# AntiSpy Safeguard



## jdn (Dec 24, 2009)

I got conned into downloading Anti Spy Safeguard on my XP and then found out it is a scam. What is the best way to delete it from my computer?


----------



## mecury_2001 (May 17, 2004)

you can go here and watch this video..


----------



## jdn (Dec 24, 2009)

I followed the directions from the video and it seems to have worked. Thanks so much for the quick reply. I'm not going to close this until I'm sure there isn't any other problems


----------



## flavallee (May 12, 2002)

jdn said:


> I followed the directions from the video and it seems to have worked. Thanks so much for the quick reply. I'm not going to close this until I'm sure there isn't any other problems


Go here and click the green icon to download and save *HiJackThis 2.0.2*.

After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

Allow it to install in its default location.

After it's been installed, start it and then click "Do a system scan and save a log file".

When the scan is finished in less than 30 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the entire log file here.

-----------------------------------------------------------------


----------



## Phantom010 (Mar 9, 2009)

jdn said:


> I followed the directions from the video and it seems to have worked. Thanks so much for the quick reply. I'm not going to close this until I'm sure there isn't any other problems


I would be surprised if it were that simple.

Follow the instructions in post #4.


----------



## mecury_2001 (May 17, 2004)

Phantom010 said:


> I would be surprised if it were that simple.
> 
> Follow the instructions in post #4.


My Fault on that one, and your correct in stating that it's not that simple, having seen that video too good to be true.decided to check it out extensively it's pretty nasty...my bad on that advice,


----------



## jdn (Dec 24, 2009)

Here's the log file. So far, I haven't experienced any problems since I did the fix that Mercury recommended.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:12 AM, on 9/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

--
End of file - 7138 bytes


----------



## jdn (Dec 24, 2009)

Update

i analyzed the log file with logfileauswertung and the only
items which came up with an "x' were related to the ask toolbar. I removed the ask toolbar [i never use it] and reanalyzed. An 'x' came up referring to a file {ccc7a320.............}, but the file doesn't exist.


----------



## Phantom010 (Mar 9, 2009)

Your log might not be showing anything related to *AntiSpy Safeguard* but that doesn't mean your computer is clean yet. Unfortunately, HijackThis doesn't show everything.

I have requested that your thread be moved to the *Virus & Other Malware Removal* forum. Be sure to provide the appropriate reports in that forum after reading *THIS*. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!


----------



## Cookiegal (Aug 27, 2003)

mecury_2001 said:


> My Fault on that one, and your correct in stating that it's not that simple, having seen that video too good to be true.decided to check it out extensively it's pretty nasty...my bad on that advice,


Please refer to the rules concerning HijackThis log analysis and malware removal.

http://www.techguy.org/rules.html

*Log Analysis/Malware Removal* - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield







next to their name and authorized malware removal trainees have a blue shield next to their







next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.

Please refrain from replying to security related matters until you have presented evidence to one of the moderators or admins here that proves you to be qualified to do so. If you are not yet qualified and interested in being trained, we will be glad to help you get enrolled at one of the free online training facilities. Just PM me or one of the other moderators that work Security and we'll point you in the right direction.

***

Also, as you can see from the link below, there are new signature limitations now in place. This was announced back in June 2009 and a banner was placed up for a few days before the 30 day deadline to give people a chance to bring their signatures into compliance.

We chose not to wipe out all signatures but simply to address those that do not comply when we come across them or they are brought to our attention.

I just noticed that your doesn't comply so please take a minute to change it to fit the guidelines.

http://forums.techguy.org/announcements/834244-new-signature-limitations.html

Thanks for your understanding.


----------



## jdn (Dec 24, 2009)

UPDATE

I went to the site recommended by Phantom 010 and followed the directions outlined for submital of a thread. I was able to generate the hijack this. log, DDS.txt, and Attach.txt files. I downloaded the gmer.exe file and ran it. The first time I ran it I unchecked IAT/EAT and the run hung up at SYSEFA.sys. Message was that 'the system could not find the file spec!' . I had to shut down computer by turning power off. When I got up running again, I reran gmer.exe again with IAT/EAT checked this time. This run went further than the previous run but froze up at \device\00000064\. Again I had to power off to shut down computer. 
I noticed on the site that the NEW THREADS is closed. I'm hoping this is temporary. In the instructions, it says to shut down any CD Emulation Programs and any Script Blockers. I have no idea what either of these are and whether I have them on my computer. Any suggestions on getting the gmer program to run??? Any help on finding out if I have a CD Emulation Program or a Script Blocker???


----------



## Cookiegal (Aug 27, 2003)

If you don't know what an emulator is then you probably don't have one. As for script blockers, many anti-virus programs have them for security but usually you will get a prompt about it blocking something and then you would have the option to allow it.

Please post the logs you have and leave GMER for now.


----------



## jdn (Dec 24, 2009)

I closed two Norton programs and was able to run the gmer program and obtained the ark.txt file.

hijack this.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:18 AM, on 9/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

--
End of file - 6707 bytes

dds.txt

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Jack at 16:08:11.09 on Sat 09/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.67 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
svchost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jack\My Documents\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://comcast.net/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - d:\createacard\FMRMD32.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276602761203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jack\applic~1\mozilla\firefox\profiles\m6co0c4z.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-1-23 40560]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-13 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100917.001\IDSXpx86.sys [2010-9-18 331640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-13 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100918.003\NAVENG.SYS [2010-9-18 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100918.003\NAVEX15.SYS [2010-9-18 1362608]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys --> c:\windows\system32\drivers\ultradfg.sys [?]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 198248]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79464]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181864]
S4 gupdate1ca833a9bea4bcb;Google Update Service (gupdate1ca833a9bea4bcb);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 133104]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-1-12 822424]
S4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2010-09-16 13:47 76 a------- C:\fraglist.luar
2010-09-16 12:18 --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2010-09-16 12:09 --d----- c:\program files\Musicnotes
2010-09-11 17:10 --d----- C:\archive_db

==================== Find3M ====================

2010-08-17 09:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-08-12 14:29 2,772,992 a------- c:\windows\system32\GPhotos.scr
2010-07-22 11:49 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-07-22 01:57 5,120 a------- c:\windows\system32\xpsp4res.dll
2010-06-30 08:31 149,504 a------- c:\windows\system32\schannel.dll
2010-06-24 08:22 916,480 a------- c:\windows\system32\wininet.dll
2010-06-23 09:44 1,851,904 a------- c:\windows\system32\win32k.sys
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 16:09:20.67 ===============

I'll try to send the others in a new reply


----------



## jdn (Dec 24, 2009)

attach.txt file

cr
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/21/2009 11:27:11 PM
System Uptime: 9/18/2010 10:55:33 AM (6 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 49 GiB total, 36.551 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 18.246 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 466 GiB total, 358.576 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP60: 8/3/2010 9:12:31 AM - System Checkpoint
RP61: 8/3/2010 9:12:31 AM - System Checkpoint
RP62: 8/3/2010 9:12:31 AM - System Checkpoint
RP63: 8/3/2010 9:12:31 AM - Software Distribution Service 3.0
RP64: 8/3/2010 9:12:31 AM - Software Distribution Service 3.0
RP65: 8/3/2010 9:12:31 AM - Software Distribution Service 3.0
RP66: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP67: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP68: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP69: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP70: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP71: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP72: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP73: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP74: 8/3/2010 9:12:30 AM - Software Distribution Service 3.0
RP75: 6/14/2010 9:36:43 AM - Restore Operation
RP76: 8/3/2010 9:12:29 AM - Software Distribution Service 3.0
RP77: 8/3/2010 9:12:29 AM - Software Distribution Service 3.0
RP78: 8/3/2010 9:12:29 AM - Software Distribution Service 3.0
RP79: 8/3/2010 9:12:29 AM - Software Distribution Service 3.0
RP80: 8/3/2010 9:12:29 AM - System Checkpoint
RP81: 8/3/2010 9:12:29 AM - Removed QuickTime
RP82: 6/18/2010 5:10:12 PM - Restore Operation
RP83: 8/3/2010 9:12:29 AM - System Checkpoint
RP84: 8/3/2010 9:12:29 AM - System Checkpoint
RP85: 8/3/2010 9:12:28 AM - System Checkpoint
RP86: 8/3/2010 9:12:28 AM - Software Distribution Service 3.0
RP87: 8/3/2010 9:12:28 AM - Software Distribution Service 3.0
RP88: 8/3/2010 9:12:28 AM - Software Distribution Service 3.0
RP89: 8/3/2010 9:12:28 AM - Software Distribution Service 3.0
RP90: 8/3/2010 9:12:28 AM - Software Distribution Service 3.0
RP91: 8/3/2010 9:12:28 AM - System Checkpoint
RP92: 8/3/2010 9:12:28 AM - System Checkpoint
RP93: 8/3/2010 9:12:27 AM - System Checkpoint
RP94: 8/3/2010 9:12:27 AM - System Checkpoint
RP95: 8/3/2010 9:12:27 AM - System Checkpoint
RP96: 8/3/2010 9:12:27 AM - System Checkpoint
RP97: 8/3/2010 9:12:27 AM - System Checkpoint
RP98: 8/3/2010 9:12:27 AM - System Checkpoint
RP99: 8/3/2010 9:12:27 AM - System Checkpoint
RP100: 8/3/2010 9:12:27 AM - System Checkpoint
RP101: 8/3/2010 9:12:27 AM - System Checkpoint
RP102: 8/3/2010 9:12:27 AM - System Checkpoint
RP103: 8/3/2010 9:12:26 AM - Software Distribution Service 3.0
RP104: 8/3/2010 9:12:26 AM - System Checkpoint
RP105: 8/3/2010 9:12:26 AM - System Checkpoint
RP106: 8/3/2010 9:12:26 AM - System Checkpoint
RP107: 8/3/2010 9:12:26 AM - System Checkpoint
RP108: 8/3/2010 9:12:26 AM - System Checkpoint
RP109: 8/3/2010 9:12:26 AM - System Checkpoint
RP110: 8/3/2010 9:12:25 AM - Software Distribution Service 3.0
RP111: 8/3/2010 9:12:25 AM - Removed OpenOffice.org 3.2
RP112: 8/3/2010 9:12:25 AM - Installed OpenOffice.org 3.2
RP113: 8/3/2010 9:12:25 AM - System Checkpoint
RP114: 8/3/2010 9:12:25 AM - System Checkpoint
RP115: 8/3/2010 9:12:25 AM - System Checkpoint
RP116: 8/3/2010 9:12:25 AM - System Checkpoint
RP117: 8/3/2010 9:12:24 AM - System Checkpoint
RP118: 8/3/2010 9:12:24 AM - System Checkpoint
RP119: 8/3/2010 9:12:24 AM - System Checkpoint
RP120: 8/3/2010 9:12:24 AM - System Checkpoint
RP121: 8/3/2010 9:12:24 AM - System Checkpoint
RP122: 8/3/2010 7:36:49 AM - Software Distribution Service 3.0
RP123: 8/4/2010 7:38:43 AM - Software Distribution Service 3.0
RP124: 8/5/2010 10:55:24 AM - System Checkpoint
RP125: 8/6/2010 11:26:58 AM - System Checkpoint
RP126: 8/7/2010 8:51:35 PM - System Checkpoint
RP127: 8/9/2010 7:36:24 AM - System Checkpoint
RP128: 8/10/2010 9:32:30 AM - System Checkpoint
RP129: 8/11/2010 12:32:53 PM - System Checkpoint
RP130: 8/12/2010 10:09:14 AM - Software Distribution Service 3.0
RP131: 8/13/2010 10:37:15 AM - System Checkpoint
RP132: 8/14/2010 12:28:05 PM - System Checkpoint
RP133: 8/17/2010 9:09:11 AM - System Checkpoint
RP134: 8/19/2010 3:06:00 PM - System Checkpoint
RP135: 8/20/2010 4:18:55 PM - System Checkpoint
RP136: 8/22/2010 12:22:24 PM - System Checkpoint
RP137: 8/23/2010 1:50:32 PM - System Checkpoint
RP138: 8/24/2010 4:37:14 PM - System Checkpoint
RP139: 8/26/2010 9:37:10 AM - System Checkpoint
RP140: 8/26/2010 3:44:31 PM - Software Distribution Service 3.0
RP141: 8/28/2010 9:35:38 AM - System Checkpoint
RP142: 8/30/2010 10:08:23 AM - System Checkpoint
RP143: 8/31/2010 3:34:56 PM - System Checkpoint
RP144: 9/1/2010 10:43:58 PM - System Checkpoint
RP145: 9/3/2010 10:02:07 AM - System Checkpoint
RP146: 9/4/2010 6:22:15 PM - System Checkpoint
RP147: 9/5/2010 7:16:24 PM - System Checkpoint
RP148: 9/7/2010 11:20:05 AM - System Checkpoint
RP149: 9/8/2010 12:45:17 PM - System Checkpoint
RP150: 9/9/2010 1:02:39 PM - System Checkpoint
RP151: 9/10/2010 1:20:46 PM - System Checkpoint
RP152: 9/12/2010 8:45:41 AM - System Checkpoint
RP153: 9/13/2010 11:54:41 AM - System Checkpoint
RP154: 9/14/2010 2:31:37 PM - System Checkpoint
RP155: 9/15/2010 7:26:38 AM - Software Distribution Service 3.0
RP156: 9/16/2010 3:20:52 PM - System Checkpoint
RP157: 9/16/2010 8:33:56 PM - Software Distribution Service 3.0
RP158: 9/17/2010 1:36:33 AM - Restore Operation
RP159: 9/18/2010 10:13:08 AM - Removed Ask Toolbar.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Agent Ransack Version 1.7.3
Apple Application Support
Apple Software Update
Audacity 1.2.6
AutoStreamer
Belarc Advisor 7.2
CA Pest Patrol Realtime Protection
CA Yahoo! Anti-Spy (remove only)
CCleaner
Conexant D850 56K V.9x DFVc Modem
CreataCard Special Edition - Epson 2
Defraggler
Dell Resource CD
EasyCleaner
eBay Icon
Eusing Free Registry Cleaner
exPressit S.E. 2.2
FormatFactory 2.20
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 18
LAME v3.98.2 for Audacity
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Software Suite 1.5.1
NCH Toolbox
Nero 6
Nero Digital
Norton Ghost 10.0
Norton Security Suite
OLYMPUS CAMEDIA Master 4.1
OpenOffice.org 3.2
Paragon Backup & Recovery™ 10.1 Free Edition
pdfFactory
Picasa 3
RegDefense
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
Sony Picture Utility
Sony USB Driver
SUPER © Version 2010.bld.37 (Jan 2, 2010)
SupportSoft Assisted Service
The Print Shop 12
THE Rename 2.1.6
Tweak UI
Ulead iPhoto Plus 4.0
Ultra Defragmenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
VideoPad Video Editor
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/16/2010 7:38:04 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Symantec Core LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}
9/16/2010 2:32:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
9/13/2010 10:41:00 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1ca833a9bea4bcb with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

==== End Of File ===========================


----------



## jdn (Dec 24, 2009)

I have tried twice to send the ask.txt file. It is a *huge* file. Both times I got a 503 Server Error. If this is too large to send, could it be sent in smaller segments??


----------



## Cookiegal (Aug 27, 2003)

The site is experiencing sporadic problems that generate 503 errors so it may not be related but if the size exceeds what's allowed the attachment manager will give you an error message to that affect.

In any event, please try again and if you have the same problem, please zip the file and then try to attach it.


----------



## jdn (Dec 24, 2009)

Trying to attach zip file of ark.txt as an attachment


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.

*Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.*


----------



## jdn (Dec 24, 2009)

I ran the puppy.exe program, but I didn't have the internet active. I reran the highjack this program. the log for each follows. If you prefer, I will rerun these two programs with the internet open and resubmit the results. Let me know which is best for you. Thank you Jack

ComboFix 10-09-20.02 - Jack 09/20/2010 19:30:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.271 [GMT -4:00]
Running from: c:\documents and settings\Jack\Desktop\puppy.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\Jack\Application Data\Desktopicon
c:\documents and settings\Jack\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Jack\Application Data\Desktopicon\uninst.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-16 16:18 . 2010-09-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-09-16 16:09 . 2010-09-16 16:10 -------- d-----w- c:\program files\Musicnotes
2010-09-14 18:41 . 2010-08-30 18:34 1496064 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-14 18:41 . 2010-08-30 18:33 43008 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-14 18:41 . 2010-08-30 18:33 338944 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-14 18:41 . 2010-08-30 18:33 346112 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-11 21:10 . 2010-09-11 21:10 -------- d-----w- C:\archive_db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 19:09 . 2009-12-22 21:47 1 ----a-w- c:\documents and settings\Jack\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-17 22:33 . 2009-12-22 18:54 -------- d-----w- c:\program files\Google
2010-09-16 23:58 . 2009-12-22 13:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-16 16:10 . 2009-12-22 07:38 110176 ----a-w- c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-10 11:10 . 2009-12-22 07:26 -------- d-----w- c:\program files\CCleaner
2010-09-04 11:35 . 2009-12-22 18:54 -------- d-----w- c:\program files\Picasa3
2010-09-03 18:42 . 2009-12-22 18:34 -------- d-----w- c:\program files\exPressit S.E. 2.2
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 18:29 . 2010-08-12 18:29 2772992 ----a-w- c:\windows\system32\GPhotos.scr
2010-08-03 13:32 . 2010-01-31 10:27 -------- d-----w- c:\program files\Defraggler
2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-12-22 05:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 12:02 . 2010-06-23 12:02 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb3.tmp.exe
2006-05-03 10:06 . 2010-03-09 22:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-09 22:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-09 22:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-12-22 12479664]
Shortcut to FMRMD32.EXE.lnk - d:\createacard\FMRMD32.EXE [2009-12-22 55296]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Epson.lnk]
backup=c:\windows\pss\Epson.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-06-17 17:48 1587672 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 18:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-14 03:31 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-09-12 14:00 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-09-15 19:27 2048000 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
2009-12-15 18:52 614400 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDFNSAgent]
2009-11-18 18:32 211568 ----a-w- c:\program files\RegDefense\RDFNSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDFNSListener]
2009-11-18 18:32 106608 ----a-w- c:\program files\RegDefense\RDFNSListener.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2005-08-30 22:30 145104 ----a-w- d:\card factory\ReminderApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"AntiSpywareService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1ca833a9bea4bcb"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Norton Ghost"=2 (0x2)
"N360"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [1/23/2010 10:20 AM 40560]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/13/2010 9:47 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/13/2010 9:47 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/13/2010 9:47 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100917.001\IDSXpx86.sys [9/18/2010 9:37 AM 331640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 2:24 AM 102448]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 6:40 AM 80256]
S3 ultradfg;ultradfg;c:\windows\system32\DRIVERS\ultradfg.sys --> c:\windows\system32\DRIVERS\ultradfg.sys [?]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
S4 gupdate1ca833a9bea4bcb;Google Update Service (gupdate1ca833a9bea4bcb);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 3:11 PM 133104]
S4 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/13/2010 9:46 AM 117640]
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 19:11]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 19:11]

2010-09-18 c:\windows\Tasks\Paragon Archive name arc_020410111646140.job
- c:\program files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-01-15 17:21]

2010-09-11 c:\windows\Tasks\Paragon Archive name arc_020410113515890.job
- c:\program files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-01-15 17:21]

2010-07-21 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-06-03 14:03]

2010-05-09 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-02-24 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-BroadCam - c:\program files\NCH Software\BroadCam\broadcam.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-eBay Icon - c:\documents and settings\Jack\Application Data\Desktopicon\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 19:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2010-09-20 19:39:34
ComboFix-quarantined-files.txt 2010-09-20 23:39

Pre-Run: 39,111,290,880 bytes free
Post-Run: 39,243,681,792 bytes free

- - End Of File - - 954723CC7089721CD5D7D14DEF64EAD9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:36 PM, on 9/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5858 bytes


----------



## Cookiegal (Aug 27, 2003)

Please run ComboFix again with an Internet connection. It's important that the Recovery Consolde gets installed.


