c:\documents and settings\Bryan\Application Data\app\Jerakine_lang.dat
c:\documents and settings\Bryan\Application Data\app\Jerakine_lang_vesrion.dat
c:\documents and settings\Bryan\Application Data\inst.exe
c:\documents and settings\Bryan\Application Data\PriceGong
c:\documents and settings\Bryan\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Bryan\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Bryan\Application Data\vso_ts_preview.xml
c:\documents and settings\Bryan\WINDOWS
c:\windows\$NtUninstallKB36847$
c:\windows\$NtUninstallKB36847$\1801135045
c:\windows\system32\dllcache\wmpvis.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-06 to 2012-06-06  )))))))))))))))))))))))))))))))
.
.
2012-06-06 04:00 . 2012-06-06 04:01   --------   d-----w-   C:\rsit
2012-06-06 03:43 . 2012-06-06 03:43   --------   d-sh--w-   c:\documents and settings\Bryan\IECompatCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray"=c:\windows\system32\igfxtray.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/20/2011 4:48 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/19/2010 9:45 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/19/2010 9:45 PM 20568]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 11:47 AM 202048]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/23/2009 2:41 PM 47360]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2010 11:01 AM 18560]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2/8/2011 2:10 AM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/8/2011 2:10 AM 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/8/2011 2:10 AM 8320]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/6/2012 5:48 PM 14424]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.105.128.61
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\uTorrentBar\prxtbuTo2.dll
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
AddRemove-Hospital - c:\program files\Bullfrog\Hospital\DeIsL2.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-06 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2472)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-06  17:02:00 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-06 22:01
.
Pre-Run: 17,608,962,048 bytes free
Post-Run: 17,685,860,352 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 72527BF47030A31943B5416BE947F2E5
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 06, 2012, 11:47:41 PM
Quote from: DonnaBI see that the checkup.txt log didn't post either though I do recall it was displayed when I clicked on Preview post before submitting.
I knew Java was out of date and the checkup log did show that as well but wanted to post for help with the computer as is and not tinker too much on updating or removing any programs so you could see where and what we're dealing with here.

Had to transfer Combofix via USB to his computer and once the scan commenced I was informed that ZeroAccess is located in tcp/ip. I transferred the Combofix log back to my computer to post since I started this post while it was still scanning. I'll perform the next steps you provide on the infected machine.

The CheckUp.txt didn't post because the forum software cut it off. 

Let's see what TDSSKiller says about ZA.  Since the computer has been offline since April, it would be one of the older variants.  I'm not seeing the LSP that normally shows in XP, but there are many different variants.  Please download the TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) by Kaspersky... save it to your Desktop. <-Important!!!
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 07, 2012, 01:10:36 AM
TDSSKiller found nothing. Clicked on Report to view log and it shows Tcpip - ok. Would you like me to post the log? It's pretty long.

Was  unable to click on TDSSKiller link to download the tool. File downloaded and transferred from my laptop to run scan.
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 07, 2012, 01:48:00 AM
No, since you are familiar with TDSSKiller, you don't need to post the log.  I had you jump to TDSSKiller because of the message you received from CF.  I need to take a close look at the ComboFix log. 

Are you using Bryan's computer directly connected to the router or are you using it wireless?   Are you otherwise able to surf the net normally with the laptop and are just having problems downloading programs?  Can you get to the download sites ok? 

Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 07, 2012, 02:07:36 AM
In looking for the purpose for pbfilter.sys, I found a large number of indications that it causes BSOD's.  Then I looked further at PeerBlock (http://www.peerblock.com/):

QuotePeerBlock lets you control who your computer "talks to" on the Internet.  By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries!  They can't get in to your computer, and your computer won't try to send them anything either.

As you can see, it is used for P2P.  If Bryan is going to persist in using P2P, I'm sure he will reinstall it.  However, depending on what "lists" Bryan has installed, it may also be causing the download problems.
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 07, 2012, 02:15:08 AM
Sorry for the piece-meal replies.  From the system event long:

Computer Name: DIM3K
Event Code: 1002
Message: The IP address lease 192.168.2.3 for the Network Card with network address 00132001A756 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

I believe this explains the two IP addresses shown in the logs and likely the DHCPNACK message:

QuoteCable modems are typically configured to only give out one IP address
to one device. If you have a router connected to the modem, then the
router gets that IP address. If you disconnect the router and
connect the computer directly to your modem, the modem sees a 2nd
device and won't give out an address unless the modem is unplugged
from the wall power then repowered -- in which case the first device
it sees gets the IP address. (i.e. Power cycle the modem, not the
computer).
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 07, 2012, 03:07:27 AM
QuoteAre you using Bryan's computer directly connected to the router or are you using it wireless?   Are you otherwise able to surf the net normally with the laptop and are just having problems downloading programs?

Bryan's computer is a desktop and is connected to the router. (the laptop is mine that I am using to transfer the files to)

I have no trouble surfing the net with Bryan's computer nor clicking to access sites.

QuoteCan you get to the download sites ok?

Cannot access personalized links within posts that redirect me to download sites/exe's. As an experiment, I placed the cursor on the personalized link for TDSSKiller and typed the url address that is displayed in the lower left of the browser into the IE search engine and I can access the site and download the tool.

I also uninstalled HJT and googled to download the tool again and was able to access filehippo do so.

Just uninstalled MBAM to see if I could download it again. Googled malwarebytes.org clicked on download, was redirected to cnet. Clicked on green Download Now button and received an error on page message in lower left of browser. Was not able to download and reinstall MBAM.