----------



## jdn (Dec 24, 2009)

Sorry for the delay in responding. I tried running Combofix with both Internet Explorer and Mozilla Foxfire open. I get a warning message that combofix detects that Norton Security suite antivirus program is active and that it will may interfere with combofix or even cause damage to my computer. I can't understand why this Norton Security Suite warning did not occur when I initially ran this program yesterday. I have turned off [unchecked] *ALL* items under both Startup and Services in msconfig. I also have turned of my windows firewall. I still get the same message. The message further states that the program can be ran at risk. *Should I run the program??????* I reran Highjack This and noticed there are two references to the Norton Program in 02 items. Log file is included below. In reading the directions for Combofix, they give a method for manually installing the recovery Console. Should I do try doing this installation???? 
I will await your reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:40 PM, on 9/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5417 bytes


----------



## Cookiegal (Aug 27, 2003)

Did you try closing Norton down completely?


----------



## jdn (Dec 24, 2009)

I finally was able to get Norton shut down. I ran Combofix with the Internet open and got a message that the Recovery Console was successfully installed. The program finished and the Combofix log file along with a new Highjack This log file is shown below. The one thing that concerns me is that when I rebooted, the option to boot with the Recovery Console did not appear. The instructions said that during booting an option would be avaiolable. Is there any way to verify that the recovery console has been installed??

ComboFix 10-09-21.01 - Jack 09/21/2010 17:12:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.170 [GMT -4:00]
Running from: c:\documents and settings\Jack\Desktop\puppy.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-16 16:18 . 2010-09-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-09-16 16:09 . 2010-09-16 16:10 -------- d-----w- c:\program files\Musicnotes
2010-09-14 18:41 . 2010-08-30 18:34 1496064 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-14 18:41 . 2010-08-30 18:33 43008 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-14 18:41 . 2010-08-30 18:33 338944 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-14 18:41 . 2010-08-30 18:33 346112 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-11 21:10 . 2010-09-11 21:10 -------- d-----w- C:\archive_db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 13:03 . 2009-12-22 21:47 1 ----a-w- c:\documents and settings\Jack\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-21 09:54 . 2009-12-27 13:19 -------- d-----w- c:\program files\THE Rename
2010-09-17 22:33 . 2009-12-22 18:54 -------- d-----w- c:\program files\Google
2010-09-16 23:58 . 2009-12-22 13:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-16 16:10 . 2009-12-22 07:38 110176 ----a-w- c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-10 11:10 . 2009-12-22 07:26 -------- d-----w- c:\program files\CCleaner
2010-09-04 11:35 . 2009-12-22 18:54 -------- d-----w- c:\program files\Picasa3
2010-09-03 18:42 . 2009-12-22 18:34 -------- d-----w- c:\program files\exPressit S.E. 2.2
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 18:29 . 2010-08-12 18:29 2772992 ----a-w- c:\windows\system32\GPhotos.scr
2010-08-03 13:32 . 2010-01-31 10:27 -------- d-----w- c:\program files\Defraggler
2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-12-22 05:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2006-05-03 10:06 . 2010-03-09 22:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-09 22:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-09 22:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( [email protected]_23.36.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-21 20:59 . 2010-09-21 20:59 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mozilla Thunderbird.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
backup=c:\windows\pss\Mozilla Thunderbird.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to FMRMD32.EXE.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to FMRMD32.EXE.lnk
backup=c:\windows\pss\Shortcut to FMRMD32.EXE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Epson.lnk]
backup=c:\windows\pss\Epson.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-06-17 17:48 1587672 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 18:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-14 03:31 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-09-12 14:00 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-09-15 19:27 2048000 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
2009-12-15 18:52 614400 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDFNSAgent]
2009-11-18 18:32 211568 ----a-w- c:\program files\RegDefense\RDFNSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDFNSListener]
2009-11-18 18:32 106608 ----a-w- c:\program files\RegDefense\RDFNSListener.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2005-08-30 22:30 145104 ----a-w- d:\card factory\ReminderApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"AntiSpywareService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1ca833a9bea4bcb"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Norton Ghost"=2 (0x2)
"GEARSecurity"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [1/23/2010 10:20 AM 40560]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/13/2010 9:47 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/13/2010 9:47 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/13/2010 9:47 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100920.001\IDSXpx86.sys [9/21/2010 6:47 AM 331640]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/13/2010 9:46 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 2:24 AM 102448]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 6:40 AM 80256]
S3 ultradfg;ultradfg;c:\windows\system32\DRIVERS\ultradfg.sys --> c:\windows\system32\DRIVERS\ultradfg.sys [?]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
S4 gupdate1ca833a9bea4bcb;Google Update Service (gupdate1ca833a9bea4bcb);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 3:11 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 19:11]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 19:11]

2010-09-18 c:\windows\Tasks\Paragon Archive name arc_020410111646140.job
- c:\program files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-01-15 17:21]

2010-09-11 c:\windows\Tasks\Paragon Archive name arc_020410113515890.job
- c:\program files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-01-15 17:21]

2010-07-21 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-06-03 14:03]

2010-09-21 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-02-24 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 17:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-21 17:21:10
ComboFix-quarantined-files.txt 2010-09-21 21:21

Pre-Run: 39,151,017,984 bytes free
Post-Run: 39,142,154,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 418F205D229801CBEC3BDD5E8CD98B3D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:19 PM, on 9/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

--
End of file - 5317 bytes


----------



## jdn (Dec 24, 2009)

UPDATE

I reran combofix program and it ran without a hitch, so I assume that the Recovery Console was successfully installed. During booting, a screen appears for a less than a second but the time is so short I can't even read the screen. I'm guessing this may be the option screen for running in Recovery Console mode??????


----------



## jdn (Dec 24, 2009)

update 2

Each time I rebooted the computer, the screen mentioned above appeared a little longer. It is the Recovery Console Option screen, but it is present for only one second. I'm guessing I might be able to get into the Recovery Console mode if I hit the UP arrow when the screen first appears.


----------



## jdn (Dec 24, 2009)

UPDATE 3

I was able to freeze the option screen by using the up arrow . The screen consists of these three lines of test.

MS Windows Recovery Console
do not select this [ debugger enabled ]
Windows XP Media Center Edition

I can highlight each line using the UP & DOWN arrows. Does the second line refer to the first line [MS Windows Recovery Console ] or is it a separate boot option ??? i.e. Is it safe to boot with the MS Windows Recovery Console mode ?????


----------



## Cookiegal (Aug 27, 2003)

jdn said:


> UPDATE 3
> 
> I was able to freeze the option screen by using the up arrow . The screen consists of these three lines of test.
> 
> ...


The second line is separate. The first line is the recovery console. It's safe to boot to it but you need to know what you're doing. It's good to have it installed and much can be done with it to recover the system in the case of a crash. The last one is the operating system that you want to boot to.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## jdn (Dec 24, 2009)

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Agent Ransack Version 1.7.3
Apple Application Support
Apple Software Update
Audacity 1.2.6
AutoStreamer
Belarc Advisor 7.2
CA Pest Patrol Realtime Protection
CA Yahoo! Anti-Spy (remove only)
CCleaner
Conexant D850 56K V.9x DFVc Modem
CreataCard Special Edition - Epson 2
Defraggler
Dell Resource CD
EasyCleaner
Eusing Free Registry Cleaner
exPressit S.E. 2.2
FormatFactory 2.20
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
Java(TM) 6 Update 18
LAME v3.98.2 for Audacity
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Software Suite 1.5.1
NCH Toolbox
Nero 6
Nero Digital
Norton Ghost 10.0
Norton Security Suite
OLYMPUS CAMEDIA Master 4.1
OpenOffice.org 3.2
Paragon Backup & Recovery&#8482; 10.1 Free Edition
pdfFactory
Picasa 3
RegDefense
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
Sony Picture Utility
Sony USB Driver
SUPER © Version 2010.bld.37 (Jan 2, 2010)
SupportSoft Assisted Service
The Print Shop 12
THE Rename 2.1.6
Tweak UI
Ulead iPhoto Plus 4.0
Ultra Defragmenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
VideoPad Video Editor
WavePad Sound Editor
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar


----------



## Cookiegal (Aug 27, 2003)

Uninstall RegDefense via the Control Panel - Add or Remove programs because it's a rogue program.

I also recommend uninstalling Eusing Free Registry Cleaner because I don't recommend running any registry cleaners. They often cause more harm than good and it's not necessary to clean the registry.

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

Then reboot and post a new HijackThis log please.

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 21 *.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 21 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.


----------



## jdn (Dec 24, 2009)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:51 PM, on 9/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

--
End of file - 5436 bytes


----------



## jdn (Dec 24, 2009)

Update

I removed the registry cleaner programs that you specified. I was able to find the Java program you referred to [jdk-6u21-windows-1586i.exe], but could find no link to Windows Offline Installation. I was able to download it to my desk top. In my Add or Remove folder there is only one Java program JAVA [TM] 6 Update 18 I do not plan on any action in regards to the Java update until I hear from you.


----------



## jdn (Dec 24, 2009)

Update on Java

I was able to find a site to download Java using Windows Offline Installation. The file I downloaded was about 16 K compared with the 78 K file I previously downloaded. I deleted the old Java program and installed the new one as per your instructions.


----------



## Cookiegal (Aug 27, 2003)

The instructions for Java were to install the *jre*-6u21-windows-i586.exe not "*jdk*" which is for developers so I think you may have installed the incorrect one.

Please post a new HijackThis uninstall list so I can see which is installed.


----------



## jdn (Dec 24, 2009)

I apologize for typing in the wrong program in one of my entries. The program I ran was *jre-6u21-windows-i586-s.exe.* Attached is the uninstalled list which I hope verifies I have the right program installed.

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Agent Ransack Version 1.7.3
Apple Application Support
Apple Software Update
Audacity 1.2.6
AutoStreamer
Belarc Advisor 7.2
CA Pest Patrol Realtime Protection
CA Yahoo! Anti-Spy (remove only)
CCleaner
Conexant D850 56K V.9x DFVc Modem
CreataCard Special Edition - Epson 2
Defraggler
Dell Resource CD
EasyCleaner
exPressit S.E. 2.2
FormatFactory 2.20
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
*Java(TM) 6 Update 21*
LAME v3.98.2 for Audacity
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Software Suite 1.5.1
NCH Toolbox
Nero 6
Nero Digital
Norton Ghost 10.0
Norton Security Suite
OLYMPUS CAMEDIA Master 4.1
OpenOffice.org 3.2
Paragon Backup & Recovery™ 10.1 Free Edition
pdfFactory
Picasa 3
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
Sony Picture Utility
Sony USB Driver
SUPER © Version 2010.bld.37 (Jan 2, 2010)
SupportSoft Assisted Service
The Print Shop 12
THE Rename 2.1.6
Tweak UI
Ulead iPhoto Plus 4.0
Ultra Defragmenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
VideoPad Video Editor
WavePad Sound Editor
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar


----------



## Cookiegal (Aug 27, 2003)

Yes, it's the correct version.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## jdn (Dec 24, 2009)

Attached is said file


----------



## jdn (Dec 24, 2009)

After sending you the ots.txt file in my last thread, I noticed that it had been generated with all the items having the *Safe* box checked. I reran the program with the *All* box checked for each item and the resulting file was too big to attach. I zipped it and am attaching it to this submittall.


----------



## Cookiegal (Aug 27, 2003)

Why do you still have some AVG entries that are just disabled? Didn't you uninstall AVG when you installed Norton?

Also, why do you have Comcast's AntiSpywareService disabled?


----------



## Cookiegal (Aug 27, 2003)

With regards to ask.com, please take a look at the following links and then you can decide whether or not you want to keep it:

http://www.mywot.com/en/scorecard/ask.com
http://www.siteadvisor.com/sites/ask.com/msgpage
http://www.systemlookup.com/CLSID/56968-GenericAskToolbar_dll_GENERI_1_DLL.html

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Unregister Dlls]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> KernelFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> pdfFactory Dispatcher v3 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> RDFNSAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\RegDefense\RDFNSAgent.exe
YN -> RDFNSListener hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\RegDefense\RDFNSListener.exe
[Files/Folders - Created Within 30 Days]
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## jdn (Dec 24, 2009)

I reactivated the comcast antispy service and the Gear security. I had shut them down when I was trying to get the Combofix program to run.

I did remove The AVG program when I installed Norton. It no longer is in my Add or Remove listing and I assumed it was removed. I have no idea how to remove the entries you mentioned. I did a file search for AVG and came up with nothing.

I had removed the ask program before and somehow it reinstalled itself. I will read the items you referenced and most likely remove it again.

OTS FILE

All Processes Killed
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pdfFactory Dispatcher v3 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RDFNSAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RDFNSListener hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
File delete failed. C:\WINDOWS\Temp\JETA7E8.tmp scheduled to be deleted on reboot.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jack
->Temp folder emptied: 2630367 bytes
->Temporary Internet Files folder emptied: 1622264 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37399929 bytes
->Flash cache emptied: 1730 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34583 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 636589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 31499503 bytes

Total Files Cleaned = 70.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.38.1 fix logfile created on 09262010_183622

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\Temp\JETA7E8.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7e4.dat not found!

Registry entries deleted on Reboot...

Highjack This file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:24 PM, on 9/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

--
End of file - 6245 bytes


----------



## jdn (Dec 24, 2009)

update

I uninstalled ask.com


----------



## Cookiegal (Aug 27, 2003)

jdn said:


> update
> 
> I uninstalled ask.com


Then please post a new HijackThis log so I can see if it was removed.


----------



## jdn (Dec 24, 2009)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:02 PM, on 9/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

--
End of file - 5712 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14597&l=dis

Then please run a new OTS scan (just the first one which is shorter, not the one you zipped the last time) and post the log.


----------



## jdn (Dec 24, 2009)

I evidently sent you the wrong Highjack file after I removed ask. This is the latest one and the item you asked me to remove is not there.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:13 PM, on 9/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

--
End of file - 5912 bytes

I ran the OTS program with Disable MS Config Items and Event Viewer Logs checked under Additional Scans


```
OTS logfile created on: 9/28/2010 6:56:24 PM - Run 7
OTS by OldTimer - Version 3.1.38.1     Folder = C:\Documents and Settings\Jack\Desktop\New Folder
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
502.00 Mb Total Physical Memory | 74.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 756 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 38.78 Gb Free Space | 79.41% Space Free | Partition Type: NTFS
Drive D: | 20.99 Gb Total Space | 18.25 Gb Free Space | 86.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 363.13 Gb Free Space | 77.96% Space Free | Partition Type: NTFS
 
Computer Name: JOHN
Current User Name: Jack
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Jack\Desktop\New Folder\OTS.exe -> [2010/09/25 17:54:59 | 000,641,536 | ---- | M] (OldTimer Tools)
thunderbird.exe -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe -> [2010/09/16 19:57:18 | 012,479,664 | ---- | M] (Mozilla Messaging)
plugin-container.exe -> C:\Program Files\Mozilla Firefox\plugin-container.exe -> [2010/09/16 14:27:50 | 000,014,808 | ---- | M] (Mozilla Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/09/16 14:27:46 | 000,910,296 | ---- | M] (Mozilla Corporation)
googlecrashhandler.exe -> C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe -> [2010/06/15 23:25:40 | 000,134,808 | ---- | M] (Google Inc.)
ccsvchst.exe -> C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -> [2010/03/13 07:40:32 | 000,117,640 | R--- | M] (Symantec Corporation)
comcastantispyservice.exe -> C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 13:49:44 | 000,616,408 | ---- | M] ()
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
gearsec.exe -> C:\WINDOWS\system32\gearsec.exe -> [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Jack\Desktop\New Folder\OTS.exe -> [2010/09/25 17:54:59 | 000,641,536 | ---- | M] (OldTimer Tools)
asoehook.dll -> C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll -> [2010/03/13 07:40:22 | 000,419,696 | R--- | M] (Symantec Corporation)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(N360) Norton Security Suite [Auto | Running] -> C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -> [2010/03/13 07:40:32 | 000,117,640 | R--- | M] (Symantec Corporation)
(Symantec Core LC) Symantec Core LC [Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2010/01/12 10:36:10 | 000,822,424 | ---- | M] (Symantec Corporation)
(AntiSpywareService) Comcast AntiSpyware [Auto | Running] -> C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 13:49:44 | 000,616,408 | ---- | M] ()
(YahooAUService) Yahoo! Updater [Disabled | Stopped] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Disabled | Stopped] -> C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -> [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.)
(Norton Ghost) Norton Ghost [Disabled | Stopped] -> C:\Program Files\Norton Ghost\Agent\VProSvc.exe -> [2007/04/10 13:01:16 | 002,066,024 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2007/01/09 18:32:04 | 000,181,864 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2007/01/09 18:32:04 | 000,079,464 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2007/01/09 18:32:02 | 000,198,248 | ---- | M] (Symantec Corporation)
(GEARSecurity) GEARSecurity [Auto | Running] -> C:\WINDOWS\system32\gearsec.exe -> [2005/09/09 20:09:10 | 000,053,248 | ---- | M] (GEAR Software)
 
[Driver Services - Safe List]
(ultradfg) ultradfg [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\ultradfg.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\Jack\LOCALS~1\Temp\catchme.sys -> File not found
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100928.003\NAVEX15.SYS -> [2010/07/13 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100928.003\NAVENG.SYS -> [2010/07/13 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation)
(IDSxpx86) IDSxpx86 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100927.001\IDSXpx86.sys -> [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2010/03/13 07:40:46 | 000,124,976 | ---- | M] (Symantec Corporation)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -> [2010/03/13 07:40:35 | 000,310,320 | ---- | M] (Symantec Corporation)
(SRTSP) Symantec Real Time Storage Protection [File_System | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -> [2010/03/13 07:40:35 | 000,308,272 | ---- | M] (Symantec Corporation)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -> [2010/03/13 07:40:35 | 000,217,136 | ---- | M] (Symantec Corporation)
(SYMFW) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -> [2010/03/13 07:40:35 | 000,089,904 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -> [2010/03/13 07:40:35 | 000,043,696 | ---- | M] (Symantec Corporation)
(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SymIM.sys -> [2010/03/13 07:40:35 | 000,036,400 | R--- | M] (Symantec Corporation)
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SymIM.sys -> [2010/03/13 07:40:35 | 000,036,400 | R--- | M] (Symantec Corporation)
(SYMNDIS) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -> [2010/03/13 07:40:35 | 000,036,400 | ---- | M] (Symantec Corporation)
(SYMIDS) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -> [2010/03/13 07:40:35 | 000,033,072 | ---- | M] (Symantec Corporation)
(ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -> [2010/03/13 07:40:34 | 000,482,432 | ---- | M] (Symantec Corporation)
(BHDrvx86) Symantec Heuristics Driver [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -> [2010/03/13 07:40:34 | 000,259,632 | ---- | M] (Symantec Corporation)
(symlcbrd) symlcbrd [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2010/01/26 17:35:20 | 000,004,608 | ---- | M] (Symantec Corporation)
(Uim_IM) UIM Drive Backup Image Plugin [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Uim_IM.sys -> [2010/01/15 13:21:16 | 000,385,544 | ---- | M] (Paragon)
(hotcore3) hc3ServiceName [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\hotcore3.sys -> [2010/01/15 13:21:16 | 000,040,560 | ---- | M] (Paragon Software Group)
(UimBus) Universal Image Mounter Controller [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\UimBus.sys -> [2010/01/15 13:21:16 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider)
(NmPar) PCI Parallel Port [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NmPar.sys -> [2008/12/24 06:40:12 | 000,080,256 | ---- | M] (Windows (R) 2000 DDK provider)
(mf) mf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mf.sys -> [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(DLADResM) DLADResM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLADResM.SYS -> [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio)
(DLABMFSM) DLABMFSM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLABMFSM.SYS -> [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -> [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -> [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -> [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLABOIOM.SYS -> [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAPoolM.SYS -> [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -> [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions)
(DLARTL_M) DLARTL_M [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_M.SYS -> [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio)
(DLACDBHM) DLACDBHM [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -> [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio)
(SymSnap) SymSnap [File_System | Boot | Running] -> C:\WINDOWS\System32\drivers\SymSnap.sys -> [2007/04/10 13:00:54 | 000,146,912 | ---- | M] (StorageCraft)
(V2IMount) V2IMount [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\V2iMount.sys -> [2007/04/10 13:00:52 | 000,056,192 | ---- | M] (Symantec Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2005/04/07 17:18:34 | 000,003,840 | ---- | M] ()
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> F0 A4 14 6E FB 5E CB 01  [binary data] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jack\Application Data\Mozilla\FireFox\Profiles\m6co0c4z.default\prefs.js -> 
browser.search.defaultengine -> "Ask.com" ->
browser.search.defaultenginename -> "Ask.com" ->
browser.search.order.1 -> "Ask.com" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
extensions.enabledItems -> [email protected]:1.0.6 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\] -> [2010/04/26 07:51:56 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/09/28 06:23:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/09/24 08:15:00 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/09/16 19:57:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Jack\Application Data\Mozilla\Extensions -> [2010/01/14 09:09:05 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jack\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/01/14 09:09:05 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions -> [2010/09/27 23:46:35 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/04/29 07:21:02 | 000,000,000 | ---D | M]
Google Toolbar for Firefox   -> C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2010/09/14 14:41:03 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/08/21 12:57:01 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\[email protected] -> [2010/01/19 10:07:11 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/09/28 08:13:20 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/09/24 08:15:05 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/09/20 19:36:13 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/09/19 21:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll [Symantec NCO BHO] -> [2010/03/13 07:40:25 | 000,378,736 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll [Symantec Intrusion Prevention] -> [2010/03/13 07:40:28 | 000,107,896 | R--- | M] (Symantec Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/13 23:30:40 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010/06/03 10:07:47 | 000,814,648 | ---- | M] (Google Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/09/19 21:26:34 | 000,158,008 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 23:30:40 | 000,278,192 | ---- | M] (Google Inc.)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll [Norton Toolbar] -> [2010/03/13 07:40:25 | 000,378,736 | R--- | M] (Symantec Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/09/19 21:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 23:30:40 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll [Norton Toolbar] -> [2010/03/13 07:40:25 | 000,378,736 | R--- | M] (Symantec Corporation)
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/09/19 21:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2007/01/09 18:32:02 | 000,058,984 | ---- | M] (Symantec Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe -> [2010/09/16 19:57:18 | 012,479,664 | ---- | M] (Mozilla Messaging)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to FMRMD32.EXE.lnk -> D:\Createacard\FMRMD32.EXE -> [1997/09/08 03:00:00 | 000,055,296 | ---- | M] (Micrografx, Inc.)
< Jack Startup Folder > -> C:\Documents and Settings\Jack\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 04:39:00 | 001,347,728 | ---- | M] (Microsoft)
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 03:03:28 | 000,001,293 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2010/09/09 18:39:14 | 002,826,240 | ---- | M] (Google Inc.)
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> [2010/06/23 08:03:06 | 001,697,456 | ---- | M] (Google Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276602761203 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{B966DE5D-DB48-498C-AD0E-BEAEFF1DD448}\\DhcpNameServer -> 192.168.1.1   (Intel(R) PRO/100 VE Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/10/14 15:45:38 | 000,135,168 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console] -> [2008/04/13 20:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"avg9emc" -> -> 
"avg9wd" -> -> 
"ccEvtMgr" -> -> 
"ccPwdSvc" -> -> 
"ccSetMgr" -> -> 
"gupdate1ca833a9bea4bcb" -> -> 
"gusvc" -> -> 
"IDriverT" -> -> 
"idsvc" -> -> 
"ITMRTSVC" -> -> 
"JavaQuickStarterService" -> -> 
"Norton Ghost" -> -> 
"Symantec Core LC" -> -> 
"WMPNetworkSvc" -> -> 
"YahooAUService" -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Epson.lnk -> C:\WINDOWS\RUNEPSON.EXE -> [2010/01/21 10:43:54 | 000,051,712 | ---- | M] ()
C:^Documents and Settings^Jack^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2010/05/20 12:14:28 | 001,195,008 | ---- | M] ()
C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> [2007/01/15 14:23:48 | 000,344,064 | ---- | M] (Sony Corporation)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2010/06/09 04:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated)
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2010/06/19 22:04:47 | 000,035,760 | ---- | M] (Adobe Systems Incorporated)
ComcastAntispyClient hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe -> [2009/06/17 13:48:48 | 001,587,672 | ---- | M] ()
ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
ehTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\ehome\ehtray.exe -> [2005/08/05 14:56:34 | 000,064,512 | ---- | M] (Microsoft Corporation)
Google Quick Search Box hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe -> [2010/07/13 23:31:05 | 000,126,976 | ---- | M] (Google Inc.)
HPDJ Taskbar Utility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
igfxhkcmd hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
igfxpers hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
igfxtray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
ISUSPM hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
KernelFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
NBJ hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Ahead\Nero BackItUp\NBJ.exe -> [2006/09/15 15:27:00 | 002,048,000 | ---- | M] (Ahead Software AG)
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
pdfFactory Dispatcher v3 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
RDFNSAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\RegDefense\RDFNSAgent.exe -> File not found
RDFNSListener hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\RegDefense\RDFNSListener.exe -> File not found
ReminderApp hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> D:\Card Factory\ReminderApp.exe -> [2005/08/30 18:30:40 | 000,145,104 | ---- | M] ()
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 4/1/2010 5:09:41 AM Computer Name = JOHN | Source = COM+ | ID = 135761 -> Description = The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector fail
Application [ Error ] 6/15/2010 12:42:37 PM Computer Name = JOHN | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 6/28/2010 1:44:10 PM Computer Name = JOHN | Source = Application Error | ID = 1000 -> Description = Faulting application m3.exe, version 0.0.0.0, faulting module m3.exe, version 0.0.0.0, fault address 0x000607ea.
Application [ Error ] 7/15/2010 9:53:45 AM Computer Name = JOHN | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 7/15/2010 9:53:45 AM Computer Name = JOHN | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 7/17/2010 10:48:27 PM Computer Name = JOHN | Source = Application Error | ID = 1000 -> Description = Faulting application m3.exe, version 0.0.0.0, faulting module m3.exe, version 0.0.0.0, fault address 0x0003ab8a.
Application [ Error ] 8/4/2010 4:33:40 AM Computer Name = JOHN | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 9/3/2010 6:41:02 AM Computer Name = JOHN | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 9/16/2010 6:05:02 PM Computer Name = JOHN | Source = Norton Ghost | ID = 100 -> Description = Description: Error EC8F1C25: Your trial version of Norton Ghost has expired. To continue system protection please visit our web site.  Details: Operation aborted    Source: Norton Ghost
System [ Error ] 9/26/2010 6:36:26 PM Computer Name = JOHN | Source = Service Control Manager | ID = 7034 -> Description = The GEARSecurity service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 9/26/2010 7:29:02 PM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Norton Ghost with arguments ""  in order to run the server:  {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
System [ Error ] 9/28/2010 6:50:26 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service gusvc with arguments ""  in order to run the server:  {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
System [ Error ] 9/28/2010 6:50:26 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service gupdate1ca833a9bea4bcb with arguments "/comsvc"  in order to run the server:  {E225E692-4B47-4777-9BED-4FD7FE257F0E}
System [ Error ] 9/28/2010 8:06:44 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Norton Ghost with arguments ""  in order to run the server:  {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
System [ Error ] 9/28/2010 8:07:49 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Norton Ghost with arguments ""  in order to run the server:  {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
System [ Error ] 9/28/2010 8:21:12 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Norton Ghost with arguments ""  in order to run the server:  {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
System [ Error ] 9/28/2010 8:24:11 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Norton Ghost with arguments ""  in order to run the server:  {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
System [ Error ] 9/28/2010 9:38:11 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Norton Ghost with arguments ""  in order to run the server:  {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
System [ Error ] 9/28/2010 9:41:48 AM Computer Name = JOHN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Norton Ghost with arguments ""  in order to run the server:  {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
 
[Files/Folders - Created Within 30 Days]
 Recent -> C:\Documents and Settings\Jack\Recent -> [2010/09/28 08:28:46 | 000,000,000 | RH-D | C]
 Downloads -> C:\Documents and Settings\Jack\My Documents\Downloads -> [2010/09/27 23:13:40 | 000,000,000 | ---D | C]
 ClearTypeTuner -> C:\Documents and Settings\Jack\My Documents\ClearTypeTuner -> [2010/09/27 16:11:15 | 000,000,000 | ---D | C]
 _OTS -> C:\_OTS -> [2010/09/26 18:36:22 | 000,000,000 | ---D | C]
 pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/09/24 23:20:23 | 000,278,528 | ---- | C] (Real Networks, Inc)
 Java -> C:\Program Files\Common Files\Java -> [2010/09/24 08:15:47 | 000,000,000 | ---D | C]
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010/09/24 08:15:00 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/09/24 08:15:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/09/24 08:15:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010/09/24 08:15:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/09/24 08:15:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.)
 RECYCLER -> C:\RECYCLER -> [2010/09/22 09:40:05 | 000,000,000 | -HSD | C]
 cmdcons -> C:\cmdcons -> [2010/09/21 17:11:12 | 000,000,000 | RHSD | C]
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/09/20 19:28:50 | 000,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/09/20 19:28:50 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/09/20 19:28:50 | 000,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/09/20 19:28:50 | 000,031,232 | ---- | C] (NirSoft)
 ERDNT -> C:\WINDOWS\ERDNT -> [2010/09/20 19:28:42 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2010/09/20 19:28:13 | 000,000,000 | ---D | C]
 New Folder -> C:\Documents and Settings\Jack\Desktop\New Folder -> [2010/09/19 08:36:53 | 000,000,000 | ---D | C]
 Musicnotes -> C:\Documents and Settings\All Users\Application Data\Musicnotes -> [2010/09/16 12:18:43 | 000,000,000 | ---D | C]
 Musicnotes -> C:\Documents and Settings\Jack\My Documents\Musicnotes -> [2010/09/16 12:09:50 | 000,000,000 | ---D | C]
 Musicnotes -> C:\Program Files\Musicnotes -> [2010/09/16 12:09:37 | 000,000,000 | ---D | C]
 Freestyle Music -> C:\Documents and Settings\Jack\My Documents\Freestyle Music -> [2010/09/13 23:30:11 | 000,000,000 | ---D | C]
 archive_db -> C:\archive_db -> [2010/09/11 17:10:18 | 000,000,000 | ---D | C]
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/09/09 18:39:14 | 002,826,240 | ---- | C] (Google Inc.)
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/09/28 18:30:00 | 000,000,886 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/09/28 13:01:08 | 000,000,229 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/09/28 08:13:10 | 000,000,882 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/09/28 08:13:09 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/09/28 08:13:06 | 000,002,048 | --S- | M] ()
 ntuser.dat -> C:\Documents and Settings\Jack\ntuser.dat -> [2010/09/28 08:12:14 | 006,815,744 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Jack\ntuser.ini -> [2010/09/28 08:11:57 | 000,000,178 | -HS- | M] ()
 IconCache.db -> C:\Documents and Settings\Jack\Local Settings\Application Data\IconCache.db -> [2010/09/28 08:11:26 | 005,156,308 | -H-- | M] ()
 AntiSpySafeguardVirus.odt -> C:\Documents and Settings\Jack\My Documents\AntiSpySafeguardVirus.odt -> [2010/09/26 22:42:58 | 000,029,755 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010/09/26 17:37:31 | 000,000,534 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010/09/26 17:37:31 | 000,000,325 | RHS- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2010/09/26 17:37:31 | 000,000,227 | ---- | M] ()
 Paragon Archive name arc_020410113515890.job -> C:\WINDOWS\tasks\Paragon Archive name arc_020410113515890.job -> [2010/09/25 17:38:41 | 000,000,948 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/09/25 17:17:05 | 000,000,284 | ---- | M] ()
 Paragon Archive name arc_020410111646140.job -> C:\WINDOWS\tasks\Paragon Archive name arc_020410111646140.job -> [2010/09/25 17:13:41 | 000,000,940 | ---- | M] ()
 wavepadShakeIcon.job -> C:\WINDOWS\tasks\wavepadShakeIcon.job -> [2010/09/24 23:31:59 | 000,000,280 | ---- | M] ()
 videopadShakeIcon.job -> C:\WINDOWS\tasks\videopadShakeIcon.job -> [2010/09/24 23:30:49 | 000,000,278 | ---- | M] ()
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/09/24 08:14:41 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/09/24 08:14:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010/09/24 08:14:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/09/24 08:14:41 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010/09/24 08:14:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.)
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/09/20 19:36:13 | 000,000,027 | ---- | M] ()
 VSNAP.IDX -> C:\VSNAP.IDX -> [2010/09/18 10:55:20 | 000,004,096 | -HS- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/09/16 19:49:55 | 000,357,752 | ---- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/09/16 12:10:27 | 000,110,176 | ---- | M] ()
 ULEAD32.INI -> C:\WINDOWS\ULEAD32.INI -> [2010/09/16 09:53:35 | 000,000,871 | ---- | M] ()
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/09/09 18:39:14 | 002,826,240 | ---- | M] (Google Inc.)
 Drive E.lnk -> C:\Documents and Settings\Jack\Desktop\Drive E.lnk -> [2010/09/08 08:14:51 | 000,001,053 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/09/06 20:00:00 | 000,032,256 | ---- | M] ()
 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 
[Files - No Company Name]
 Windows XP Error.wav -> C:\Documents and Settings\Jack\Desktop\Windows XP Error.wav -> [2010/09/28 10:46:51 | 000,044,136 | ---- | C] ()
 wavepadShakeIcon.job -> C:\WINDOWS\tasks\wavepadShakeIcon.job -> [2010/09/24 23:31:58 | 000,000,280 | ---- | C] ()
 videopadShakeIcon.job -> C:\WINDOWS\tasks\videopadShakeIcon.job -> [2010/09/24 23:30:48 | 000,000,278 | ---- | C] ()
 AntiSpySafeguardVirus.odt -> C:\Documents and Settings\Jack\My Documents\AntiSpySafeguardVirus.odt -> [2010/09/24 13:03:39 | 000,029,755 | ---- | C] ()
 HijackThis.lnk -> C:\Documents and Settings\Jack\Desktop\HijackThis.lnk -> [2010/09/22 20:06:23 | 000,001,734 | ---- | C] ()
 PHOTOS.lnk -> C:\Documents and Settings\Jack\Desktop\PHOTOS.lnk -> [2010/09/22 12:04:04 | 000,000,448 | ---- | C] ()
 Mozilla Thunderbird.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk -> [2010/09/22 08:47:41 | 000,001,680 | ---- | C] ()
 Shortcut to FMRMD32.EXE.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to FMRMD32.EXE.lnk -> [2010/09/21 23:17:43 | 000,000,476 | ---- | C] ()
 cmldr -> C:\cmldr -> [2010/09/21 17:11:16 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/09/20 19:28:50 | 000,256,512 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/09/20 19:28:50 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/09/20 19:28:50 | 000,080,412 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/09/20 19:28:50 | 000,077,312 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/09/20 19:28:50 | 000,068,096 | ---- | C] ()
 QTW.INI -> C:\WINDOWS\QTW.INI -> [2010/06/18 16:48:02 | 000,000,191 | ---- | C] ()
 PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2010/03/22 17:04:36 | 000,000,151 | ---- | C] ()
 AVSredirect.dll -> C:\WINDOWS\System32\AVSredirect.dll -> [2010/03/09 18:52:28 | 000,027,648 | ---- | C] ()
 QBChanUtil_Trigger.ini -> C:\WINDOWS\QBChanUtil_Trigger.ini -> [2010/02/21 12:39:27 | 000,000,090 | ---- | C] ()
 Epson640.ini -> C:\WINDOWS\Epson640.ini -> [2010/01/21 10:41:23 | 000,000,018 | ---- | C] ()
 hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2010/01/17 12:53:40 | 000,004,964 | ---- | C] ()
 patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2010/01/08 17:16:46 | 000,215,144 | R--- | C] ()
 pw32a.dll -> C:\WINDOWS\pw32a.dll -> [2010/01/08 17:15:59 | 000,215,144 | R--- | C] ()
 DragToDiscUserNameF.txt -> C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt -> [2010/01/01 10:43:29 | 000,000,004 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/25 17:13:18 | 000,032,256 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/24 10:40:26 | 000,000,229 | ---- | C] ()
 LFFPX7.DLL -> C:\WINDOWS\System32\LFFPX7.DLL -> [2009/12/22 16:58:44 | 000,306,688 | ---- | C] ()
 pgp.dll -> C:\WINDOWS\System32\pgp.dll -> [2009/12/22 16:58:44 | 000,302,592 | ---- | C] ()
 LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [2009/12/22 16:58:44 | 000,095,232 | ---- | C] ()
 keydb.dll -> C:\WINDOWS\System32\keydb.dll -> [2009/12/22 16:58:44 | 000,093,184 | ---- | C] ()
 simple.dll -> C:\WINDOWS\System32\simple.dll -> [2009/12/22 16:58:44 | 000,070,656 | ---- | C] ()
 bn.dll -> C:\WINDOWS\System32\bn.dll -> [2009/12/22 16:58:44 | 000,065,024 | ---- | C] ()
 ULEAD32.INI -> C:\WINDOWS\ULEAD32.INI -> [2009/12/22 16:19:19 | 000,000,871 | ---- | C] ()
 Sonyhcp.dll -> C:\WINDOWS\System32\drivers\Sonyhcp.dll -> [2009/12/22 16:09:27 | 000,003,654 | ---- | C] ()
 BANTExt.sys -> C:\WINDOWS\System32\drivers\BANTExt.sys -> [2009/12/22 12:33:52 | 000,003,840 | ---- | C] ()
 DragToDiscUserNameJ.txt -> C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameJ.txt -> [2009/12/22 11:36:23 | 000,000,004 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/22 10:52:33 | 000,000,456 | ---- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/22 03:38:36 | 000,110,176 | ---- | C] ()
 IconCache.db -> C:\Documents and Settings\Jack\Local Settings\Application Data\IconCache.db -> [2009/12/22 00:54:47 | 005,156,308 | -H-- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Jack\Local Settings\Application Data\fusioncache.dat -> [2009/12/22 00:37:58 | 000,000,127 | ---- | C] ()
 desktop.ini -> C:\Documents and Settings\Jack\Application Data\desktop.ini -> [2009/12/22 00:30:17 | 000,000,062 | -HS- | C] ()
 desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2009/12/21 19:11:16 | 000,000,062 | -HS- | C] ()
 lua5.1a.dll -> C:\WINDOWS\System32\lua5.1a.dll -> [2009/12/04 10:02:54 | 000,132,608 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 15:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 15:53:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 16:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 16:39:28 | 000,026,040 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 15:01:54 | 000,235,008 | ---- | C] ()
 renMM.dll -> C:\WINDOWS\System32\renMM.dll -> [2003/07/24 22:21:08 | 000,345,088 | ---- | C] ()
 therename.dll -> C:\WINDOWS\System32\therename.dll -> [2002/09/18 16:14:56 | 000,274,432 | ---- | C] ()
 renogg.dll -> C:\WINDOWS\System32\renogg.dll -> [2002/09/18 16:13:58 | 000,098,304 | ---- | C] ()
< End of report >
```


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jack\Application Data\Mozilla\FireFox\Profiles\m6co0c4z.default\prefs.js
YN -> browser.search.defaultengine -> "Ask.com"
YN -> browser.search.defaultenginename -> "Ask.com"
YN -> browser.search.order.1 -> "Ask.com"
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
YN -> "avg9emc" -> 
YN -> "avg9wd" -> 
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```
You should uninstall Norton Ghost or purchase it since the trial version has expired.

How are things now?


----------



## jdn (Dec 24, 2009)

I did purchase and install Nortons Ghost over a year ago. Every once in a while I'll get a message concerning the trial version. If you can get rid of the trial version, that's fine with me.