Received email notice that you had posted while I was investigating and uninstalled PeerBlock from Add/Remove and rebooted. Retried malwarebyte.org and had to refresh to get page to load properly. Looked like I was using IE6 before I refreshed!!! Still unable to re-install MBAM.

Double checked to verify IE version and as before is does display IE8 though has the IE7 version number. Provided image below:

(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FIE.png&hash=842f7b1402be2ed02e89caabc246f5a602f527a5)

Windows Internet Explorer is displayed in Add/Remove programs in Control Panel. Not IE8. Went to MS Updates and was instructed to install ActiveX for MS Updates or for all websites. Chose all websites. Checking for Updates at this time.

11 updates found and are now downloading and installing.

Ok. Time to read your posts that were posted while I was playing Sherlock Holmes here!
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 07, 2012, 03:13:38 AM
Quote from: Corrine on June 07, 2012, 02:15:08 AM
Sorry for the piece-meal replies.  From the system event long:

Computer Name: DIM3K
Event Code: 1002
Message: The IP address lease 192.168.2.3 for the Network Card with network address 00132001A756 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

I believe this explains the two IP addresses shown in the logs and likely the DHCPNACK message:

QuoteCable modems are typically configured to only give out one IP address
to one device. If you have a router connected to the modem, then the
router gets that IP address. If you disconnect the router and
connect the computer directly to your modem, the modem sees a 2nd
device and won't give out an address unless the modem is unplugged
from the wall power then repowered -- in which case the first device
it sees gets the IP address. (i.e. Power cycle the modem, not the
computer).

Earlier when I tried to click on the TDSSKiller link to download the program I couldn't from Bryan's desktop nor from my laptop. I even contacted Joe by email to see if he could access the site just to make sure it wasn't inaccessible only by me, He said he had access, so I power cycled my modem and router which gave me access to the site on my laptop but not on Bryan's desktop.
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 07, 2012, 03:47:52 PM
Didn't Joe suggest that you flush the DNS cache & restore the HOSTS file on Bryan's computer?  ;)

Please copy/paste the lines in bold below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

Note:  For Windows Vista or Windows 7, right-click flush.bat and select "Run as Administrator".

Try now to reinstall MBAM and please post a fresh DDS.scr log (Attach.txt not needed).
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 07, 2012, 06:26:13 PM
Posting with infected computer now and using IE.

Question about IE. I noticed that IE7 is listed in Add/Remove. I checked the installed updates at the MS Update site and it shows that IE8 was installed. Shouldn't IE8 have wrote over IE7 and removed it from the Add/Remove programs to display IE8???

QuoteDidn't Joe suggest that you flush the DNS cache & restore the HOSTS file on Bryan's computer?  :wink:

No, though I'm sure he thought of it as I did but he is like me, once you start helping someone or they start helping you I find it disturbing to proceed without being requested to do so. Kinda like when you have been helping someone for days/weeks and they decide to do a System Restore in your absence! Egads!!  :thud:

"Oh no you didn't!" is what crosses my mind.

But I knew that would be your next set of instructions.  :grin: hehe So, I  just ran the batch file and could not connect to the internet on reboot. Power cycled modem/router and connected just fine.

Next:

Concerning MBAM download:

I can access Malwarebytes.org, click on download button which redirects me to cnet but still can not produce any results when I click to download from cnet.

When I access the cnet site for the download I am presented with the Done notification in lower left of browser but when I click download button I get an exclamation mark and it states Error On Page. If I place cursor over green download button it displays javajscript:downloadNow with exclamation mark. Did I mention that I installed Java 7 update 4 after I ran JavaRa?

Tried the following url (http://shop.malwarebytes.org/lpa/342/4/7268/thanks_g.html) in Firefox and was able to access, register, received and clicked on link in email notification and was able to download, install and update the executable file to v2012.06.07.04 Did not try the other links that I tried in IE. Need to update Firefox from version 3.6.28 to latest version but will wait till you acknowledge this. Don't want to change too much without your approval.

Do you think it would be wise to reset IE back to defaults to see what happens?


Here's the latest DDS scan log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 10.4.0
Run by Bryan at 12:50:58 on 2012-06-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1271.652 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/home.php
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261622535235
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{986BAD36-AADD-4C7D-B8D1-0C0BC345B974} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F491941F-E3EB-4E19-AB82-EA425D83B7AE} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bryan\application data\mozilla\firefox\profiles\upz37x4t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\documents and settings\bryan\application data\mozilla\firefox\profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\bryan\application data\mozilla\firefox\profiles\upz37x4t.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_04.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-20 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-19 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-19 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-19 44768]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-26 18560]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-2-8 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-2-8 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-2-8 8320]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
.
=============== Created Last 30 ================
.
2012-06-07 17:36:30   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-07 17:36:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-06-07 03:04:50   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-06-07 03:04:50   3072   ------w-   c:\windows\system32\iacenc.dll
2012-06-07 02:50:36   --------   d-----w-   c:\documents and settings\bryan\local settings\application data\Sun
2012-06-07 02:34:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-06-07 02:34:47   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-06-07 01:56:33   388096   ----a-r-   c:\documents and settings\bryan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-06 21:35:57   --------   d-sha-r-   C:\cmdcons
2012-06-06 21:22:46   98816   ----a-w-   c:\windows\sed.exe
2012-06-06 21:22:46   518144   ----a-w-   c:\windows\SWREG.exe
2012-06-06 21:22:46   256000   ----a-w-   c:\windows\PEV.exe
2012-06-06 21:22:46   208896   ----a-w-   c:\windows\MBR.exe
2012-06-06 03:43:40   --------   d-sh--w-   c:\documents and settings\bryan\IECompatCache
.
==================== Find3M  ====================
.
2012-05-31 13:22:09   599040   ----a-w-   c:\windows\system32\crypt32.dll
2012-04-11 13:12:06   1862272   ----a-w-   c:\windows\system32\win32k.sys
2012-04-11 13:10:58   2192640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52   2069120   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:52:09.32 ===============
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 07, 2012, 06:36:52 PM
Hey Corrine? I just ran DDS just after 1pm here. Why do the times in the log appear 5 hours ahead? Is that a system clock issue?

=============== Created Last 30 ================
.
2012-06-07 17:36:30   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-07 17:36:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-06-07 03:04:50   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-06-07 03:04:50   3072   ------w-   c:\windows\system32\iacenc.dll
2012-06-07 02:50:36   --------   d-----w-   c:\documents and settings\bryan\local settings\application data\Sun
2012-06-07 02:34:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-06-07 02:34:47   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-06-07 01:56:33   388096   ----a-r-   c:\documents and settings\bryan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 07, 2012, 08:56:04 PM
Addressing IE first. 

With the upgrade path of IE7 > IE8, IE7 was not removed but left so IE8 could be uninstalled.  There are several paths you can take.  I suggest you start with Steps 2, 3 and 4 here:  Is Internet Explorer slow? 5 things to try - Help & How-to- Microsoft Windows (http://windows.microsoft.com/en-gb/windows/help/internet-explorer/slow-five-tips-to-boost-performance).

Just for completeness (knowing you :) ), I'm including links to several other articles.  However, the first essentially repeats the above.  If the two Microsoft Fix it solutions don't solve the problem with IE, I think the next step is uninstalling IE8, testing IE7 and then reinstalling IE8.  Instructions in in number 3 below.

1.  How to solve Internet Explorer 8 installation problems (http://support.microsoft.com/kb/949220) (Includes two Microsoft Fix it solutions.)
2.  How to troubleshoot Internet Explorer issues in Windows Vista and in Windows XP (http://support.microsoft.com/kb/936215)
3.  How do I remove Internet Explorer 8 from Windows as a troubleshooting step? (http://support.microsoft.com/kb/957700#stepsforxp)
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 07, 2012, 10:15:41 PM
Here's a good one for you! I decided to just uninstall IE8 so I followed the instructions in link #3 to paste %windir%\ie8\spuninst\spuninst.exe into the command box. Upon Inspecting Current Configuration an Internet Explorer box pops up with:

The following programs were installed on your computer after Internet Explorer 8

The first program listed was IE7!  :huh:

Then the list includes last nights updates, MBAM, HJT, Java and Firefox.

Under the box that contains this list it states:

If these programs depend on Internet Explorer 8, they might not work properly after it is removed. Do you want to continue?

Yes or No (buttons)

Now, if I proceed to uninstall IE8 will I have problems with IE7?

Since IE7 was installed after IE8 could I just uninstall IE7 through Add/Remove Programs and will it revert to IE8????

:shocked:

I better go back and view the other links before I do anything pertaining to uninstalling IE8.
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 08, 2012, 01:55:42 AM
Since none of those problems depend on IE8, it should be fine.  Although, how or why Bryan managed to install IE7 after IE8 was installed, I cannot guess.  That is likely what messed up the configuration of IE8. 
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 08, 2012, 02:29:43 AM
Corrine. I was thinking the same thing.

Just created a Restore Point and went to uninstall IE7 via Add/Remove but there is no Remove option when I click on it. I could change:

%windir%\ie8\spuninst\spuninst.exe

to

%windir%\ie7\spuninst\spuninst.exe

Couldn't I? Or will I have to go to MS Updates to uninstall the update? I noticed last night when I was looking around in Updates hISTORY that it installed towards the end of 2011.

By the way, I do have right click function but no left click functions  for any links in this thread, however, I can right click the link on How to change the file extension in post #3 then left click links from there. Never had that ability earlier this happened after Step #4 below. Tried it with TDSSKiller but nothing else.

In the meantime, here are the things I tried from the other links above:

Steps 2, 3, and 4 from first link above:

Results for Step #2:

Reset Internet Settings. No change.


Results for Step #3:

Didn't see anything that was related to the issue.

Results for Step #4:

Clicked Fix It button. Requested to install Microsoft .Net Framework Version 2.0 Redistributable Package (x86) then tried MS Fix It 50492 (http://support.microsoft.com/kb/239924) after installing dotntfix thing. No change.

On a whim, I clicked on Tools > Manage Add-ons and found that uTorrentbar Findbar was enabled. Disabled that, left clicked on TDSSKiller.exe above and was not able to access download, though I could right click and was presented with menu to choose Open in New Tab which I clicked and was presented with the TDSSKiller executable ready to download.

From my research the Add-on has to be disabled before uninstalling through Add/Remove programs. Unfortunately, it is not listed in the Add/Remove Programs because I uninstalled uTorrent prior to running scans to provide logs for the first post. Still can not click on MBAM download button on cnet and Error on page is displayed in lower left corner.



Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 08, 2012, 02:44:17 AM
Uninstalled IE8 via Command Prompt and IE7 and the version number are correct when I click on Tools > About Internet Explorer.

I'll wait to update to IE8 till I receive a reply from you.

Thank you Corrine for all your help so far!  :hug:
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 08, 2012, 07:09:44 PM
Hi, Donna. 