*OTS*

All Processes Killed
[Registry - Safe List]
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
[Registry - Additional Scans - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\avg9emc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\avg9wd deleted successfully.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jack
->Temp folder emptied: 187102 bytes
->Temporary Internet Files folder emptied: 68218 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31061613 bytes
->Flash cache emptied: 584 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34512 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 35451362 bytes

Total Files Cleaned = 64.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.38.1 fix logfile created on 09292010_170646

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JET396A.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_640.dat moved successfully.

Registry entries deleted on Reboot...

*HighjackThis*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:19 PM, on 9/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

--
End of file - 5814 bytes


----------



## jdn (Dec 24, 2009)

UPDATE

Some items that have happened recently:

I can no longer specify that a window opens 'minimized' when I create a short cut. For example, the shortcut I have in the start up folder specifies that Mozilla Thunderbird window should opened 'minimized'. When I boot, it opens in 'normal window'. I tried it with several other programs with the same result.

The Autoplay feature for both my CD trays no longer works. You addressed this possibility in Thread 18 and said it could be fixed.

As I move my curser around, it sometimes freezes and I hear a sound which I believe is that for XP Hardware Removal. Normally the freeze only last for a second or two, but a couple of times, the freeze was permanent and I had to power off the computer to get it back working.


----------



## Cookiegal (Aug 27, 2003)

Are you sure you want to re-enable autoplay? Because it's a security risk. But if you do, remind me when we're done because we need to use ComboFix again and it will just disable it again.

Please remove the version of ComboFix that you have by dragging it to the recycle bin then grab the latest version and run a new scan and post the log.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## jdn (Dec 24, 2009)

ComboFix 10-09-30.01 - Jack 09/30/2010 19:04:56.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.17 [GMT -4:00]
Running from: c:\documents and settings\Jack\Desktop\puppy.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-26 22:36 . 2010-09-26 22:36 -------- d-----w- C:\_OTS
2010-09-24 12:15 . 2010-09-24 12:15 -------- d-----w- c:\program files\Common Files\Java
2010-09-24 12:15 . 2010-09-24 12:15 61440 ----a-w- c:\documents and settings\Jack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-359d78eb-n\decora-sse.dll
2010-09-24 12:15 . 2010-09-24 12:15 503808 ----a-w- c:\documents and settings\Jack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1d46e68d-n\msvcp71.dll
2010-09-24 12:15 . 2010-09-24 12:15 499712 ----a-w- c:\documents and settings\Jack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1d46e68d-n\jmc.dll
2010-09-24 12:15 . 2010-09-24 12:15 348160 ----a-w- c:\documents and settings\Jack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1d46e68d-n\msvcr71.dll
2010-09-24 12:15 . 2010-09-24 12:15 12800 ----a-w- c:\documents and settings\Jack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-359d78eb-n\decora-d3d.dll
2010-09-24 12:15 . 2010-09-24 12:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-24 12:13 . 2010-09-24 12:13 79488 ----a-w- c:\documents and settings\Jack\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-09-24 12:13 . 2010-09-24 12:13 152576 ----a-w- c:\documents and settings\Jack\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-09-16 16:18 . 2010-09-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-09-16 16:09 . 2010-09-16 16:10 -------- d-----w- c:\program files\Musicnotes
2010-09-14 18:41 . 2010-08-30 18:34 1496064 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-14 18:41 . 2010-08-30 18:33 43008 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-14 18:41 . 2010-08-30 18:33 338944 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-14 18:41 . 2010-08-30 18:33 346112 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-11 21:10 . 2010-09-11 21:10 -------- d-----w- C:\archive_db
2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 14:30 . 2009-12-22 21:47 1 ----a-w- c:\documents and settings\Jack\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-27 15:18 . 2009-12-22 16:52 -------- d-----w- c:\program files\Nuts & Bolts
2010-09-25 03:32 . 2010-02-22 11:56 -------- d-----w- c:\program files\NCH Software
2010-09-25 01:25 . 2009-12-22 13:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-22 13:33 . 2009-12-22 18:54 -------- d-----w- c:\program files\Picasa3
2010-09-21 09:54 . 2009-12-27 13:19 -------- d-----w- c:\program files\THE Rename
2010-09-17 22:33 . 2009-12-22 18:54 -------- d-----w- c:\program files\Google
2010-09-16 16:10 . 2009-12-22 07:38 110176 ----a-w- c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-10 11:10 . 2009-12-22 07:26 -------- d-----w- c:\program files\CCleaner
2010-09-03 18:42 . 2009-12-22 18:34 -------- d-----w- c:\program files\exPressit S.E. 2.2
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-03 13:32 . 2010-01-31 10:27 -------- d-----w- c:\program files\Defraggler
2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-12-22 05:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2006-05-03 09:06 . 2010-03-09 22:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-03-09 22:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-03-09 22:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( [email protected]_23.36.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-30 22:50 . 2010-09-30 22:50 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2008-04-14 00:12 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 00:12 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2010-01-04 15:56 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2010-01-04 15:56 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 11:00 . 2010-08-12 14:17 71482 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2010-09-30 22:35 71482 c:\windows\system32\perfc009.dat
- 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 13:43 . 2010-09-22 13:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b75feea8\System.Drawing.Design.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9f937cc2\CustomMarshalers.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-30 22:34 . 2010-09-30 22:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-11 07:17 . 2010-06-11 07:17 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-30 20:50 . 2010-09-30 20:50 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 14:17 . 2010-08-12 14:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 14:16 . 2010-08-12 14:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-09-25 03:20 . 2004-10-10 07:50 278528 c:\windows\system32\pncrt.dll
- 2004-08-10 11:00 . 2010-08-12 14:17 441546 c:\windows\system32\perfh009.dat
+ 2004-08-10 11:00 . 2010-09-30 22:35 441546 c:\windows\system32\perfh009.dat
+ 2010-09-24 12:15 . 2010-09-24 12:14 153376 c:\windows\system32\javaws.exe
- 2010-02-27 10:39 . 2010-02-27 10:39 153376 c:\windows\system32\javaws.exe
+ 2010-09-24 12:15 . 2010-09-24 12:14 145184 c:\windows\system32\javaw.exe
- 2010-02-27 10:39 . 2010-02-27 10:39 145184 c:\windows\system32\javaw.exe
- 2010-02-27 10:39 . 2010-02-27 10:39 145184 c:\windows\system32\java.exe
+ 2010-09-24 12:15 . 2010-09-24 12:14 145184 c:\windows\system32\java.exe
- 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-22 13:43 . 2010-09-22 13:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\fe01bb.msp
+ 2010-09-24 12:15 . 2010-09-24 12:15 180224 c:\windows\Installer\2d00b.msi
+ 2010-09-24 12:14 . 2010-09-24 12:14 677376 c:\windows\Installer\2d004.msi
+ 2010-09-30 20:51 . 2010-09-30 20:51 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e4f5d1cd\System.Drawing.dll
+ 2010-09-30 20:52 . 2010-09-30 20:52 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_87783d4d\System.Drawing.Design.dll
+ 2010-09-30 20:52 . 2010-09-30 20:52 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_36931b7b\CustomMarshalers.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\8e2bdf180985276c619f2703d9cf9608\System.Web.DynamicData.ni.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\de9b01b00dc3cd414fd3c2cf97644c45\ServiceModelReg.ni.exe
+ 2010-09-30 20:59 . 2010-09-30 20:59 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-30 22:34 . 2010-09-30 22:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-22 13:44 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 11:39 . 2010-09-23 11:39 4265472 c:\windows\Installer\fe01b2.msp
+ 2010-09-30 20:52 . 2010-09-30 20:52 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4eb9637f\System.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_35b617ff\System.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7c85728f\System.Xml.dll
+ 2010-09-30 20:52 . 2010-09-30 20:52 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2c193f90\System.Xml.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_86ff2e9e\System.Windows.Forms.dll
+ 2010-09-30 20:52 . 2010-09-30 20:52 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_81af2135\System.Windows.Forms.dll
+ 2010-09-30 20:52 . 2010-09-30 20:52 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f90b7e99\System.Drawing.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b7042232\System.Design.dll
+ 2010-09-30 20:52 . 2010-09-30 20:52 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_759daa72\System.Design.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aee5f2c6\mscorlib.dll
+ 2010-09-30 20:52 . 2010-09-30 20:52 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_197926ab\mscorlib.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\7ea4061dd26d050e836c649a9732edc4\System.WorkflowServices.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-09-30 21:01 . 2010-09-30 21:01 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ec5661a1873e0e7342e11341f43a822c\System.Web.Extensions.ni.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\3ff30fca3d17d80aef13668aaa081c33\System.ServiceModel.Web.ni.dll
+ 2010-09-30 20:59 . 2010-09-30 20:59 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1ec05bc0c0a0f415924c4d4a11b9e285\System.IdentityModel.ni.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47139f14a0229db7f6e5eec79b306a9a\System.Data.Services.ni.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-09-30 22:34 . 2010-09-30 22:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-22 16:02 . 2009-12-22 16:02 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-09-30 20:49 . 2010-09-30 20:49 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-09-30 22:34 . 2010-09-30 22:34 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-12 14:17 . 2010-08-12 14:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-12 14:16 . 2010-08-12 14:16 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-09-30 22:35 . 2010-09-30 22:35 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-09-30 20:51 . 2010-09-30 20:51 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-11 07:17 . 2010-06-11 07:17 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-09-30 20:50 . 2010-09-30 20:50 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-11 07:17 . 2010-06-11 07:17 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-24 18:08 . 2010-09-24 18:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-09-24 11:08 . 2010-09-24 11:08 17518080 c:\windows\Installer\fe01d4.msp
+ 2010-09-30 21:00 . 2010-09-30 21:00 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-09-30 21:00 . 2010-09-30 21:00 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\08f5774a7734bf5f2c49ce0881bbf2b7\System.ServiceModel.ni.dll
+ 2010-09-30 20:49 . 2010-09-30 20:49 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-12-22 12479664]
Shortcut to FMRMD32.EXE.lnk - d:\createacard\FMRMD32.EXE [2009-12-22 55296]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Epson.lnk]
backup=c:\windows\pss\Epson.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-06-17 17:48 1587672 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 18:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-14 03:31 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-09-12 14:00 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-09-15 19:27 2048000 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
2009-12-15 18:52 614400 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2005-08-30 22:30 145104 ----a-w- d:\card factory\ReminderApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1ca833a9bea4bcb"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Norton Ghost"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [1/23/2010 10:20 AM 40560]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/13/2010 9:47 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/13/2010 9:47 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/13/2010 9:47 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100929.001\IDSXpx86.sys [9/29/2010 7:50 PM 331640]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/13/2010 9:46 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 2:24 AM 102448]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 6:40 AM 80256]
S3 ultradfg;ultradfg;c:\windows\system32\DRIVERS\ultradfg.sys --> c:\windows\system32\DRIVERS\ultradfg.sys [?]
S4 gupdate1ca833a9bea4bcb;Google Update Service (gupdate1ca833a9bea4bcb);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 3:11 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 19:11]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 19:11]

2010-09-25 c:\windows\Tasks\Paragon Archive name arc_020410111646140.job
- c:\program files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-01-15 17:21]

2010-09-25 c:\windows\Tasks\Paragon Archive name arc_020410113515890.job
- c:\program files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-01-15 17:21]

2010-09-25 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-06-03 14:03]

2010-09-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-02-24 12:26]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-RDFNSAgent - c:\program files\RegDefense\RDFNSAgent.exe
MSConfigStartUp-RDFNSListener - c:\program files\RegDefense\RDFNSListener.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 19:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-30 19:12:59
ComboFix-quarantined-files.txt 2010-09-30 23:12
ComboFix2.txt 2010-09-22 03:00

Pre-Run: 41,090,732,032 bytes free
Post-Run: 41,131,864,064 bytes free

- - End Of File - - 4E775C42BCCB423A3A203855A327D229


----------



## jdn (Dec 24, 2009)

UPDATE
Received notice of five Windows updates yesterday and they were supposedly installed successfully. Received notice today for two updates available. Both were supposedly installed yesterday. Went to Windows Update and the two are listed as critical updates I need. However the Update history says they were successfully installed. The items are *MS .NET framework 3.5 sp1 and .NET framework 2.0 sp2 update for windows server 2003 and WindowsXPx86* [ KB982524] and 
*MS .NET framework 3.5 sp1 update for W server 2003 and WindowsXPx86* [KB982168]

I'm guessing this has nothing to do with what we are doing, but I thought it appropriate to let you know what's happening.


----------



## jdn (Dec 24, 2009)

UPDATE

Somethings wrong. The computer keeps freezing up even when I'm not using it. The ocurences are becoming more frequent.


----------



## Cookiegal (Aug 27, 2003)

Please download *MBRCheck.exe* to your desktop.

Be sure to disable your security programs prior to running the tool. 
Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
_(Vista and Windows 7 users will have to confirm the UAC prompt)_
A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press *N* then press *Enter*.
Press *Enter* again to exit the program.
If nothing unusual is found, you will be shown the machine MBR status. Just press *Enter* to exit.
A text file named *MBRCheck_mm.dd.yy_hh.mm.ss* should appear on your deskop. Please post the contents of that file.


----------



## jdn (Dec 24, 2009)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fd

Kernel Drivers (total 157):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF8975000 \WINDOWS\system32\KDCOM.DLL
0xF8885000 \WINDOWS\system32\BOOTVID.dll
0xF8346000 ACPI.sys
0xF8977000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8335000 pci.sys
0xF8475000 isapnp.sys
0xF8A3D000 pciide.sys
0xF86F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8979000 intelide.sys
0xF8485000 MountMgr.sys
0xF8316000 ftdisk.sys
0xF897B000 dmload.sys
0xF82F0000 dmio.sys
0xF86FD000 PartMgr.sys
0xF8495000 VolSnap.sys
0xF82D8000 atapi.sys
0xF8705000 cercsr6.sys
0xF82C0000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF84A5000 disk.sys
0xF84B5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82A0000 fltmgr.sys
0xF828E000 sr.sys
0xF823F000 SYMEFA.SYS
0xF897D000 DLACDBHM.SYS
0xF8228000 DRVMCDB.SYS
0xF84C5000 PxHelp20.sys
0xF8212000 SymSnap.sys
0xF81FB000 KSecDD.sys
0xF816E000 Ntfs.sys
0xF8141000 NDIS.sys
0xF870D000 symlcbrd.sys
0xF8127000 Mup.sys
0xF8715000 hotcore3.sys
0xF795C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF778D000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7779000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7751000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF8815000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF772D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF881D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF794C000 \SystemRoot\system32\DRIVERS\mf.sys
0xF76F9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF76D6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7530000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8825000 \SystemRoot\System32\Drivers\Modem.SYS
0xF750A000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF793C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF792C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF882D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF791C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8AC8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF790C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF80EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF74F3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF78FC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78EC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8835000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF74E2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF883D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8845000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF748A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF884D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8855000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF885D000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF89C7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF742C000 \SystemRoot\system32\DRIVERS\update.sys
0xF8911000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8865000 \SystemRoot\system32\DRIVERS\UimBus.sys
0xF73D3000 \SystemRoot\System32\Drivers\Uim_IM.sys
0xF7397000 \SystemRoot\System32\Drivers\UimFIO.SYS
0xF8585000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA670000 \SystemRoot\system32\drivers\sthda.sys
0xAA64C000 \SystemRoot\system32\drivers\portcls.sys
0xF85B5000 \SystemRoot\system32\drivers\drmk.sys
0xAA638000 \SystemRoot\system32\DRIVERS\NmPar.sys
0xF85C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89D5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF89D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B93000 \SystemRoot\System32\Drivers\Null.SYS
0xF89D9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8755000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF875D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8765000 \SystemRoot\System32\drivers\vga.sys
0xF89DB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF876D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8775000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF894D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA605000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA5AC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA55E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA52A000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0xF85E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA505000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF877D000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
0xAA4F0000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0xF8785000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
0xAA49B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100930.005\IDSxpx86.sys
0xAA473000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA451000 \SystemRoot\System32\drivers\afd.sys
0xF85F5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8605000 \SystemRoot\System32\Drivers\V2IMount.SYS
0xF8615000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0xAA3FE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA366000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8625000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA308000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xAA2EB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xAA270000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0xAA22E000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0xF8B2C000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF8921000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8675000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF87AD000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF87B5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF8949000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA5A4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAA598000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xAA20E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA0FE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF898D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA43D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF880D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B3D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8575000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8AF6000 \SystemRoot\System32\Drivers\DLADResM.SYS
0xA9F7D000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xF878D000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xAA00E000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xF879D000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xF87A5000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0xA9F67000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0xA9F50000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xA9FB6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9C6B000 \SystemRoot\system32\drivers\wdmaud.sys
0xF84E5000 \SystemRoot\system32\drivers\sysaudio.sys
0xA98C8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9797000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9A31000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA91A4000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xA8F8E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101002.003\NAVEX15.SYS
0xA8F7A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101002.003\NAVENG.SYS
0xA8D9E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8BC3000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
932 C:\WINDOWS\system32\smss.exe
980 csrss.exe
1004 C:\WINDOWS\system32\winlogon.exe
1048 C:\WINDOWS\system32\services.exe
1060 C:\WINDOWS\system32\lsass.exe
1304 C:\WINDOWS\system32\svchost.exe
1388 svchost.exe
1512 C:\WINDOWS\system32\svchost.exe
1644 svchost.exe
1712 svchost.exe
1876 C:\WINDOWS\system32\spoolsv.exe
240 C:\Program Files\Google\Update\GoogleUpdate.exe
272 C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
396 C:\WINDOWS\explorer.exe
596 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1452 svchost.exe
1484 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
1588 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1804 C:\WINDOWS\ehome\ehrecvr.exe
1856 C:\WINDOWS\ehome\ehSched.exe
1984 C:\WINDOWS\system32\gearsec.exe
172 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
716 svchost.exe
1668 mcrdsvc.exe
2624 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
3084 C:\WINDOWS\system32\dllhost.exe
252 alg.exe
2616 C:\WINDOWS\system32\svchost.exe
3260 C:\WINDOWS\system32\wuauclt.exe
1944 wmiprvse.exe
3876 C:\WINDOWS\system32\wscntfy.exe
1168 C:\Documents and Settings\Jack\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`3766d400 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA1, Rev: 10.01E01
PhysicalDrive1 Model Number: SeagateDesktop, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: A16EF68870D2ED162DDA2E379D2960A80789C94E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!


----------



## Cookiegal (Aug 27, 2003)

What normally shows up as your K drive please?


----------



## jdn (Dec 24, 2009)

For the first time I'm not sure what you are asking for . Drive K is an external Seagate drive connected via USB port. I use it to store files from this computer including files generated weekly by both a Ghost backup and a Paragon backup program of my C and D drives. It also has files I have taken from my wife's [by the way her name is Cookie and she has three Westies] computer.

The freeze up problem of the computer is still occurring. Any idea why this is happening??? This right now is my most pressing problem.

I still have the MS update problem. I was told I could hide them since they ate not critical updates. I am hesitant to do anything in regard to this problem until I get your input.


----------



## jdn (Dec 24, 2009)

Update

*DELL 3 DRIVE K INFORMATION*

This drive is used for storage of documents, movies, photographs, music, 
and backups for both the Dell 2 and Dell 3 computer

Drive K: 400 G capacity

*DELL 2 COMPUTER*

Has 8 folders: $hf mig$, aWorking, Cookies Documents, Custom Designs, Dakota Designs, Designs, Ghost Backup, Programs and Updates

*DELL 3 COMPUTER*

Has 6 folders: Backups, Folders backed up on Data disk 1, Items removed from Dell3, Movies, Music, Photos

Backups* [ See below ]
Norton Ghost backups
Paragon Backup

Folders backed up on Data Dick 1

Items removed from Dell 3

*Movies*

Music

Photos

*SEAGATE*
Files generated during installation of Drive K

*WINDOWS XP BOOK*
Windows XP Instructions book

*Backups

Norton Ghost Backup Backup of both C & D Drive. Initial backup made on April 1. Set to perform incremental backup every Thursday at 5 PM.

Paragon Backups Backup of Drive D. Initial backup made on April 2. Set to perform incremental backup very Friday at 5 PM.

Backup of Drive C. Initial backup made on April 2. Set to perform incremental backup very Friday at 5:15 PM.