Yes, I was waiting to resolve the IE issue until providing the script for ComboFix.  Let's do that now.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Code Select

Firefox::
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - component: c:\documents and settings\bryan\application data\mozilla\firefox\profiles\upz37x4t.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

DDS::
EB: {32683183-48a0-441b-a342-7c2a440a9478} -

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

How is IE7 working? 
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 09, 2012, 12:40:55 AM
QuoteHow is IE7 working?

Much better but very, very slow.......

Prior to running CFScript fix it would load in "pieces", meaning that as IE loaded you could see the desktop where the Menu Bar should be. Didn't do that after the fix was initiated. Loaded just fine though took forever for the site to load once I clicked on the shortcut I have on the desktop to this thread.

Sorry about the Microsoft .NET Framework 2.0. The log would have been much shorter if I had not installed that whilst troubleshooting.

Following is the resultant log:

ComboFix 12-06-08.02 - Bryan 06/08/2012  19:05:26.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1271.890 [GMT -5:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\chrome.manifest
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\install.rdf
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\lib\xpcom.js
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\setup.ini
c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\extensions\engine@conduit.com\version.txt
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-09 to 2012-06-09  )))))))))))))))))))))))))))))))
.
.
2012-06-08 23:54 . 2012-06-08 23:54   --------   d-----w-   c:\windows\LastGood
2012-06-08 02:01 . 2012-06-08 23:56   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-07 17:36 . 2012-06-07 17:36   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-06-07 17:36 . 2012-04-04 20:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-07 03:04 . 2012-01-11 19:06   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-06-07 03:04 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\iacenc.dll
2012-06-07 02:50 . 2012-06-07 02:50   --------   d-----w-   c:\documents and settings\Bryan\Local Settings\Application Data\Sun
2012-06-07 02:35 . 2012-06-07 02:35   --------   d-----w-   c:\program files\Common Files\Java
2012-06-07 02:34 . 2012-06-07 02:34   --------   d-----w-   c:\documents and settings\Bryan\Application Data\Oracle
2012-06-07 02:34 . 2012-06-07 02:34   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-06-07 02:34 . 2012-04-04 23:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-06-07 01:56 . 2012-06-07 01:56   388096   ----a-r-   c:\documents and settings\Bryan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-06 04:00 . 2012-06-06 04:01   --------   d-----w-   C:\rsit
2012-06-06 03:43 . 2012-06-06 03:43   --------   d-sh--w-   c:\documents and settings\Bryan\IECompatCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 23:56 . 2012-01-07 03:50   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2001-08-18 12:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2012-04-11 13:12 . 2001-08-18 12:00   1862272   ----a-w-   c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2001-08-18 12:00   2192640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2001-08-17 13:48   2069120   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-06_21.56.08   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-08 23:51 . 2012-06-08 23:51   16384              c:\windows\temp\Perflib_Perfdata_4bc.dat
+ 2001-08-18 12:00 . 2011-10-31 23:43   44544              c:\windows\system32\pngfilt.dll
+ 2001-08-18 12:00 . 2012-06-08 01:15   58596              c:\windows\system32\perfc009.dat
+ 2005-09-23 12:28 . 2005-09-23 12:28   32768              c:\windows\system32\netfxperf.dll
+ 2001-08-18 12:00 . 2007-08-14 00:01   48128              c:\windows\system32\mshtmler.dll
- 2001-08-18 12:00 . 2009-03-08 10:31   48128              c:\windows\system32\mshtmler.dll
- 2001-08-18 12:00 . 2009-03-08 10:31   45568              c:\windows\system32\mshta.exe
+ 2001-08-18 12:00 . 2007-08-14 00:32   45568              c:\windows\system32\mshta.exe
+ 2007-08-14 00:36 . 2007-08-14 00:36   12288              c:\windows\system32\msfeedssync.exe
+ 2007-08-14 00:54 . 2011-10-31 23:43   52224              c:\windows\system32\msfeedsbs.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   74240              c:\windows\system32\mscories.dll
+ 2001-08-18 12:00 . 2007-08-14 00:44   40960              c:\windows\system32\licmgr10.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   27648              c:\windows\system32\jsproxy.dll
+ 2001-08-18 12:00 . 2007-08-14 00:39   92672              c:\windows\system32\inseng.dll
+ 2001-08-18 12:00 . 2007-08-14 00:36   36352              c:\windows\system32\imgutil.dll
+ 2001-08-18 12:00 . 2007-08-14 00:39   55296              c:\windows\system32\iesetup.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   44544              c:\windows\system32\iernonce.dll
+ 2012-01-07 03:38 . 2011-10-31 23:43   78336              c:\windows\system32\ieencode.dll
+ 2001-08-18 12:00 . 2011-10-31 20:56   70656              c:\windows\system32\ie4uinit.exe
+ 2007-08-14 00:36 . 2011-10-31 23:43   63488              c:\windows\system32\icardie.dll
+ 2007-08-14 00:36 . 2011-10-31 23:43   44544              c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 00:01 . 2009-03-08 10:31   48128              c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 00:01 . 2007-08-14 00:01   48128              c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-14 00:32 . 2009-03-08 10:31   45568              c:\windows\system32\dllcache\mshta.exe
+ 2007-08-14 00:32 . 2007-08-14 00:32   45568              c:\windows\system32\dllcache\mshta.exe
+ 2009-10-29 07:46 . 2011-10-31 23:43   52224              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 00:44 . 2007-08-14 00:44   40960              c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   27648              c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 00:39 . 2007-08-14 00:39   92672              c:\windows\system32\dllcache\inseng.dll
+ 2007-08-14 00:36 . 2007-08-14 00:36   36352              c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-14 00:39 . 2007-08-14 00:39   55296              c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-14 00:39 . 2011-10-31 23:43   44544              c:\windows\system32\dllcache\iernonce.dll
+ 2012-01-07 03:38 . 2011-10-31 23:43   78336              c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 00:39 . 2011-10-31 20:56   70656              c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-29 07:46 . 2011-10-31 23:43   63488              c:\windows\system32\dllcache\icardie.dll
+ 2007-08-14 00:18 . 2007-08-14 00:18   60416              c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-14 00:42 . 2011-10-31 23:43   17408              c:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 00:39 . 2007-08-14 00:39   71680              c:\windows\system32\dllcache\admparse.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   83456              c:\windows\system32\dfshim.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   17408              c:\windows\system32\corpol.dll
+ 2001-08-18 12:00 . 2007-08-14 00:39   71680              c:\windows\system32\admparse.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   28160              c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   71680              c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 12:28 . 2005-09-23 12:28   86016              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   47616              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   59072              c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   32768              c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   53248              c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   78336              c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   14848              c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   96440              c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 12:29 . 2005-09-23 12:29   22528              c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   10240              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   66240              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   67072              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   81408              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   73216              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   69632              c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   12800              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   32768              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   28672              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   73728              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 11:36 . 2005-09-23 11:36   85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47   84480              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 11:30 . 2005-09-23 11:30   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47   81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47   82432              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47   82432              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46   83456              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46   81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46   83456              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 11:44 . 2005-09-23 11:44   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 11:42 . 2005-09-23 11:42   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40   84480              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40   83968              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 11:38 . 2005-09-23 11:38   86016              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 11:38 . 2005-09-23 11:38   81408              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 08:46 . 2005-09-23 08:46   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 11:36 . 2005-09-23 11:36   87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34   85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34   81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34   82944              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 11:32 . 2005-09-23 11:32   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29   80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   40960              c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   72192              c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   55296              c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   28672              c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   52736              c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   31936              c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   68608              c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   17920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   13312              c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   76984              c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   88576              c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   29888              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   29896              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   26824              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   13824              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   70656              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   23552              c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   10752              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   55488              c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   10752              c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   18944              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   86528              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   72704              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2012-06-07 03:48 . 2012-06-07 03:48   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-08-16 04:39 . 2010-08-16 04:39   38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-06-08 01:37 . 2012-06-08 01:37   81920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\edd5de95ab688746aaf9f07fb17b9ed4\Microsoft.Build.Framework.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   15360              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\4bc8216937403c4cbda0698b89d3f47d\dfsvc.ni.exe
+ 2012-06-08 01:37 . 2012-06-08 01:37   26624              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8dca35b2213e4240abd32d6982e99231\Accessibility.ni.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   86016              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   73728              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   36864              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   68608              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   6144              c:\windows\system32\mui\0409\mscorees.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   7680              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   9216              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   7168              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5632              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   5632              c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   8192              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   9728              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   9216              c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   4608              c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   8192              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   4608              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   7680              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   7680              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   7680              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   7680              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5632              c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   5120              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   5632              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   114176              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2001-08-18 12:00 . 2012-02-29 14:10   177664              c:\windows\system32\wintrust.dll
- 2001-08-18 12:00 . 2009-12-24 06:59   177664              c:\windows\system32\wintrust.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   832512              c:\windows\system32\wininet.dll
- 2009-12-23 16:44 . 2009-08-25 09:17   354816              c:\windows\system32\winhttp.dll
+ 2009-12-23 16:44 . 2011-11-16 14:21   354816              c:\windows\system32\winhttp.dll
+ 2007-08-14 00:45 . 2007-08-14 00:45   206336              c:\windows\system32\winfxdocobj.exe
+ 2001-08-18 12:00 . 2011-10-31 23:43   233472              c:\windows\system32\webcheck.dll
+ 2001-08-18 12:00 . 2011-03-04 06:45   434176              c:\windows\system32\vbscript.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   106496              c:\windows\system32\url.dll
+ 2001-08-18 12:00 . 2011-11-16 14:21   152064              c:\windows\system32\schannel.dll
+ 2001-08-18 12:00 . 2012-06-08 01:15   392296              c:\windows\system32\perfh009.dat
+ 2001-08-18 12:00 . 2011-10-31 23:43   102912              c:\windows\system32\occache.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   671232              c:\windows\system32\mstime.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   193024              c:\windows\system32\msrating.dll
- 2001-08-18 12:00 . 2009-03-08 10:22   156160              c:\windows\system32\msls31.dll
+ 2001-08-18 12:00 . 2007-08-14 00:54   156160              c:\windows\system32\msls31.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   478720              c:\windows\system32\mshtmled.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   468480              c:\windows\system32\msfeeds.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   150016              c:\windows\system32\mscorier.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   270848              c:\windows\system32\mscoree.dll
+ 2012-06-08 02:01 . 2012-06-08 02:01   351904              c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-06-08 23:56 . 2012-06-08 23:56   351904              c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-06-08 23:56 . 2012-06-08 23:56   424096              c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-06-08 02:01 . 2012-06-08 23:56   257696              c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2001-08-18 12:00 . 2011-03-04 06:45   512000              c:\windows\system32\jscript.dll
+ 2012-06-07 02:34 . 2012-06-07 02:34   227784              c:\windows\system32\javaws.exe
+ 2012-06-07 02:34 . 2012-06-07 02:34   174024              c:\windows\system32\javaw.exe
+ 2012-06-07 02:34 . 2012-06-07 02:34   174024              c:\windows\system32\java.exe
+ 2001-08-18 12:00 . 2012-02-29 14:10   148480              c:\windows\system32\imagehlp.dll
+ 2007-08-14 00:54 . 2007-08-14 00:54   180736              c:\windows\system32\ieui.dll
+ 2007-08-14 00:34 . 2011-10-31 23:43   268288              c:\windows\system32\iertutil.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   192512              c:\windows\system32\iepeers.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   384512              c:\windows\system32\iedkcs32.dll
+ 2007-07-11 18:27 . 2011-10-31 23:43   380928              c:\windows\system32\ieapfltr.dll
+ 2001-08-18 12:00 . 2011-10-27 12:49   161792              c:\windows\system32\ieakui.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   230400              c:\windows\system32\ieaksie.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   153088              c:\windows\system32\ieakeng.dll
+ 2009-12-23 10:19 . 2012-06-07 03:18   176264              c:\windows\system32\FNTCACHE.DAT
- 2009-12-23 10:19 . 2011-12-16 05:20   176264              c:\windows\system32\FNTCACHE.DAT
+ 2001-08-18 12:00 . 2011-10-31 23:43   214528              c:\windows\system32\dxtrans.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   347136              c:\windows\system32\dxtmsft.dll
+ 2009-12-23 16:25 . 2012-01-09 16:20   139784              c:\windows\system32\drivers\rdpwd.sys