----------



## jdn (Dec 24, 2009)

Update 

I might have solved the freeze up problem I was having. I replaced my mouse which evidently was malfunctioning. I hope that was the problem.

I hid the two MS Update files that would not install. I will pursue a more permanent solution when we are finished.

Per Norton tech instructions, I removed the Norton Live Update program using the Add or Remove program. 

I'll keep you posted.


----------



## Cookiegal (Aug 27, 2003)

Westies are cute. Is one named Maggie by an chance? I think of that commercial for dog food all the time.


jdn said:


> Per Norton tech instructions, I removed the Norton Live Update program using the Add or Remove program.


Why did they advise to remove Live Update? You need that for your anti-virus program to update virus definitions.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## jdn (Dec 24, 2009)

Sparkel, Grace and Son Nee No Maggie

There were many errors and some were repetitive. I am including only one of each of the repetitive ones with a note as to how many times they occurred

Under Applications

Event Type: Error
Event Source: AntiSpywareService
Event Category: None
Event ID: 0
Date: 10/6/2010
Time: 12:37:43 PM
User: N/A
Computer: JOHN
Description:
The description for Event ID ( 0 ) in Source ( AntiSpywareService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C.

Occurred once

Event Type: Error
Event Source: AntiSpywareService
Event Category: None
Event ID: 0
Date: 10/6/2010
Time: 12:31:06 PM
User: N/A
Computer: JOHN
Description:
The description for Event ID ( 0 ) in Source ( AntiSpywareService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C.

Occurred once

Event Type: Error
Event Source: AntiSpywareService
Event Category: None
Event ID: 0
Date: 10/6/2010
Time: 10:48:42 AM
User: N/A
Computer: JOHN
Description:
The description for Event ID ( 0 ) in Source ( AntiSpywareService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C.

Occurred 11 times

Under Systems

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/6/2010
Time: 6:45:07 AM
User: N/A
Computer: JOHN
Description:
The HTTP SSL service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Occurred once

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 10/6/2010
Time: 6:45:07 AM
User: N/A
Computer: JOHN
Description:
Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Occurred once

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/5/2010
Time: 9:47:17 PM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service Norton Ghost with arguments "" in order to run the server:
{F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Occurred more than 10 times

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/5/2010
Time: 12:06:50 PM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service Symantec Core LC with arguments "-Service" in order to run the server:
{60C70E11-2B08-4798-B366-C8450CDA7B1A}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Occurred more than10 times

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/5/2010
Time: 10:07:20 AM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gupdate1ca833a9bea4bcb with arguments "/comsvc" in order to run the server:
{E225E692-4B47-4777-9BED-4FD7FE257F0E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Occurred once

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/5/2010
Time: 10:07:16 AM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Occurred once


----------



## jdn (Dec 24, 2009)

Update for Norton
I opened the Norton Security Suite program and there was a message that updates had been updated a minute ago. The Live update I removed must have been for The Ghost program since nothing happens when I click the Live Update icon in that ghost program.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis scan log as well as the uninstall list from HijackThis.


----------



## jdn (Dec 24, 2009)

I installed and ran Spybot -Search and Distroy this morning. I hope this was OK.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:43 PM, on 10/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\eRightSoft\SUPER\SUPER.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6702 bytes

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Agent Ransack Version 1.7.3
Apple Application Support
Apple Software Update
Audacity 1.2.6
AutoStreamer
Belarc Advisor 7.2
CA Yahoo! Anti-Spy (remove only)
CCleaner
Conexant D850 56K V.9x DFVc Modem
CreataCard Special Edition - Epson 2
Defraggler
Dell Resource CD
EasyCleaner
exPressit S.E. 2.2
FormatFactory 2.50
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
Java(TM) 6 Update 21
LAME v3.98.2 for Audacity
LiveReg (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Software Suite 1.5.1
NCH Toolbox
Nero 6
Nero Digital
Norton Ghost 10.0
Norton Security Suite
OLYMPUS CAMEDIA Master 4.1
OpenOffice.org 3.2
Paragon Backup & Recovery™ 10.1 Free Edition
pdfFactory
Picasa 3
Prism Video Converter
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
SUPER © Version 2010.bld.38 (May 2, 2010)
SupportSoft Assisted Service
Switch Sound File Converter
The Print Shop 12
THE Rename 2.1.6
Tweak UI
Ulead iPhoto Plus 4.0
Ultra Defragmenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
VideoPad Video Editor
WavePad Sound Editor
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinUpdatesList
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar


----------



## jdn (Dec 24, 2009)

Update Good news / bad news

The mouse was the cause of the freeze up problems I was

having.

After replying to you yesterday, I tried to open

Internet Explorer and IE window opens but is non

responsive.. Tried to access MS Updates via Mozilla

Firefox and was told that IE5 or better had to be

running in order to access site.

Tried to get to MS Updates and Windows Updates via

Icons in Start Menu and nothing happens. Downloaded IE8

installation program from MS and ran. First two times,

program ran to the very end and then got error message

that program failed to initialize because the Windows

Station is shutting down. Ran again and was able to

complete instalation. Received notice of three non IE8

updates was available [kb976662, kb981332, and

kb971961] and was able to install them. Two were

Windows and one was script related. In checking Windows

Update List I noted that three IE8 related items had

also been installed.

Was able open IE8 and get to the MS Update site. Got

message that I was hiding two [kb982524 & kb982168

]updates and should install them. Tried to install and

got message that installation failed. History shows

them to be installed. I informed you of this in

previous post.

After exiting ie8 i tried to reopen it and again it

wouldn't open. The window always comes up. On some

occasions I can access some of the function i.e open

favorites, and at other times when I type C-A-D it

shows that the program is not responding.

Per MS document,I downloaded the files to my desktop
and ran the installation for both. Installation

successful but still get yellow shield that they need

to be installed. Again per MS direction in fix, I

booted in safe mode and tried to install. Got message

that installation failed due to being in safe mode or

Windows Installer is not correctly installed. Since the

direction was to try installing in safe mode I'm

assuming the the failure was due to the Windows

Installer not being correctly installed???

I was able to get IE started once more but after

exiting couldn't get it back.

bbearen of tech guys suggested running the following
in the Start Run command box

* regsvr32 wuapi.dll
* regsvr32 wuaueng.dll
* regsvr32 atl.dll
* regsvr32 wucltui.dll
* regsvr32 wups.dll
* regsvr32 wuaueng1.dll
* regsvr32 wuweb.dll
* regsvr32 wups2.dll
* regsvr32 msxml.dll
* regsvr32 msxml3.dll
* regsvr32 msxml2.dll
* regsvr32 qmgr.dll
* regsvr32 qmgrprxy.dll
* regsvr32 Softpub.dll
* regsvr32 Mssip32.dll
* regsvr32 Initpki.

I assume this will reset items in the registry.
Is it safe to do this?????

He also mentioned doing a window repair using a Windows

installation disk with service pack created with

Autostreamer. I have this disk which I created with SP

3 a while back. I assume this would repair any

corrupted files.Is this OK to do.

I don't know whether these problems have any

association with what we are doing or not. I do

remember I had the update problem one time about 3 or 4

months ago, and that it is not unique with Windows

considering all the articles about it.


----------



## Cookiegal (Aug 27, 2003)

Please don't format your posts like that. It makes them very difficult to read.

I wasn't aware you had another thread going. You can go ahead and re-register those dlls and see if that helps.


----------



## jdn (Dec 24, 2009)

I apologize for any inconvenience I may have caused you. I tried the fix mentioned but stopped when two of the items would not reregister. I tried doing a repair and really got into trouble when the computer froze during the process, and I couldn't recover. Fortunately I was able to recover my computer using the Ghost recovery disk. I had to recover to October 2 status, so now it's going to take me a while to see what if anything I have lost and what my present status is. If there is anything you want me to try please let me know.


----------



## jdn (Dec 24, 2009)

UPDATE

Things are back to normal after I did the Ghost recovery to Oct 2. I am having no problem with IE8 and I specified not to show the two problem updates again. Checked the MS Upate history and it shows them to be installed but they do not show up in Windows Update List or in Add or Remove. I am attaching an updated HighjackThis.log and an uninstall list. Note that CAPest contro and Live Update 2.6 which were removed via Norton are back and the Spybot which I installed is gone. As of now, I am having no problems although I did check the Event Viewer--Systems and again found an error associated with DCOM.

Highjack.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:08 AM, on 10/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6170 bytes

Uninstall list

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Agent Ransack Version 1.7.3
Apple Application Support
Apple Software Update
Audacity 1.2.6
AutoStreamer
Belarc Advisor 7.2
CA Pest Patrol Realtime Protection
CA Yahoo! Anti-Spy (remove only)
CCleaner
Conexant D850 56K V.9x DFVc Modem
CreataCard Special Edition - Epson 2
Defraggler
Dell Resource CD
EasyCleaner
exPressit S.E. 2.2
FormatFactory 2.50
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
Java(TM) 6 Update 21
LAME v3.98.2 for Audacity
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Software Suite 1.5.1
NCH Toolbox
Nero 6
Nero Digital
Norton Ghost 10.0
Norton Security Suite
OLYMPUS CAMEDIA Master 4.1
OpenOffice.org 3.2
Paragon Backup & Recovery 10.1 Free Edition
pdfFactory
Picasa 3
Prism Video Converter
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
Sony Picture Utility
Sony USB Driver
SUPER © Version 2010.bld.38 (May 2, 2010)
SupportSoft Assisted Service
The Print Shop 12
THE Rename 2.1.6
Tweak UI
Ulead iPhoto Plus 4.0
Ultra Defragmenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
VideoPad Video Editor
WavePad Sound Editor
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar


----------



## Cookiegal (Aug 27, 2003)

The log looks fine although I wonder why you have this in Global startup:

O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE

Which are the two updates that you were having problems with?

Please upload the following log as an attachment. It might give a clue as to why these updates are not installing:

C:\Windows\WindowsUpdate.log


----------



## jdn (Dec 24, 2009)

FM--- is a little program that comes on every time I start up and reminds me of any birthdays, anniveraries etc coming up.

The items are *MS .NET framework 3.5 sp1 and .NET framework 2.0 sp2 update for windows server 2003 and WindowsXPx86* [ KB982524] and 
*MS .NET framework 3.5 sp1 update for W server 2003 and WindowsXPx86* [KB982168]

I tried to attach and got the message that The Windows update log file is 1.29 MB and exceeds the forum limit of 500MB. I zipped it and attached it. I hope it worked.


----------



## Cookiegal (Aug 27, 2003)

The log shows those updates were successfully installed on October 1st, 2010. Did they cause problems after the installation?


----------



## jdn (Dec 24, 2009)

When they first showed up as required downloads, I downloaded and installed them successfully [???]. The next time I started the computer, The yellow shield appeared again saying I had updates to install [the same updates I though I had successfully installed]. I checked with the update history on the MS Update page and it said the updates were installed. I downloaded Windows Update List Program [per Phantom of Tech Guys] and the questionable updates did not appear on the list. Phanton's response to this was that "they are not installed".
I had experienced the same problem back in June and I went back and checked the thread I had created at that time and found that it was the same update KB982168 that was causing the same problem, i.e. load successfully and then appear as needing to be loaded. At that time Flavallee suggested to uncheck the download and check the option to not show this download again. I did this and the problem went away. For the present downloads, I did the same thing and the problem went away. The history shows both to be installed, but they are not in the Windows Update List.