+ 2009-12-24 06:59 . 2012-02-29 14:10   177664              c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59   177664              c:\windows\system32\dllcache\wintrust.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   832512              c:\windows\system32\dllcache\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17   354816              c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21   354816              c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   233472              c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-14 00:54 . 2011-04-30 08:50   766464              c:\windows\system32\dllcache\vgx.dll
+ 2007-08-14 00:54 . 2011-03-04 06:45   434176              c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-14 00:44 . 2011-10-31 23:43   106496              c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21   152064              c:\windows\system32\dllcache\schannel.dll
+ 2011-08-10 20:52 . 2012-01-09 16:20   139784              c:\windows\system32\dllcache\rdpwd.sys
+ 2007-08-14 00:44 . 2011-10-31 23:43   102912              c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   671232              c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 00:44 . 2011-10-31 23:43   193024              c:\windows\system32\dllcache\msrating.dll
- 2001-08-18 12:00 . 2009-03-08 10:22   156160              c:\windows\system32\dllcache\msls31.dll
+ 2001-08-18 12:00 . 2007-08-14 00:54   156160              c:\windows\system32\dllcache\msls31.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   478720              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-10-29 07:46 . 2011-10-31 23:43   468480              c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-14 00:38 . 2011-03-04 06:45   512000              c:\windows\system32\dllcache\jscript.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10   148480              c:\windows\system32\dllcache\imagehlp.dll
+ 2007-08-14 00:43 . 2011-10-31 10:46   634504              c:\windows\system32\dllcache\iexplore.exe
+ 2009-10-29 07:46 . 2011-10-31 23:43   268288              c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   192512              c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:39 . 2011-10-31 23:43   384512              c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-10-29 07:46 . 2011-10-31 23:43   380928              c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-18 12:00 . 2011-10-27 12:49   161792              c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 00:39 . 2011-10-31 23:43   230400              c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2011-10-31 23:43   153088              c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 00:35 . 2011-10-31 23:43   214528              c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 00:35 . 2011-10-31 23:43   347136              c:\windows\system32\dllcache\dxtmsft.dll
- 2011-09-03 10:17 . 2011-09-28 07:06   599040              c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-03 10:17 . 2012-05-31 13:22   599040              c:\windows\system32\dllcache\crypt32.dll
+ 2007-08-14 00:39 . 2011-10-31 23:43   124928              c:\windows\system32\dllcache\advpack.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   124928              c:\windows\system32\advpack.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   298496              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   823296              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   835584              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   260096              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   114688              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   131072              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   299008              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   368640              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   114176              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   700416              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   188416              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   397312              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   884736              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   716800              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   482304              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   389120              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   110592              c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   377344              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   107520              c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   136192              c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   226816              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   330752              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   102400              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   326144              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   288768              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   800768              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   667648              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   372736              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   110592              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   745472              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   647168              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   413696              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 12:57 . 2005-09-23 12:57   245408              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 12:01 . 2005-09-23 12:01   609472              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   224952              c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   788992              c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   547840              c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   106496              c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   503808              c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   106496              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   138240              c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   208896              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   183808              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   136192              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2012-06-07 02:35 . 2012-06-07 02:35   176128              c:\windows\Installer\8d290.msi
+ 2012-06-07 02:34 . 2012-06-07 02:34   863744              c:\windows\Installer\8d27e.msi
+ 2006-10-27 02:49 . 2006-10-27 02:49   509200              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
+ 2012-01-07 03:38 . 2006-09-06 23:43   213216              c:\windows\ie7\spuninst\spuninst.exe
+ 2012-06-08 01:38 . 2012-06-08 01:38   237568              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b40c81c7bdfedf4ebd614bab1d2410f1\System.Web.RegularExpressions.ni.dll
+ 2012-06-08 01:38 . 2012-06-08 01:38   684032              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5d157e11f69ea74c8f03b42548d99447\System.Transactions.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   729088              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\62de1185f5e5f8459ee8890410d1c59c\System.Security.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   294912              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4c99bedd8f9ae24ca59988ee04661a53\System.EnterpriseServices.Wrapper.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   659456              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4c99bedd8f9ae24ca59988ee04661a53\System.EnterpriseServices.ni.dll
+ 2012-06-08 01:14 . 2012-06-08 01:14   229376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\76b00691ee493e448309879c86ad8a18\System.Drawing.Design.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   512000              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f350cc8bd91dda459745b606008752fd\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   962560              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ac201a8b85b8ff45acda9910db7e7a1c\System.Configuration.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   163840              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dc4899a640e8d34f99a4b8dab00e8b26\Microsoft.Build.Utilities.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   880640              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\00d82d0dd5f5be4492da5ab7112f54e8\Microsoft.Build.Engine.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   237568              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\0cc114157200344ca78b97b737fa14f4\CustomMarshalers.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   860160              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6e20fec549fef748954a2e451776100e\AspNetMMCExt.ni.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   823296              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-08 01:12 . 2012-06-08
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 09, 2012, 02:16:02 AM
.NET Framework can be a royal pain -- especially when it results in the log being cut off.  :D