Update List

ie8 Jack 1/2/2010 20090308.140743 Update Windows XP http://support.microsoft.com/?kbid=ie8 C:\WINDOWS\ie8\spuninst\spuninst.exe 1/1/2010 9:42:21 PM 
KB2079403 Security Update for Windows XP (KB2079403) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=2079403 C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe 8/12/2010 10:18:38 AM 
KB2115168 Security Update for Windows XP (KB2115168) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=2115168 C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe 8/12/2010 10:19:19 AM 
KB2121546 Security Update for Windows XP (KB2121546) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2121546 C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe 9/15/2010 7:29:52 AM 
KB2141007 Update for Windows XP (KB2141007) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2141007 C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe 9/15/2010 7:26:50 AM 
KB2158563 Hotfix for Windows XP (KB2158563) Jack 9/29/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2158563 C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe 9/29/2010 12:53:50 AM 
KB2160329 Security Update for Windows XP (KB2160329) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=2160329 C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe 8/12/2010 10:13:11 AM 
KB2183461-IE8 Security Update for Windows Internet Explorer 8 (KB2183461) Jack 8/12/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2183461-IE8 C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe 8/12/2010 10:13:43 AM 
KB2229593 Security Update for Windows XP (KB2229593) Jack 7/14/2010 Update Windows XP http://support.microsoft.com/?kbid=2229593 C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe 7/14/2010 6:00:02 AM 
KB2259922 Security Update for Windows XP (KB2259922) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2259922 C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe 9/15/2010 7:30:13 AM 
KB2286198 Security Update for Windows XP (KB2286198) Jack 8/3/2010 Update Windows XP http://support.microsoft.com/?kbid=2286198 C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe 8/3/2010 7:37:26 AM 
KB2347290 Security Update for Windows XP (KB2347290) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2347290 C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe 9/15/2010 7:29:59 AM 
KB2416473 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Jack 9/30/2010 Microsoft .NET Framework 3.5 SP1 http://support.microsoft.com/?kbid=2416473 9/30/2010 4:49:42 PM 
KB2418241 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241) Jack 9/30/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=2418241 9/30/2010 4:47:38 PM 
KB835221WXP High Definition Audio Driver Package - KB835221 Jack 12/22/2009 Update Windows XP OOB http://support.microsoft.com/?kbid=835221WXP 12/25/2009 4:33:01 PM 
KB892130 Jack 12/22/2009 Update WGA http://support.microsoft.com/?kbid=892130 12/22/2009 1:38:58 AM 
KB900325 Update Rollup 2 for Windows XP Media Center Edition 2005 Jack 12/22/2009 Update Media Center 2005 http://support.microsoft.com/?kbid=900325 12/25/2009 4:33:01 PM 
KB903157 Jack 12/22/2009 Update Windows Media Player 10 http://support.microsoft.com/?kbid=903157 12/25/2009 4:33:01 PM 
KB923561 Security Update for Windows XP (KB923561) Jack 12/22/2009 Update Windows XP  http://support.microsoft.com/?kbid=923561 12/25/2009 4:33:01 PM 
KB923689 Security Update for Windows XP (KB923689) N/A Windows XP http://support.microsoft.com/?kbid=923689 12/22/2009 2:20:58 AM 
KB923689 Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=923689 12/25/2009 4:33:01 PM 
KB925766 Windows XP Media Center Edition 2005 KB925766 Jack 1/4/2010 Update Windows XP http://support.microsoft.com/?kbid=925766 1/9/2010 4:59:16 PM 
KB929399 Hotfix for Windows Media Format 11 SDK (KB929399) N/A Windows Media Format 11 SDK http://support.microsoft.com/?kbid=929399 1/4/2010 9:59:44 PM 
KB929399 Jack 1/5/2010 Update Windows Media Format 11 SDK http://support.microsoft.com/?kbid=929399 1/9/2010 4:59:16 PM 
KB936782_WMP10 Security Update for Windows Media Player 10 (KB936782) N/A Windows Media Player 10 http://support.microsoft.com/?kbid=936782_WMP10 12/22/2009 2:17:17 AM 
KB936782_WMP10 Jack 12/22/2009 Update Windows Media Player 10 http://support.microsoft.com/?kbid=936782_WMP10 12/25/2009 4:33:01 PM 
KB936929 Windows XP Service Pack 3 Jack 12/22/2009 Service Pack Windows XP http://support.microsoft.com/?kbid=936929 12/25/2009 4:33:01 PM 
KB939683 Hotfix for Windows Media Player 11 (KB939683) N/A Windows Media Player 11 http://support.microsoft.com/?kbid=939683 1/4/2010 9:59:27 PM 
KB939683 Jack 1/5/2010 Update Windows Media Player 11 http://support.microsoft.com/?kbid=939683 1/9/2010 4:59:16 PM 
KB941569 Security Update for Windows XP (KB941569) N/A Windows XP http://support.microsoft.com/?kbid=941569 12/22/2009 2:21:27 AM 
KB941569 Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=941569 12/25/2009 4:33:01 PM 
KB946102 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB946102) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=946102 10/1/2010 12:10:59 PM 
KB946457 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB946457) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=946457 10/1/2010 12:10:59 PM 
KB946573 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB946573) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=946573 10/1/2010 12:10:59 PM 
KB946648 Security Update for Windows XP (KB946648) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=946648 12/25/2009 4:33:01 PM 
KB947317 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB947317) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=947317 10/1/2010 12:11:00 PM 
KB948233 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB948233) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=948233 10/1/2010 12:11:00 PM 
KB948233v2 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB948233) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=948233v2 10/1/2010 12:11:00 PM 
KB948646 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB948646) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=948646 10/1/2010 12:11:00 PM 
KB949226 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB949226) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=949226 10/1/2010 12:11:00 PM 
KB949777 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB949777) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=949777 10/1/2010 12:11:00 PM 
KB950230 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB950230) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=950230 10/1/2010 12:11:00 PM 
KB950762 Security Update for Windows XP (KB950762) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=950762 12/25/2009 4:33:01 PM 
KB950974 Security Update for Windows XP (KB950974) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=950974 12/25/2009 4:33:01 PM 
KB950986 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB950986) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=950986 10/1/2010 12:11:00 PM 
KB951066 Security Update for Windows XP (KB951066) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951066 12/25/2009 4:33:01 PM 
KB951113 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB951113) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=951113 10/1/2010 12:11:00 PM 
KB951376-v2 Security Update for Windows XP (KB951376-v2) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951376-v2 12/25/2009 4:33:01 PM 
KB951748 Security Update for Windows XP (KB951748) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951748 12/25/2009 4:33:01 PM 
KB951978 Update for Windows XP (KB951978) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951978 12/25/2009 4:33:01 PM 
KB952004 Security Update for Windows XP (KB952004) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=952004 12/25/2009 4:33:01 PM 
KB952011 Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray SYSTEM 1/12/2010 Update Windows XP http://support.microsoft.com/?kbid=952011 1/12/2010 6:10:29 PM 
KB952069_WM9 Security Update for Windows Media Player (KB952069) N/A Windows Media Player http://support.microsoft.com/?kbid=952069_WM9 12/22/2009 3:18:12 AM 
KB952069_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=952069_WM9 12/25/2009 4:33:01 PM 
KB952287 Hotfix for Windows XP (KB952287) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=952287 12/25/2009 4:33:01 PM 
KB952324 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB952324) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=952324 10/1/2010 12:11:00 PM 
KB952346 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB952346) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=952346 10/1/2010 12:11:00 PM 
KB952883 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB952883) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=952883 10/1/2010 12:11:00 PM 
KB952954 Security Update for Windows XP (KB952954) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=952954 12/25/2009 4:33:01 PM 
KB953295 Microsoft .NET Framework 1.0 Hotfix (KB953295) N/A QFE .NETFramework http://support.microsoft.com/?kbid=953295 12/22/2009 2:17:42 AM 
KB953295 Microsoft .NET Framework 1.0 Hotfix (KB953295) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=953295 12/25/2009 4:33:01 PM 
KB954154_WM11 Security Update for Windows Media Player 11 (KB954154) N/A Windows Media Player 11 http://support.microsoft.com/?kbid=954154_WM11 1/4/2010 9:58:42 PM 
KB954154_WM11 Jack 1/5/2010 Update Windows Media Player 11 http://support.microsoft.com/?kbid=954154_WM11 1/9/2010 4:59:16 PM 
KB954155_WM9 Security Update for Windows Media Player (KB954155) N/A Windows Media Player http://support.microsoft.com/?kbid=954155_WM9 12/22/2009 3:18:07 AM 
KB954155_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=954155_WM9 12/25/2009 4:33:01 PM 
KB954550-v5 Hotfix for Windows XP (KB954550-v5) Jack 12/22/2009 5 Update Windows XP http://support.microsoft.com/?kbid=954550-v5 12/22/2009 11:56:02 AM 
KB955069 Security Update for Windows XP (KB955069) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=955069 12/25/2009 4:33:01 PM 
KB955759 Update for Windows XP (KB955759) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=955759 12/25/2009 4:33:01 PM 
KB956572 Security Update for Windows XP (KB956572) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956572 12/25/2009 4:33:01 PM 
KB956744 Security Update for Windows XP (KB956744) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956744 12/25/2009 4:33:01 PM 
KB956802 Security Update for Windows XP (KB956802) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956802 12/25/2009 4:33:01 PM 
KB956803 Security Update for Windows XP (KB956803) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956803 12/25/2009 4:33:01 PM 
KB956844 Security Update for Windows XP (KB956844) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956844 12/25/2009 4:33:01 PM 
KB957097 Security Update for Windows XP (KB957097) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=957097 12/25/2009 4:33:01 PM 
KB958481 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB958481) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=958481 10/1/2010 12:11:00 PM 
KB958483 Hotfix for Microsoft .NET Framework 3.0 Service Pack 1 (KB958483) Jack 12/22/2009 Microsoft .NET Framework 3.0 Service Pack 2 http://support.microsoft.com/?kbid=958483 12/22/2009 12:01:59 PM 
KB958484 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Jack 9/30/2010 Microsoft .NET Framework 3.5 SP1 http://support.microsoft.com/?kbid=958484 9/30/2010 4:49:42 PM 
KB958644 Security Update for Windows XP (KB958644) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=958644 12/25/2009 4:33:01 PM 
KB958687 Security Update for Windows XP (KB958687) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=958687 12/25/2009 4:33:01 PM 
KB958869 Security Update for Windows XP (KB958869) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=958869 12/25/2009 4:33:01 PM 
KB959426 Security Update for Windows XP (KB959426) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=959426 12/25/2009 4:33:01 PM  
KB960225 Security Update for Windows XP (KB960225) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=960225 12/25/2009 4:33:01 PM 
KB960803 Security Update for Windows XP (KB960803) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=960803 12/25/2009 4:33:01 PM 
KB960859 Security Update for Windows XP (KB960859) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=960859 12/25/2009 4:33:01 PM 
KB961118 Hotfix for Windows XP (KB961118) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=961118 12/25/2009 4:33:01 PM 
KB961371-v2 Security Update for Windows XP (KB961371-v2) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=961371-v2 12/25/2009 4:33:01 PM 
KB961501 Security Update for Windows XP (KB961501) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=961501 12/25/2009 4:33:01 PM 
KB963707 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Jack 12/22/2009 Microsoft .NET Framework 3.5 SP1 http://support.microsoft.com/?kbid=963707 12/22/2009 12:23:51 PM 
KB967715 Update for Windows XP (KB967715) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=967715 12/25/2009 4:33:01 PM 
KB968389 Update for Windows XP (KB968389) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=968389 12/25/2009 4:33:01 PM 
KB968816_WM9 Security Update for Windows Media Player (KB968816) N/A Windows Media Player http://support.microsoft.com/?kbid=968816_WM9 12/22/2009 3:18:03 AM 
KB968816_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=968816_WM9 12/25/2009 4:33:01 PM 
KB969059 Security Update for Windows XP (KB969059) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=969059 12/25/2009 4:33:01 PM 
KB969947 Security Update for Windows XP (KB969947) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=969947 12/25/2009 4:33:01 PM 
KB970238 Security Update for Windows XP (KB970238) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=970238 12/25/2009 4:33:01 PM 
KB970430 Security Update for Windows XP (KB970430) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=970430 12/25/2009 4:33:01 PM 
KB971468 Security Update for Windows XP (KB971468) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=971468 C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe 2/12/2010 12:51:45 AM 
KB971486 Security Update for Windows XP (KB971486) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971486 12/25/2009 4:33:01 PM 
KB971557 Security Update for Windows XP (KB971557) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971557 12/25/2009 4:33:01 PM 
KB971633 Security Update for Windows XP (KB971633) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971633 12/25/2009 4:33:01 PM 
KB971657 Security Update for Windows XP (KB971657) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971657 12/25/2009 4:33:01 PM 
KB971737 Update for Windows XP (KB971737) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971737 12/25/2009 4:33:01 PM 
KB971961-IE8 Security Update for Windows Internet Explorer 8 (KB971961) Jack 1/2/2010 1 Update Windows XP http://support.microsoft.com/?kbid=971961-IE8 C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe 1/1/2010 10:04:56 PM 
KB972270 Security Update for Windows XP (KB972270) Jack 1/12/2010 Update Windows XP http://support.microsoft.com/?kbid=972270 1/16/2010 6:32:46 PM 
KB973354 Security Update for Windows XP (KB973354) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973354 12/25/2009 4:33:01 PM 
KB973507 Security Update for Windows XP (KB973507) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973507 12/25/2009 4:33:01 PM 
KB973525 Security Update for Windows XP (KB973525) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973525 12/25/2009 4:33:01 PM 
KB973540_WM9 Security Update for Windows Media Player (KB973540) N/A Windows Media Player http://support.microsoft.com/?kbid=973540_WM9 12/22/2009 3:17:43 AM 
KB973540_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=973540_WM9 12/25/2009 4:33:01 PM 
KB973687 Update for Windows XP (KB973687) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973687 12/25/2009 4:33:01 PM 
KB973768 Windows XP Media Center Edition 2005 KB973768 Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973768 12/25/2009 4:33:01 PM 
KB973815 Update for Windows XP (KB973815) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973815 12/25/2009 4:33:01 PM 
KB973869 Security Update for Windows XP (KB973869) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973869 12/25/2009 4:33:01 PM 
KB973904 Security Update for Windows XP (KB973904) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973904 12/25/2009 4:33:01 PM 
KB974112 Security Update for Windows XP (KB974112) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974112 12/25/2009 4:33:01 PM 
KB974318 Security Update for Windows XP (KB974318) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974318 12/25/2009 4:33:01 PM 
KB974392 Security Update for Windows XP (KB974392) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974392 12/25/2009 4:33:01 PM 
KB974571 Security Update for Windows XP (KB974571) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974571 12/25/2009 4:33:01 PM 
KB975025 Security Update for Windows XP (KB975025) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=975025 12/25/2009 4:33:01 PM 
KB975364-IE8 Update for Windows Internet Explorer 8 (KB975364) Jack 1/2/2010 1 Update Windows XP http://support.microsoft.com/?kbid=975364-IE8 C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe 1/1/2010 9:43:23 PM 
KB975467 Security Update for Windows XP (KB975467) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=975467 12/25/2009 4:33:01 PM 
KB975558_WM8 Security Update for Windows Media Player (KB975558) N/A Windows Media Player http://support.microsoft.com/?kbid=975558_WM8 9/15/2010 7:30:07 AM 
KB975558_WM8 Jack 9/15/2010 Update Windows Media Player http://support.microsoft.com/?kbid=975558_WM8 C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe 9/15/2010 7:30:07 AM 
KB975560 Security Update for Windows XP (KB975560) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=975560 C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe 2/12/2010 12:48:57 AM 
KB975561 Security Update for Windows XP (KB975561) Jack 3/11/2010 Update Windows XP http://support.microsoft.com/?kbid=975561 C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe 3/11/2010 12:04:25 AM 
KB975562 Security Update for Windows XP (KB975562) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=975562 C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe 6/11/2010 3:09:47 AM 
KB975713 Security Update for Windows XP (KB975713) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=975713 C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe 2/12/2010 12:49:12 AM 
KB976098-v2 Hotfix for Windows XP (KB976098-v2) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=976098-v2 12/25/2009 4:33:01 PM 
KB976325 Security Update for Windows XP (KB976325) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=976325 12/25/2009 4:33:01 PM 
KB976325-IE8 Security Update for Windows Internet Explorer 8 (KB976325) Jack 1/2/2010 1 Update Windows XP http://support.microsoft.com/?kbid=976325-IE8 C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe 1/1/2010 9:43:51 PM 
KB976576 Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB976576) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=976576 10/1/2010 12:11:00 PM 
KB976662-IE8 Update for Windows Internet Explorer 8 (KB976662) Jack 2/24/2010 1 Update Windows XP http://support.microsoft.com/?kbid=976662-IE8 C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe 2/24/2010 8:25:29 AM 
KB976769v2 Security Update for Microsoft .NET Framework 3.0 Service Pack 1 (KB976769) Jack 10/1/2010 Microsoft .NET Framework 3.0 Service Pack 2 http://support.microsoft.com/?kbid=976769v2 10/1/2010 12:05:41 PM 
KB977165-v2 Security Update for Windows XP (KB977165-v2) Jack 3/4/2010 Update Windows XP http://support.microsoft.com/?kbid=977165-v2 C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe 3/4/2010 6:41:38 PM 
KB977354v2 Update for Microsoft .NET Framework 3.0 Service Pack 1 (KB977354) Jack 10/1/2010 Microsoft .NET Framework 3.0 Service Pack 2 http://support.microsoft.com/?kbid=977354v2 10/1/2010 12:05:41 PM 
KB977816 Security Update for Windows XP (KB977816) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=977816 C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe 4/14/2010 3:01:04 AM 
KB977914 Security Update for Windows XP (KB977914) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=977914 C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe 2/12/2010 12:48:48 AM 
KB978037 Security Update for Windows XP (KB978037) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978037 C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe 2/12/2010 12:49:18 AM 
KB978207-IE8 Security Update for Windows Internet Explorer 8 (KB978207) SYSTEM 1/22/2010 1 Update Windows XP http://support.microsoft.com/?kbid=978207-IE8 C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe 1/22/2010 4:01:02 AM 
KB978251 Security Update for Windows XP (KB978251) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978251 C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe 2/12/2010 12:49:05 AM 
KB978262 Security Update for Windows XP (KB978262) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978262 C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe 2/12/2010 12:51:50 AM 
KB978338 Security Update for Windows XP (KB978338) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=978338 C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe 4/14/2010 3:01:13 AM 
KB978542 Security Update for Windows XP (KB978542) SYSTEM 5/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978542 C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe 5/12/2010 3:00:21 AM 
KB978601 Security Update for Windows XP (KB978601) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=978601 C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe 4/14/2010 3:00:57 AM 
KB978695_WM9 Security Update for Windows Media Player (KB978695) N/A Windows Media Player http://support.microsoft.com/?kbid=978695_WM9 6/11/2010 3:10:09 AM 
KB978695_WM9 SYSTEM 6/11/2010 Update Windows Media Player http://support.microsoft.com/?kbid=978695_WM9 C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe 6/11/2010 3:10:09 AM 
KB978706 Security Update for Windows XP (KB978706) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978706 C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe 2/12/2010 12:48:32 AM 
KB979306 Hotfix for Windows XP (KB979306) Jack 2/24/2010 Update Windows XP http://support.microsoft.com/?kbid=979306 C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe 2/24/2010 8:25:10 AM 
KB979309 Security Update for Windows XP (KB979309) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=979309 C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe 4/14/2010 3:00:40 AM 
KB979482 Security Update for Windows XP (KB979482) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=979482 C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe 6/11/2010 3:10:01 AM 
KB979559 Security Update for Windows XP (KB979559) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=979559 C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe 6/11/2010 3:15:20 AM 
KB979683 Security Update for Windows XP (KB979683) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=979683 C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe 4/14/2010 3:03:53 AM 
KB979904 Microsoft .NET Framework 1.0 Hotfix (KB979904) N/A QFE .NETFramework http://support.microsoft.com/?kbid=979904 6/11/2010 3:19:36 AM 
KB979904 Microsoft .NET Framework 1.0 Hotfix (KB979904) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=979904 C:\WINDOWS\$NtUninstallKB979904$\spuninst\spuninst.exe 6/11/2010 3:19:37 AM 
KB979909 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB979909) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=979909 10/1/2010 12:10:59 PM 
KB980182-IE8 Update for Windows Internet Explorer 8 (KB980182) Jack 3/31/2010 1 Update Windows XP http://support.microsoft.com/?kbid=980182-IE8 C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe 3/31/2010 12:00:24 AM 
KB980195 Security Update for Windows XP (KB980195) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=980195 C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe 6/11/2010 3:18:19 AM 
KB980218 Security Update for Windows XP (KB980218) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=980218 C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe 6/11/2010 3:19:59 AM 
KB980232 Security Update for Windows XP (KB980232) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=980232 C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe 4/14/2010 3:03:39 AM 
KB980436 Security Update for Windows XP (KB980436) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=980436 C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe 8/12/2010 10:12:53 AM 
KB980773 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB980773) Jack 10/1/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=980773 10/1/2010 12:11:00 PM 
KB981322 Security Update for Windows XP (KB981322) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=981322 C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe 9/15/2010 7:29:33 AM 
KB981332-IE8 Security Update for Windows Internet Explorer 8 (KB981332) SYSTEM 4/14/2010 1 Update Windows XP http://support.microsoft.com/?kbid=981332-IE8 C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe 4/14/2010 3:00:51 AM 
KB981793 Hotfix for Windows XP (KB981793) Jack 5/26/2010 Update Windows XP http://support.microsoft.com/?kbid=981793 C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe 5/26/2010 7:33:39 AM 
KB981852  Security Update for Windows XP (KB981852) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=981852 C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe 8/12/2010 10:19:11 AM 
KB981997 Security Update for Windows XP (KB981997) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=981997 C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe 8/12/2010 10:09:53 AM 
KB982214 Security Update for Windows XP (KB982214) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=982214 C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe 8/12/2010 10:19:30 AM 
KB982381-IE8 Security Update for Windows Internet Explorer 8 (KB982381) SYSTEM 6/11/2010 1 Update Windows XP http://support.microsoft.com/?kbid=982381-IE8 C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe 6/11/2010 3:14:59 AM 
KB982665 Security Update for Windows XP (KB982665) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=982665 C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe 8/12/2010 10:09:36 AM 
KB982802 Security Update for Windows XP (KB982802) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=982802 C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe 9/15/2010 7:29:45 AM 
KB983583 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB983583) Jack 9/30/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=983583 9/30/2010 4:47:37 PM 
M2416447 Microsoft .NET Framework 1.1 Security Update (KB2416447) JOHN NEE 9/30/2010 Update .NETFramework http://support.microsoft.com/kb/2416447 "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp" 9/30/2010 4:50:38 PM 
M884537 N/A .NETFramework http://support.microsoft.com/kb/884537 9/30/2010 4:50:38 PM 
M885268 N/A .NETFramework http://support.microsoft.com/kb/885268 9/30/2010 4:50:38 PM 
M885274 N/A .NETFramework http://support.microsoft.com/kb/885274 9/30/2010 4:50:38 PM 
M886903 N/A .NETFramework http://support.microsoft.com/kb/886903  9/30/2010 4:50:38 PM 
M887541 N/A .NETFramework http://support.microsoft.com/kb/887541 9/30/2010 4:50:38 PM 
M887544 N/A .NETFramework http://support.microsoft.com/kb/887544 9/30/2010 4:50:38 PM 
M887559 N/A .NETFramework http://support.microsoft.com/kb/887559 9/30/2010 4:50:38 PM 
M887563 N/A .NETFramework http://support.microsoft.com/kb/887563 9/30/2010 4:50:38 PM 
M888418 N/A .NETFramework http://support.microsoft.com/kb/888418 9/30/2010 4:50:38 PM 
M888419 N/A .NETFramework http://support.microsoft.com/kb/888419 9/30/2010 4:50:38 PM 
M888420 N/A .NETFramework http://support.microsoft.com/kb/888420 9/30/2010 4:50:38 PM 
M8884201033 N/A .NETFramework http://support.microsoft.com/kb/8884201033 9/30/2010 4:50:38 PM 
M888520 N/A .NETFramework http://support.microsoft.com/kb/888520 9/30/2010 4:50:38 PM 
M888995 N/A .NETFramework http://support.microsoft.com/kb/888995 9/30/2010 4:50:38 PM 
M888999 N/A .NETFramework http://support.microsoft.com/kb/888999 9/30/2010 4:50:38 PM 
M890323 N/A .NETFramework http://support.microsoft.com/kb/890323 9/30/2010 4:50:38 PM 
M890340 N/A .NETFramework http://support.microsoft.com/kb/890340 9/30/2010 4:50:38 PM 
M890464 N/A .NETFramework http://support.microsoft.com/kb/890464 9/30/2010 4:50:38 PM 
M890465 N/A .NETFramework http://support.microsoft.com/kb/890465 9/30/2010 4:50:38 PM 
M890482 N/A .NETFramework http://support.microsoft.com/kb/890482 9/30/2010 4:50:38 PM 
M890765 N/A .NETFramework http://support.microsoft.com/kb/890765 9/30/2010 4:50:38 PM 
M890929 N/A .NETFramework http://support.microsoft.com/kb/890929 9/30/2010 4:50:38 PM 
M891009 N/A .NETFramework http://support.microsoft.com/kb/891009 9/30/2010 4:50:38 PM 
M891574 N/A .NETFramework http://support.microsoft.com/kb/891574 9/30/2010 4:50:38 PM 
M891964 N/A .NETFramework http://support.microsoft.com/kb/891964 9/30/2010 4:50:38 PM 
M892207 N/A .NETFramework http://support.microsoft.com/kb/892207 9/30/2010 4:50:38 PM 
M892492 N/A .NETFramework http://support.microsoft.com/kb/892492 9/30/2010 4:50:38 PM 
M892544 N/A .NETFramework http://support.microsoft.com/kb/892544 9/30/2010 4:50:38 PM 
M893099 N/A .NETFramework http://support.microsoft.com/kb/893099 9/30/2010 4:50:38 PM 
M893251 N/A .NETFramework http://support.microsoft.com/kb/893251 9/30/2010 4:50:38 PM 
M893360 N/A .NETFramework http://support.microsoft.com/kb/893360 9/30/2010 4:50:38 PM 
M894092 N/A .NETFramework http://support.microsoft.com/kb/894092 9/30/2010 4:50:38 PM 
M894611 N/A .NETFramework http://support.microsoft.com/kb/894611 9/30/2010 4:50:38 PM 
M8952621042 N/A .NETFramework http://support.microsoft.com/kb/8952621042 9/30/2010 4:50:38 PM 
M895581 N/A .NETFramework http://support.microsoft.com/kb/895581 9/30/2010 4:50:38 PM 
M895582 N/A .NETFramework http://support.microsoft.com/kb/895582 9/30/2010 4:50:38 PM 
M895584 N/A .NETFramework http://support.microsoft.com/kb/895584 9/30/2010 4:50:38 PM 
M895585 N/A .NETFramework http://support.microsoft.com/kb/895585 9/30/2010 4:50:38 PM 
M895586 N/A .NETFramework http://support.microsoft.com/kb/895586 9/30/2010 4:50:38 PM 
M895587 N/A .NETFramework http://support.microsoft.com/kb/895587 9/30/2010 4:50:38 PM 
M895676 N/A .NETFramework http://support.microsoft.com/kb/895676 9/30/2010 4:50:38 PM 
M896056 N/A .NETFramework http://support.microsoft.com/kb/896056 9/30/2010 4:50:38 PM 
M896246 N/A .NETFramework http://support.microsoft.com/kb/896246 9/30/2010 4:50:38 PM 
M896337 N/A .NETFramework http://support.microsoft.com/kb/896337 9/30/2010 4:50:38 PM 
M896600 N/A .NETFramework http://support.microsoft.com/kb/896600 9/30/2010 4:50:38 PM 
M8969821041 N/A .NETFramework http://support.microsoft.com/kb/8969821041 9/30/2010 4:50:38 PM 
M8989011042 N/A .NETFramework http://support.microsoft.com/kb/8989011042 9/30/2010 4:50:38 PM 
M899177 N/A .NETFramework http://support.microsoft.com/kb/899177 9/30/2010 4:50:38 PM 
M899181 N/A .NETFramework http://support.microsoft.com/kb/899181 9/30/2010 4:50:38 PM 
M899524 N/A .NETFramework http://support.microsoft.com/kb/899524 9/30/2010 4:50:38 PM 
M900703 N/A .NETFramework http://support.microsoft.com/kb/900703 9/30/2010 4:50:38 PM 
M900822 N/A .NETFramework http://support.microsoft.com/kb/900822 9/30/2010 4:50:38 PM 
M90120210332 N/A .NETFramework http://support.microsoft.com/kb/90120210332 9/30/2010 4:50:38 PM 
M903666 N/A .NETFramework http://support.microsoft.com/kb/903666 9/30/2010 4:50:38 PM 
M904416 N/A .NETFramework http://support.microsoft.com/kb/904416 9/30/2010 4:50:38 PM 
M9044161041 N/A .NETFramework http://support.microsoft.com/kb/9044161041 9/30/2010 4:50:38 PM 
M904566 N/A .NETFramework http://support.microsoft.com/kb/904566 9/30/2010 4:50:38 PM 
M904705 N/A .NETFramework http://support.microsoft.com/kb/904705 9/30/2010 4:50:38 PM 
M905302 N/A .NETFramework http://support.microsoft.com/kb/905302 9/30/2010 4:50:38 PM 
M905891 N/A .NETFramework http://support.microsoft.com/kb/905891 9/30/2010 4:50:38 PM 
M906588 N/A .NETFramework http://support.microsoft.com/kb/906588 9/30/2010 4:50:38 PM 
M907262 N/A .NETFramework http://support.microsoft.com/kb/907262 9/30/2010 4:50:38 PM 
M9072621033 N/A .NETFramework http://support.microsoft.com/kb/9072621033 9/30/2010 4:50:38 PM 
M9072621111 N/A .NETFramework http://support.microsoft.com/kb/9072621111 9/30/2010 4:50:38 PM 
M907432 N/A .NETFramework http://support.microsoft.com/kb/907432 9/30/2010 4:50:38 PM 
M907544 N/A .NETFramework http://support.microsoft.com/kb/907544 9/30/2010 4:50:38 PM 
M9075441033 N/A .NETFramework http://support.microsoft.com/kb/9075441033 9/30/2010 4:50:38 PM 
M9075441041 N/A .NETFramework http://support.microsoft.com/kb/9075441041 9/30/2010 4:50:38 PM 
M907720 N/A .NETFramework http://support.microsoft.com/kb/907720 9/30/2010 4:50:38 PM 
M907829 N/A .NETFramework http://support.microsoft.com/kb/907829 9/30/2010 4:50:38 PM 
M908001 N/A .NETFramework http://support.microsoft.com/kb/908001 9/30/2010 4:50:38 PM 
M9081271041 N/A .NETFramework http://support.microsoft.com/kb/9081271041 9/30/2010 4:50:38 PM 
M908787 N/A .NETFramework http://support.microsoft.com/kb/908787 9/30/2010 4:50:38 PM 
M908796 N/A .NETFramework http://support.microsoft.com/kb/908796 9/30/2010 4:50:38 PM 
M909766 N/A .NETFramework http://support.microsoft.com/kb/909766 9/30/2010 4:50:38 PM 
M910553 N/A .NETFramework http://support.microsoft.com/kb/910553 9/30/2010 4:50:38 PM 
M911205 N/A .NETFramework http://support.microsoft.com/kb/911205 9/30/2010 4:50:38 PM 
M911309 N/A .NETFramework http://support.microsoft.com/kb/911309 9/30/2010 4:50:38 PM 
M9113091041 N/A .NETFramework http://support.microsoft.com/kb/9113091041 9/30/2010 4:50:38 PM 
M913937 N/A .NETFramework http://support.microsoft.com/kb/913937 9/30/2010 4:50:38 PM 
M915808 N/A .NETFramework http://support.microsoft.com/kb/915808 9/30/2010 4:50:38 PM 
M9158083082 N/A .NETFramework http://support.microsoft.com/kb/9158083082 9/30/2010 4:50:38 PM 
M920978 N/A .NETFramework http://support.microsoft.com/kb/920978 9/30/2010 4:50:38 PM 
M922542 N/A .NETFramework http://support.microsoft.com/kb/922542 9/30/2010 4:50:38 PM 
M923754 N/A .NETFramework http://support.microsoft.com/kb/923754 9/30/2010 4:50:38 PM 
M9267641041 N/A .NETFramework http://support.microsoft.com/kb/9267641041 9/30/2010 4:50:38 PM 
M9274951033 N/A .NETFramework http://support.microsoft.com/kb/9274951033 9/30/2010 4:50:38 PM 
M928366 N/A .NETFramework http://support.microsoft.com/kb/928366 9/30/2010 4:50:38 PM 
M9283661033 N/A .NETFramework http://support.microsoft.com/kb/9283661033 9/30/2010 4:50:38 PM 
M928398 N/A .NETFramework http://support.microsoft.com/kb/928398 9/30/2010 4:50:38 PM 
M929688 N/A .NETFramework http://support.microsoft.com/kb/929688 9/30/2010 4:50:38 PM 
M929729 N/A .NETFramework http://support.microsoft.com/kb/929729 9/30/2010 4:50:38 PM 
M9311081033 N/A .NETFramework http://support.microsoft.com/kb/9311081033 9/30/2010 4:50:38 PM 
M933227 N/A .NETFramework http://support.microsoft.com/kb/933227 9/30/2010 4:50:38 PM 
M934815 N/A .NETFramework http://support.microsoft.com/kb/934815 9/30/2010 4:50:38 PM 
M935224 N/A .NETFramework http://support.microsoft.com/kb/935224 9/30/2010 4:50:38 PM 
M937501 N/A .NETFramework http://support.microsoft.com/kb/937501 9/30/2010 4:50:38 PM 
M939044 N/A .NETFramework http://support.microsoft.com/kb/939044 9/30/2010 4:50:38 PM 
M940354 N/A .NETFramework http://support.microsoft.com/kb/940354 9/30/2010 4:50:38 PM 
M940711 N/A .NETFramework http://support.microsoft.com/kb/940711 9/30/2010 4:50:38 PM 
M942228 N/A .NETFramework http://support.microsoft.com/kb/942228 9/30/2010 4:50:38 PM 
M953297 N/A .NETFramework http://support.microsoft.com/kb/953297 9/30/2010 4:50:38 PM 
M974762 N/A .NETFramework http://support.microsoft.com/kb/974762 9/30/2010 4:50:38 PM 
M975948 N/A .NETFramework http://support.microsoft.com/kb/975948 9/30/2010 4:50:38 PM 
M979906 Microsoft .NET Framework 1.1 Security Update (KB979906) JOHN NEE 6/11/2010 Update .NETFramework http://support.microsoft.com/kb/979906 "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp" 6/11/2010 3:16:57 AM 
M9799061033 N/A .NETFramework http://support.microsoft.com/kb/9799061033 9/30/2010 4:50:38 PM 
MSCompPackV1 Microsoft Compression Client Pack 1.0 for Windows XP Jack 1/4/2010 Update Windows XP http://support.microsoft.com/kb/SCompPackV1 1/9/2010 4:59:16 PM 
Q954430 Security update for MSXML4 SP2 (KB954430) JOHN NEE 2/21/2010 MSXML4SP2 http://support.microsoft.com/?kbid=954430 2/21/2010 1:32:33 PM 
Q973688 Security update for MSXML4 SP2 (KB973688) JOHN NEE 2/21/2010 MSXML4SP2 http://support.microsoft.com/?kbid=973688 2/21/2010 1:32:26 PM 
S867460 Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) JOHN NEE 12/21/2009 Update .NETFramework http://support.microsoft.com/?kbid=S867460 12/22/2009 12:41:12 AM 
SP3 Microsoft .NET Framework 1.0 Service Pack 3 N/A SP .NETFramework http://support.microsoft.com/?kbid=SP3 12/22/2009 2:04:49 AM 
WMFDist11 Jack 1/4/2010 Update Windows Media Format 11 runtime http://support.microsoft.com/?kbid=WMFDist11 1/9/2010 4:59:16 PM 
wmp11 Jack 1/4/2010 Update Windows Media Player 11 http://support.microsoft.com/?kbid=wmp11 1/9/2010 4:59:16 PM 
Wudf01000 Jack 1/4/2010 Update Windows XP http://support.microsoft.com/?kbid=Wudf01000 1/9/2010 4:59:16 PM