Can you locate the following and copy/paste to the end of the log, please.

+ 2012-06-08 01:13 . 2012-06-08 01:13   835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-08 01:12 . 2012-06-08

Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 09, 2012, 02:31:20 AM
I'm sorry Corrine. I didn't review after I had posted.

+ 2012-06-08 01:12 . 2012-06-08 01:12   823296              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   299008              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   368640              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   700416              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   397312              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   884736              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   716800              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   389120              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   667648              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   745472              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   647168              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   413696              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   503808              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   260096              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   114176              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   482304              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-07 03:06 . 2012-02-09 15:43   1748992              c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2001-08-18 12:00 . 2011-10-31 23:43   1168896              c:\windows\system32\urlmon.dll
+ 2001-08-18 12:00 . 2011-11-04 15:16   3616256              c:\windows\system32\mshtml.dll
+ 2012-06-08 02:01 . 2012-06-08 02:01   8797856              c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2007-08-14 00:54 . 2011-10-31 23:43   6076416              c:\windows\system32\ieframe.dll
+ 2007-02-12 22:10 . 2009-06-29 08:33   2452872              c:\windows\system32\ieapfltr.dat
+ 2010-05-02 05:22 . 2012-04-11 13:12   1862272              c:\windows\system32\dllcache\win32k.sys
+ 2007-08-14 00:54 . 2011-10-31 23:43   1168896              c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-12 05:56 . 2012-04-11 13:10   2192640              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-07-12 05:56 . 2012-04-11 12:35   2026496              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-04-11 12:35   2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-07-12 05:56 . 2012-04-11 13:14   2148352              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-14 00:54 . 2011-11-04 15:16   3616256              c:\windows\system32\dllcache\mshtml.dll
+ 2009-10-29 07:46 . 2011-10-31 23:43   6076416              c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33   2452872              c:\windows\system32\dllcache\ieapfltr.dat
+ 2005-09-23 12:28 . 2005-09-23 12:28   1306624              c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29   1140920              c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28   2035712              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   5316608              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   3018752              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   5050368              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   2878976              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   5615616              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   4308992              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28   1144832              c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2012-06-07 01:56 . 2012-06-07 01:56   1094656              c:\windows\Installer\dd083e.msi
+ 2012-06-08 01:13 . 2012-06-08 01:13   2109440              c:\windows\Installer\1d312a7.msi
+ 2011-11-01 18:34 . 2011-11-01 18:34   1552384              c:\windows\Installer\1b1cd2.msp
+ 2012-04-05 03:38 . 2012-04-05 03:38   2831360              c:\windows\Installer\1b1cca.msp
+ 2012-04-05 03:38 . 2012-04-05 03:38   3620864              c:\windows\Installer\1b1cc2.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34   2531840              c:\windows\Installer\1b1cba.msp
+ 2012-04-29 02:43 . 2012-04-29 02:43   8459264              c:\windows\Installer\1b1cb2.msp
+ 2011-08-17 14:49 . 2011-08-17 14:49   4683624              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-27 09:44 . 2011-07-27 09:44   1791824              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PPCNV.DLL
+ 2011-07-07 07:58 . 2011-07-07 07:58   1616240              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2010-07-12 05:56 . 2012-04-11 13:10   2192640              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-07-12 05:56 . 2012-04-11 12:35   2026496              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-04-11 12:35   2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-07-12 05:56 . 2012-04-11 13:14   2148352              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-06-08 01:14 . 2012-06-08 01:14   8093696              c:\windows\assembly\NativeImages_v2.0.50727_32\System\bb698d74b5ee804da5f6fbe80ea78f40\System.ni.dll
+ 2012-06-08 01:14 . 2012-06-08 01:14   5640192              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0163af88c5350f47b606ec98fceed54f\System.Xml.ni.dll
+ 2012-06-08 01:38 . 2012-06-08 01:38   1945600              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0b04cfd51007c949b4405851207c9e64\System.Web.Services.ni.dll
+ 2012-06-08 01:38 . 2012-06-08 01:38   2310144              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\b5c5dd070471374a882ecbe8deb982a5\System.Web.Mobile.ni.dll
+ 2012-06-08 01:14 . 2012-06-08 01:14   1626112              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\76f177188e32634a93a25fe1a7cb8da0\System.Drawing.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   1220608              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\34f1d0b5665c7e42842304d0fd35d133\System.DirectoryServices.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\35e342592f8a42449bbc2c7d7eeef9d5\System.Deployment.ni.dll
+ 2012-06-08 01:14 . 2012-06-08 01:14   6688768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\a4d50ff00c5d4d46b161bb1912deed72\System.Data.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   1724416              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\083aa6e6e308d943b5d71108e9ca9bf3\Microsoft.VisualBasic.ni.dll
+ 2012-06-08 01:37 . 2012-06-08 01:37   1691648              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\ba7b2e706947354e9d234e05f8fc451d\Microsoft.Build.Tasks.ni.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   3018752              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   2035712              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   5316608              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   5050368              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   5025792              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   2878976              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-08 01:12 . 2012-06-08 01:12   4308992              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-07-12 04:36 . 2012-04-27 01:08   55656824              c:\windows\system32\MRT.exe
+ 2005-09-23 12:48 . 2005-09-23 12:48   24863744              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2011-09-15 23:37 . 2011-09-15 23:37   38176256              c:\windows\Installer\16e3ec.msp
+ 2011-08-30 13:40 . 2011-08-30 13:40   15145832              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNV.EXE
+ 2012-06-08 01:14 . 2012-06-08 01:14   13107200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f8f88f5a3ad3844fa1b4e2e8fd40a883\System.Windows.Forms.ni.dll
+ 2012-06-08 01:38 . 2012-06-08 01:38   11808768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\c0360b6618e1274c87c95fa987d244f3\System.Web.ni.dll
+ 2012-06-08 01:15 . 2012-06-08 01:15   10723328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9b70f282eff5784cb07091e08227651b\System.Design.ni.dll
+ 2012-06-08 01:13 . 2012-06-08 01:13   11411456              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c4311129b73bd048993b6d2fe6a07797\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray"=c:\windows\system32\igfxtray.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/20/2011 4:48 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/19/2010 9:45 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/19/2010 9:45 PM 20568]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 11:47 AM 202048]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/23/2009 2:41 PM 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/7/2012 9:01 PM 257696]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2010 11:01 AM 18560]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2/8/2011 2:10 AM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/8/2011 2:10 AM 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/8/2011 2:10 AM 8320]
S3 pbfilter;pbfilter;\??\c:\program files\PeerBlock\pbfilter.sys --> c:\program files\PeerBlock\pbfilter.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ADOBEFLASHPLAYERUPDATESVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
TCP: DhcpNameServer = 75.105.128.61
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\upz37x4t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-08 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-08  19:19:30
ComboFix-quarantined-files.txt  2012-06-09 00:19
ComboFix2.txt  2012-06-06 22:02
.
Pre-Run: 16,794,451,968 bytes free
Post-Run: 16,815,112,192 bytes free
.
- - End Of File - - DEF0A890A9B1E043AF72630C7727E04B
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 09, 2012, 02:44:47 PM
Update:

Upon shutting down computer last night 2 Windows updates were installed:

2nd: Internet Explorer 8 for Windows XP
1st: Cumulative Security Update for Internet Explorer 7 for Wondows XP (KB2675157)

Was requested to install ActiveX again.

Checked Add/Remove Programs. IE8 is listed there. IE7 is not.

Computer seems to be functioning well.
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 09, 2012, 11:57:28 PM
Hi, Donna.  Now that Bryan's old desktop is back to working condition, please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).



I know you have his Windows Update setting to automatic.  The most serious issue is his use of uTorrent and the accompanying add-ons related to uTorrent.  This is my favoirte P2P lecture.  Feel free to share any part of it with Bryan that you feel is appropriate:

P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.


BTW, there was another Adobe Flash Player and Adobe ARM critical security update released yesterday.  Direct download links are available from my blog post at Adobe Flash Player Security Update (http://securitygarden.blogspot.com/2012/06/adobe-flash-player-security-update.html).
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 10, 2012, 12:22:29 AM
Hi Corrine,

ComboFix is uninstalled and I just cleared out the restore points and created a new one.

I'm going to send that P2P lecture to him in an email. He's away for training at the moment so he'll be tickled to get an email from me. As a joke, I'd like to create a batch file that pops up everytime he boots windows with a warning about installing P2P programs.  :grin:

I think a recent update did come out concerning Adobe. I'll check to make sure it is updated. Think I might just install Secunia. Isn't that the program that I see you recommend. I've recommended Update Checker but you have to manually initiate that program. Secunia runs in the background doesn't it?

Thank you so much for all your help. :)
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 10, 2012, 12:34:02 AM
The reason I recommend Secunia is that it advises of security updates and, as appropriate, flags older, vulnerable programs left behind (i.e. even if Java is updated, if there's a vulnerable version on the computer, it will flag that).  Other programs merely offer the updated software. 
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 10, 2012, 01:13:15 AM
Hm. So it just advises then. I'll install that so he can be warned when an update is needed.

Firefox is still at 3.6.28  :shock: Better update that to the latest version as well.

I did install Update Checker. It found 9 updates needed on his installed software.  :thud:
Title: Re: Windows XP Internet Security 2012
Post by: Corrine on June 10, 2012, 02:06:39 AM
When you send that e-mail to Bryan, tell him if he has installed uTorrent on his laptop, he is grounded!
Title: Re: Windows XP Internet Security 2012
Post by: DonnaB on June 10, 2012, 02:25:09 AM
I found that grounding doesn't hurt as badly as taking away the xBox. (snicker, snicker, snort, snicker) LOL!

Remember when I used the disks I created from the recovery partition manager to reinstall? I couldn't believe I eyes when I checked the Programs and Features. uTorrent was actually an pre-installed piece of software from the factory!! Does ASUS have stock in the malicious code writers or what?!?!?!?  :shock:
Text only | Text with Images