----------



## jdn (Dec 24, 2009)

UPDATE 10-13-2010

For some unknown reason, the option to Run Minimize has returned.
I mentioned that this had gone away in a previous post. When I boot now, my Mozilla Thunderbird opens minimized [This is how it's suppose to be], For the last couple weeks it had been opening in a Normal Window. I didn't change anything.

When I booted this morning got a yellow shield that 11 W updates were available from MS. Clicked download and window closed and nothing happened. Went to MS Updates and got message I was hiding priority updates. These are the two that has been causing the recent problem and have not been installed per Windows Update List. Scan for available updates resulted in 11 items to install. 
[List did not include the two that have been a problem]. Clicked Install and all were successfully installed [They are listed in Windows Update List] When I returned to MS Update window, the warning that I was hiding priority updates was gone.


----------



## Cookiegal (Aug 27, 2003)

Please post this list again.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## jdn (Dec 24, 2009)

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Agent Ransack Version 1.7.3
Apple Application Support
Apple Software Update
Audacity 1.2.6
AutoStreamer
Belarc Advisor 7.2
CA Pest Patrol Realtime Protection
CA Yahoo! Anti-Spy (remove only)
CCleaner
Conexant D850 56K V.9x DFVc Modem
CreataCard Special Edition - Epson 2
Defraggler
Dell Resource CD
EasyCleaner
exPressit S.E. 2.2
FormatFactory 2.50
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
Java(TM) 6 Update 21
LAME v3.98.2 for Audacity
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Software Suite 1.5.1
NCH Toolbox
Nero 6
Nero Digital
Norton Ghost 10.0
Norton Security Suite
OLYMPUS CAMEDIA Master 4.1
OpenOffice.org 3.2
Paragon Backup & Recovery&#8482; 10.1 Free Edition
pdfFactory
Picasa 3
Prism Video Converter
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
SigmaTel Audio
Sonic Encoders
Sony Picture Utility
Sony USB Driver
SUPER © Version 2010.bld.38 (May 2, 2010)
SupportSoft Assisted Service
The Print Shop 12
THE Rename 2.1.6
Tweak UI
Ulead iPhoto Plus 4.0
Ultra Defragmenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
VideoPad Video Editor
WavePad Sound Editor
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinUpdatesList
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## jdn (Dec 24, 2009)

Under Systems

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/15/2010
Time: 5:09:27 AM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/14/2010
Time: 9:10:29 AM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gupdate1ca833a9bea4bcb with arguments "/comsvc" in order to run the server:
{E225E692-4B47-4777-9BED-4FD7FE257F0E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/14/2010
Time: 9:10:27 AM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/13/2010
Time: 7:23:38 AM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gupdate1ca833a9bea4bcb with arguments "/comsvc" in order to run the server:
{E225E692-4B47-4777-9BED-4FD7FE257F0E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/13/2010
Time: 7:23:38 AM
User: JOHN\Jack
Computer: JOHN
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

These are same errors that I reported to you back on 10-6-2010 [Post # 60]. They keep reoccurring.

The last error under Applications was:

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 10/11/2010
Time: 7:39:46 AM
User: N/A
Computer: JOHN
Description:
Faulting application i_view32.exe, version 4.2.5.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00037386.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 5f 76 ure i_v
0018: 69 65 77 33 32 2e 65 78 iew32.ex
0020: 65 20 34 2e 32 2e 35 2e e 4.2.5.
0028: 30 20 69 6e 20 6e 74 64 0 in ntd
0030: 6c 6c 2e 64 6c 6c 20 35 ll.dll 5
0038: 2e 31 2e 32 36 30 30 2e .1.2600.
0040: 35 37 35 35 20 61 74 20 5755 at 
0048: 6f 66 66 73 65 74 20 30 offset 0
0050: 30 30 33 37 33 38 36 0d 0037386.
0058: 0a


----------



## Cookiegal (Aug 27, 2003)

Please upload the new C:\Windows\WindowsUpdate.log since the last updates were run.


----------



## jdn (Dec 24, 2009)

Based on the history info from Windows update, the two updated of concern were installed on October 1. I'm not sure how you want me to forward [upload] the log file to you. Since it is such a large file I'm assuming you want me to attach it opposed to pasting it.


----------



## jdn (Dec 24, 2009)

File was too big so I'm 'm sending it compressed.


----------



## jdn (Dec 24, 2009)

Found the following event error this morning

Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: 10/18/2010
Time: 6:49:19 AM
User: N/A
Computer: JOHN
Description:
The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 00:24:36:6C:77:32. Network operations on this system may be disrupted as a result.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 50 00 ......P.
0008: 00 00 00 00 67 10 00 c0 ....g..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Reran installation of two W updates this morning at 8:05 and am attaching the Windows update log.

The update list below does not include the updates [kb982168 and kb982524] but there are 20 items listed with an update date of 10-18-2010 [today] ???

ie8 Jack 1/2/2010 20090308.140743 Update Windows XP http://support.microsoft.com/?kbid=ie8 C:\WINDOWS\ie8\spuninst\spuninst.exe 1/1/2010 9:42:21 PM 
KB2079403 Security Update for Windows XP (KB2079403) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=2079403 C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe 8/12/2010 10:18:38 AM 
KB2115168 Security Update for Windows XP (KB2115168) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=2115168 C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe 8/12/2010 10:19:19 AM 
KB2121546 Security Update for Windows XP (KB2121546) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2121546 C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe 9/15/2010 7:29:52 AM 
KB2141007 Update for Windows XP (KB2141007) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2141007 C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe 9/15/2010 7:26:50 AM 
KB2158563 Hotfix for Windows XP (KB2158563) Jack 9/29/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2158563 C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe 9/29/2010 12:53:50 AM 
KB2160329 Security Update for Windows XP (KB2160329) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=2160329 C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe 8/12/2010 10:13:11 AM 
KB2183461-IE8 Security Update for Windows Internet Explorer 8 (KB2183461) Jack 8/12/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2183461-IE8 C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe 8/12/2010 10:13:43 AM 
KB2229593 Security Update for Windows XP (KB2229593) Jack 7/14/2010 Update Windows XP http://support.microsoft.com/?kbid=2229593 C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe 7/14/2010 6:00:02 AM 
KB2259922 Security Update for Windows XP (KB2259922) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2259922 C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe 9/15/2010 7:30:13 AM 
KB2279986 Security Update for Windows XP (KB2279986) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2279986 C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe 10/13/2010 7:30:05 AM 
KB2286198 Security Update for Windows XP (KB2286198) Jack 8/3/2010 Update Windows XP http://support.microsoft.com/?kbid=2286198 C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe 8/3/2010 7:37:26 AM 
KB2296011 Security Update for Windows XP (KB2296011) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2296011 C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe 10/13/2010 7:28:24 AM 
KB2345886 Update for Windows XP (KB2345886) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2345886 C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe 10/13/2010 7:28:33 AM 
KB2347290 Security Update for Windows XP (KB2347290) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=2347290 C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe 9/15/2010 7:29:59 AM 
KB2360131-IE8 Security Update for Windows Internet Explorer 8 (KB2360131) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2360131-IE8 C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe 10/13/2010 7:29:03 AM 
KB2360937 Security Update for Windows XP (KB2360937) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2360937 C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe 10/13/2010 7:30:14 AM 
KB2378111_WM9 Security Update for Windows Media Player (KB2378111) N/A Windows Media Player http://support.microsoft.com/?kbid=2378111_WM9 10/13/2010 7:29:16 AM 
KB2378111_WM9 Jack 10/13/2010 Update Windows Media Player http://support.microsoft.com/?kbid=2378111_WM9 C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe 10/13/2010 7:29:18 AM 
KB2387149 Security Update for Windows XP (KB2387149) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=2387149 C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe 10/13/2010 7:29:39 AM 
KB2416473 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Jack 9/30/2010 Microsoft .NET Framework 3.5 SP1 http://support.microsoft.com/?kbid=2416473 9/30/2010 4:49:42 PM 
KB2418241 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB2418241) Jack 9/30/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=2418241 9/30/2010 4:47:38 PM 
KB835221WXP High Definition Audio Driver Package - KB835221 Jack 12/22/2009 Update Windows XP OOB http://support.microsoft.com/?kbid=835221WXP 12/25/2009 4:33:01 PM 
KB892130 Jack 12/22/2009 Update WGA http://support.microsoft.com/?kbid=892130 12/22/2009 1:38:58 AM 
KB900325 Update Rollup 2 for Windows XP Media Center Edition 2005 Jack 12/22/2009 Update Media Center 2005 http://support.microsoft.com/?kbid=900325 12/25/2009 4:33:01 PM 
KB903157 Jack 12/22/2009 Update Windows Media Player 10 http://support.microsoft.com/?kbid=903157 12/25/2009 4:33:01 PM 
KB923561 Security Update for Windows XP (KB923561) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=923561 12/25/2009 4:33:01 PM 
KB923689 Security Update for Windows XP (KB923689) N/A Windows XP http://support.microsoft.com/?kbid=923689 12/22/2009 2:20:58 AM 
KB923689 Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=923689 12/25/2009 4:33:01 PM 
KB925766 Windows XP Media Center Edition 2005 KB925766 Jack 1/4/2010 Update Windows XP http://support.microsoft.com/?kbid=925766 1/9/2010 4:59:16 PM 
KB929399 Hotfix for Windows Media Format 11 SDK (KB929399) N/A Windows Media Format 11 SDK http://support.microsoft.com/?kbid=929399 1/4/2010 9:59:44 PM 
KB929399 Jack 1/5/2010 Update Windows Media Format 11 SDK http://support.microsoft.com/?kbid=929399 1/9/2010 4:59:16 PM 
KB936782_WMP10 Security Update for Windows Media Player 10 (KB936782) N/A Windows Media Player 10 http://support.microsoft.com/?kbid=936782_WMP10 12/22/2009 2:17:17 AM 
KB936782_WMP10 Jack 12/22/2009 Update Windows Media Player 10 http://support.microsoft.com/?kbid=936782_WMP10 12/25/2009 4:33:01 PM 
KB936929 Windows XP Service Pack 3 Jack 12/22/2009 Service Pack Windows XP http://support.microsoft.com/?kbid=936929 12/25/2009 4:33:01 PM 
KB939683 Hotfix for Windows Media Player 11 (KB939683) N/A Windows Media Player 11 http://support.microsoft.com/?kbid=939683 1/4/2010 9:59:27 PM 
KB939683 Jack 1/5/2010 Update Windows Media Player 11 http://support.microsoft.com/?kbid=939683 1/9/2010 4:59:16 PM 
KB941569 Security Update for Windows XP (KB941569) N/A Windows XP http://support.microsoft.com/?kbid=941569 12/22/2009 2:21:27 AM 
KB941569 Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=941569 12/25/2009 4:33:01 PM 
KB946102 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB946102) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=946102 10/18/2010 8:09:24 AM 
KB946457 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB946457) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=946457 10/18/2010 8:09:24 AM 
KB946573 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB946573) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=946573 10/18/2010 8:09:24 AM 
KB946648 Security Update for Windows XP (KB946648) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=946648 12/25/2009 4:33:01 PM 
KB947317 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB947317) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=947317 10/18/2010 8:09:25 AM 
KB948233 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB948233) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=948233 10/18/2010 8:09:25 AM 
KB948233v2 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB948233) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=948233v2 10/18/2010 8:09:25 AM 
KB948646 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB948646) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=948646 10/18/2010 8:09:25 AM 
KB949226 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB949226) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=949226 10/18/2010 8:09:25 AM 
KB949777 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB949777) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=949777 10/18/2010 8:09:25 AM 
KB950230 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB950230) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=950230 10/18/2010 8:09:25 AM 
KB950762 Security Update for Windows XP (KB950762) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=950762 12/25/2009 4:33:01 PM 
KB950974 Security Update for Windows XP (KB950974) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=950974 12/25/2009 4:33:01 PM 
KB950986 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB950986) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=950986 10/18/2010 8:09:25 AM 
KB951066 Security Update for Windows XP (KB951066) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951066 12/25/2009 4:33:01 PM 
KB951113 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB951113) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=951113 10/18/2010 8:09:25 AM 
KB951376-v2 Security Update for Windows XP (KB951376-v2) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951376-v2 12/25/2009 4:33:01 PM 
KB951748 Security Update for Windows XP (KB951748) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951748 12/25/2009 4:33:01 PM 
KB951978 Update for Windows XP (KB951978) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=951978 12/25/2009 4:33:01 PM 
KB952004 Security Update for Windows XP (KB952004) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=952004 12/25/2009 4:33:01 PM 
KB952011 Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray SYSTEM 1/12/2010 Update Windows XP http://support.microsoft.com/?kbid=952011 1/12/2010 6:10:29 PM 
KB952069_WM9 Security Update for Windows Media Player (KB952069) N/A Windows Media Player http://support.microsoft.com/?kbid=952069_WM9 12/22/2009 3:18:12 AM 
KB952069_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=952069_WM9 12/25/2009 4:33:01 PM 
KB952287 Hotfix for Windows XP (KB952287) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=952287 12/25/2009 4:33:01 PM 
KB952324 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB952324) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=952324 10/18/2010 8:09:25 AM 
KB952346 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB952346) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=952346 10/18/2010 8:09:25 AM 
KB952883 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB952883) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=952883 10/18/2010 8:09:25 AM 
KB952954 Security Update for Windows XP (KB952954) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=952954 12/25/2009 4:33:01 PM 
KB953295 Microsoft .NET Framework 1.0 Hotfix (KB953295) N/A QFE .NETFramework http://support.microsoft.com/?kbid=953295 12/22/2009 2:17:42 AM 
KB953295 Microsoft .NET Framework 1.0 Hotfix (KB953295) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=953295 12/25/2009 4:33:01 PM 
KB954154_WM11 Security Update for Windows Media Player 11 (KB954154) N/A Windows Media Player 11 http://support.microsoft.com/?kbid=954154_WM11 1/4/2010 9:58:42 PM 
KB954154_WM11 Jack 1/5/2010 Update Windows Media Player 11 http://support.microsoft.com/?kbid=954154_WM11 1/9/2010 4:59:16 PM 
KB954155_WM9 Security Update for Windows Media Player (KB954155) N/A Windows Media Player http://support.microsoft.com/?kbid=954155_WM9 12/22/2009 3:18:07 AM 
KB954155_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=954155_WM9 12/25/2009 4:33:01 PM 
KB954550-v5 Hotfix for Windows XP (KB954550-v5) Jack 12/22/2009 5 Update Windows XP http://support.microsoft.com/?kbid=954550-v5 12/22/2009 11:56:02 AM 
KB955069 Security Update for Windows XP (KB955069) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=955069 12/25/2009 4:33:01 PM 
KB955759 Update for Windows XP (KB955759) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=955759 12/25/2009 4:33:01 PM 
KB956572 Security Update for Windows XP (KB956572) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956572 12/25/2009 4:33:01 PM 
KB956744 Security Update for Windows XP (KB956744) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956744 12/25/2009 4:33:01 PM 
KB956802 Security Update for Windows XP (KB956802) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956802 12/25/2009 4:33:01 PM 
KB956803 Security Update for Windows XP (KB956803) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956803 12/25/2009 4:33:01 PM 
KB956844 Security Update for Windows XP (KB956844) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=956844 12/25/2009 4:33:01 PM 
KB957097 Security Update for Windows XP (KB957097) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=957097 12/25/2009 4:33:01 PM 
KB958481 Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (KB958481) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=958481 10/18/2010 8:09:25 AM 
KB958483 Hotfix for Microsoft .NET Framework 3.0 Service Pack 1 (KB958483) Jack 12/22/2009 Microsoft .NET Framework 3.0 Service Pack 2 http://support.microsoft.com/?kbid=958483 12/22/2009 12:01:59 PM 
KB958484 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Jack 9/30/2010 Microsoft .NET Framework 3.5 SP1 http://support.microsoft.com/?kbid=958484 9/30/2010 4:49:42 PM 
KB958644 Security Update for Windows XP (KB958644) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=958644 12/25/2009 4:33:01 PM 
KB958687 Security Update for Windows XP (KB958687) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=958687 12/25/2009 4:33:01 PM 
KB958869 Security Update for Windows XP (KB958869) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=958869 12/25/2009 4:33:01 PM 
KB959426 Security Update for Windows XP (KB959426) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=959426 12/25/2009 4:33:01 PM 
KB960225 Security Update for Windows XP (KB960225) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=960225 12/25/2009 4:33:01 PM 
KB960803 Security Update for Windows XP (KB960803) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=960803 12/25/2009 4:33:01 PM 
KB960859 Security Update for Windows XP (KB960859) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=960859 12/25/2009 4:33:01 PM 
KB961118 Hotfix for Windows XP (KB961118) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=961118 12/25/2009 4:33:01 PM 
KB961371-v2 Security Update for Windows XP (KB961371-v2) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=961371-v2 12/25/2009 4:33:01 PM 
KB961501 Security Update for Windows XP (KB961501) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=961501 12/25/2009 4:33:01 PM 
KB963707 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Jack 12/22/2009 Microsoft .NET Framework 3.5 SP1 http://support.microsoft.com/?kbid=963707 12/22/2009 12:23:51 PM 
KB967715 Update for Windows XP (KB967715) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=967715 12/25/2009 4:33:01 PM 
KB968389 Update for Windows XP (KB968389) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=968389 12/25/2009 4:33:01 PM 
KB968816_WM9 Security Update for Windows Media Player (KB968816) N/A Windows Media Player http://support.microsoft.com/?kbid=968816_WM9 12/22/2009 3:18:03 AM 
KB968816_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=968816_WM9 12/25/2009 4:33:01 PM 
KB969059 Security Update for Windows XP (KB969059) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=969059 12/25/2009 4:33:01 PM 
KB969947 Security Update for Windows XP (KB969947) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=969947 12/25/2009 4:33:01 PM 
KB970238 Security Update for Windows XP (KB970238) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=970238 12/25/2009 4:33:01 PM 
KB970430 Security Update for Windows XP (KB970430) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=970430 12/25/2009 4:33:01 PM 
KB971468 Security Update for Windows XP (KB971468) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=971468 C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe 2/12/2010 12:51:45 AM 
KB971486 Security Update for Windows XP (KB971486) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971486 12/25/2009 4:33:01 PM 
KB971557 Security Update for Windows XP (KB971557) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971557 12/25/2009 4:33:01 PM 
KB971633 Security Update for Windows XP (KB971633) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971633 12/25/2009 4:33:01 PM 
KB971657 Security Update for Windows XP (KB971657) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971657 12/25/2009 4:33:01 PM 
KB971737 Update for Windows XP (KB971737) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=971737 12/25/2009 4:33:01 PM 
KB971961-IE8 Security Update for Windows Internet Explorer 8 (KB971961) Jack 1/2/2010 1 Update Windows XP http://support.microsoft.com/?kbid=971961-IE8 C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe 1/1/2010 10:04:56 PM 
KB972270 Security Update for Windows XP (KB972270) Jack 1/12/2010 Update Windows XP http://support.microsoft.com/?kbid=972270 1/16/2010 6:32:46 PM 
KB973354 Security Update for Windows XP (KB973354) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973354 12/25/2009 4:33:01 PM 
KB973507 Security Update for Windows XP (KB973507) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973507 12/25/2009 4:33:01 PM 
KB973525 Security Update for Windows XP (KB973525) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973525 12/25/2009 4:33:01 PM 
KB973540_WM9 Security Update for Windows Media Player (KB973540) N/A Windows Media Player http://support.microsoft.com/?kbid=973540_WM9 12/22/2009 3:17:43 AM 
KB973540_WM9 Jack 12/22/2009 Update Windows Media Player http://support.microsoft.com/?kbid=973540_WM9 12/25/2009 4:33:01 PM 
KB973687 Update for Windows XP (KB973687) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973687 12/25/2009 4:33:01 PM 
KB973768 Windows XP Media Center Edition 2005 KB973768 Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973768 12/25/2009 4:33:01 PM 
KB973815 Update for Windows XP (KB973815) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973815 12/25/2009 4:33:01 PM 
KB973869 Security Update for Windows XP (KB973869) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973869 12/25/2009 4:33:01 PM 
KB973904 Security Update for Windows XP (KB973904) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=973904 12/25/2009 4:33:01 PM 
KB974112 Security Update for Windows XP (KB974112) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974112 12/25/2009 4:33:01 PM 
KB974318 Security Update for Windows XP (KB974318) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974318 12/25/2009 4:33:01 PM 
KB974392 Security Update for Windows XP (KB974392) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974392 12/25/2009 4:33:01 PM 
KB974571 Security Update for Windows XP (KB974571) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=974571 12/25/2009 4:33:01 PM 
KB975025 Security Update for Windows XP (KB975025) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=975025 12/25/2009 4:33:01 PM 
KB975364-IE8 Update for Windows Internet Explorer 8 (KB975364) Jack 1/2/2010 1 Update Windows XP http://support.microsoft.com/?kbid=975364-IE8 C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe 1/1/2010 9:43:23 PM 
KB975467 Security Update for Windows XP (KB975467) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=975467 12/25/2009 4:33:01 PM 
KB975558_WM8 Security Update for Windows Media Player (KB975558) N/A Windows Media Player http://support.microsoft.com/?kbid=975558_WM8 9/15/2010 7:30:07 AM 
KB975558_WM8 Jack 9/15/2010 Update Windows Media Player http://support.microsoft.com/?kbid=975558_WM8 C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe 9/15/2010 7:30:07 AM 
KB975560 Security Update for Windows XP (KB975560) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=975560 C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe 2/12/2010 12:48:57 AM 
KB975561 Security Update for Windows XP (KB975561) Jack 3/11/2010 Update Windows XP http://support.microsoft.com/?kbid=975561 C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe 3/11/2010 12:04:25 AM 
KB975562 Security Update for Windows XP (KB975562) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=975562 C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe 6/11/2010 3:09:47 AM 
KB975713 Security Update for Windows XP (KB975713) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=975713 C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe 2/12/2010 12:49:12 AM 
KB976098-v2 Hotfix for Windows XP (KB976098-v2) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=976098-v2 12/25/2009 4:33:01 PM 
KB976325 Security Update for Windows XP (KB976325) Jack 12/22/2009 Update Windows XP http://support.microsoft.com/?kbid=976325 12/25/2009 4:33:01 PM 
KB976325-IE8 Security Update for Windows Internet Explorer 8 (KB976325) Jack 1/2/2010 1 Update Windows XP http://support.microsoft.com/?kbid=976325-IE8 C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe 1/1/2010 9:43:51 PM 
KB976576 Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB976576) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=976576 10/18/2010 8:09:25 AM 
KB976662-IE8 Update for Windows Internet Explorer 8 (KB976662) Jack 2/24/2010 1 Update Windows XP http://support.microsoft.com/?kbid=976662-IE8 C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe 2/24/2010 8:25:29 AM 
KB976769v2 Security Update for Microsoft .NET Framework 3.0 Service Pack 1 (KB976769) Jack 10/18/2010 Microsoft .NET Framework 3.0 Service Pack 2 http://support.microsoft.com/?kbid=976769v2 10/18/2010 8:11:31 AM 
KB977165-v2 Security Update for Windows XP (KB977165-v2) Jack 3/4/2010 Update Windows XP http://support.microsoft.com/?kbid=977165-v2 C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe 3/4/2010 6:41:38 PM 
KB977354v2 Update for Microsoft .NET Framework 3.0 Service Pack 1 (KB977354) Jack 10/18/2010 Microsoft .NET Framework 3.0 Service Pack 2 http://support.microsoft.com/?kbid=977354v2 10/18/2010 8:11:31 AM 
KB977816 Security Update for Windows XP (KB977816) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=977816 C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe 4/14/2010 3:01:04 AM 
KB977914 Security Update for Windows XP (KB977914) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=977914 C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe 2/12/2010 12:48:48 AM 
KB978037 Security Update for Windows XP (KB978037) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978037 C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe 2/12/2010 12:49:18 AM 
KB978207-IE8 Security Update for Windows Internet Explorer 8 (KB978207) SYSTEM 1/22/2010 1 Update Windows XP http://support.microsoft.com/?kbid=978207-IE8 C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe 1/22/2010 4:01:02 AM 
KB978251 Security Update for Windows XP (KB978251) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978251 C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe 2/12/2010 12:49:05 AM 
KB978262 Security Update for Windows XP (KB978262) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978262 C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe 2/12/2010 12:51:50 AM 
KB978338 Security Update for Windows XP (KB978338) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=978338 C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe 4/14/2010 3:01:13 AM 
KB978542 Security Update for Windows XP (KB978542) SYSTEM 5/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978542 C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe 5/12/2010 3:00:21 AM 
KB978601 Security Update for Windows XP (KB978601) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=978601 C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe 4/14/2010 3:00:57 AM 
KB978695_WM9 Security Update for Windows Media Player (KB978695) N/A Windows Media Player http://support.microsoft.com/?kbid=978695_WM9 6/11/2010 3:10:09 AM 
KB978695_WM9 SYSTEM 6/11/2010 Update Windows Media Player http://support.microsoft.com/?kbid=978695_WM9 C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe 6/11/2010 3:10:09 AM 
KB978706 Security Update for Windows XP (KB978706) SYSTEM 2/12/2010 Update Windows XP http://support.microsoft.com/?kbid=978706 C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe 2/12/2010 12:48:32 AM 
KB979306 Hotfix for Windows XP (KB979306) Jack 2/24/2010 Update Windows XP http://support.microsoft.com/?kbid=979306 C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe 2/24/2010 8:25:10 AM 
KB979309 Security Update for Windows XP (KB979309) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=979309 C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe 4/14/2010 3:00:40 AM 
KB979482 Security Update for Windows XP (KB979482) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=979482 C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe 6/11/2010 3:10:01 AM 
KB979559 Security Update for Windows XP (KB979559) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=979559 C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe 6/11/2010 3:15:20 AM 
KB979683 Security Update for Windows XP (KB979683) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=979683 C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe 4/14/2010 3:03:53 AM 
KB979687 Security Update for Windows XP (KB979687) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=979687 C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe 10/13/2010 7:28:10 AM 
KB979904 Microsoft .NET Framework 1.0 Hotfix (KB979904) N/A QFE .NETFramework http://support.microsoft.com/?kbid=979904 6/11/2010 3:19:36 AM 
KB979904 Microsoft .NET Framework 1.0 Hotfix (KB979904) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=979904 C:\WINDOWS\$NtUninstallKB979904$\spuninst\spuninst.exe 6/11/2010 3:19:37 AM 
KB979909 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB979909) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=979909 10/18/2010 8:09:25 AM 
KB980182-IE8 Update for Windows Internet Explorer 8 (KB980182) Jack 3/31/2010 1 Update Windows XP http://support.microsoft.com/?kbid=980182-IE8 C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe 3/31/2010 12:00:24 AM 
KB980195 Security Update for Windows XP (KB980195) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=980195 C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe 6/11/2010 3:18:19 AM 
KB980218 Security Update for Windows XP (KB980218) SYSTEM 6/11/2010 Update Windows XP http://support.microsoft.com/?kbid=980218 C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe 6/11/2010 3:19:59 AM 
KB980232 Security Update for Windows XP (KB980232) SYSTEM 4/14/2010 Update Windows XP http://support.microsoft.com/?kbid=980232 C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe 4/14/2010 3:03:39 AM 
KB980436 Security Update for Windows XP (KB980436) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=980436 C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe 8/12/2010 10:12:53 AM 
KB980773 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB980773) Jack 10/18/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=980773 10/18/2010 8:09:25 AM 
KB981322 Security Update for Windows XP (KB981322) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=981322 C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe 9/15/2010 7:29:33 AM 
KB981332-IE8 Security Update for Windows Internet Explorer 8 (KB981332) SYSTEM 4/14/2010 1 Update Windows XP http://support.microsoft.com/?kbid=981332-IE8 C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe 4/14/2010 3:00:51 AM 
KB981793 Hotfix for Windows XP (KB981793) Jack 5/26/2010 Update Windows XP http://support.microsoft.com/?kbid=981793 C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe 5/26/2010 7:33:39 AM 
KB981852 Security Update for Windows XP (KB981852) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=981852 C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe 8/12/2010 10:19:11 AM 
KB981957 Security Update for Windows XP (KB981957) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=981957 C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe 10/13/2010 7:29:56 AM 
KB981997 Security Update for Windows XP (KB981997) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=981997 C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe 8/12/2010 10:09:53 AM 
KB982132 Security Update for Windows XP (KB982132) Jack 10/13/2010 1 Update Windows XP http://support.microsoft.com/?kbid=982132 C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe 10/13/2010 7:29:47 AM 
KB982214 Security Update for Windows XP (KB982214) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=982214 C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe 8/12/2010 10:19:30 AM 
KB982381-IE8 Security Update for Windows Internet Explorer 8 (KB982381) SYSTEM 6/11/2010 1 Update Windows XP http://support.microsoft.com/?kbid=982381-IE8 C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe 6/11/2010 3:14:59 AM 
KB982665 Security Update for Windows XP (KB982665) Jack 8/12/2010 Update Windows XP http://support.microsoft.com/?kbid=982665 C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe 8/12/2010 10:09:36 AM 
KB982802 Security Update for Windows XP (KB982802) Jack 9/15/2010 Update Windows XP http://support.microsoft.com/?kbid=982802 C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe 9/15/2010 7:29:45 AM 
KB983583 Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB983583) Jack 9/30/2010 Microsoft .NET Framework 2.0 Service Pack 2 http://support.microsoft.com/?kbid=983583 9/30/2010 4:47:37 PM 
M2416447 Microsoft .NET Framework 1.1 Security Update (KB2416447) JOHN NEE 9/30/2010 Update .NETFramework http://support.microsoft.com/kb/2416447 "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp" 9/30/2010 4:50:38 PM


----------



## Cookiegal (Aug 27, 2003)

The log shows those two updates were hidden so they weren't installed.

Is this computer networked with others?


----------



## jdn (Dec 24, 2009)

It is not networked.

This is what I did this morning. I opened the MS Update site. I checked the history and it said the two items were installed on Oct 1. I search for updates by clicking the Express button. got a message that updates were being hid and that I should unhide them. Selected the unhide option and the two items appear. I checked both items and selection installation option. Received message that the two items were successfully installed. Rebooted computer and got yellow shield that updates were available. I unchecked both items and clicked close. Put check in box to not show these items again. Went back to MS Update site and history showed that items were successfully installed on October 18 and on October 1. Clicked express and got message that items were being hid.

Not sure if it is significant or not but the version of Windows Installer on this computer is 3.1 and a later version 4.3 is available. Should I update this program or not?


----------



## jdn (Dec 24, 2009)

I spent 2 hours with MS Tech support. He essentially removed all the Frameware files and installed new ones which he said would bring me up to date. He used a program [dotnetfx.exe ]. After he was done, the two files were still shown as being hidden. He had no clue as to why this is so or no idea how to fix it. He said he was going to leave the case open and look into it further. Looking at the new uninstall list, there are many files no longer present and a lot of new files. I did observe that there no longer was any Framework 1.1 items. When I tried to do a Ghost backup point I got a message that Framework 1.1 was required to run Ghost and I accepted the option to install it. It seems MS has a problem with it's update process which it has no fix for. As long as it gets no worst than it is now, it's something I can live with.


----------



## Cookiegal (Aug 27, 2003)

Some programs need various versions of Net Framework to run properly, as you discovered, so you could install them as needed.

Since Microsoft isn't able to fix this for you and they will likely be getting back to you, there's doesn't seem to be much more that I can do for you.


----------



## Cookiegal (Aug 27, 2003)

You can upgrade Windows Installer if you wish but they will be pushed through Service Packs with windows updates so you could also wait for that if you're not having any problems with it.

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration but the actual command used the entire word uninstall and just the u).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.


----------



## jdn (Dec 24, 2009)

I doubt if I will hear from MS as I don't think they have a fix for this problem.

I removed ComboFix and installed Skywareblaster and Skybot

I removed all the restore points and created a new one

Could you give me directions for reactivating Autoplay in case I decide I want it activated it.

Do you recommend installing Win Patrol or Page Defrag


----------



## Cookiegal (Aug 27, 2003)

jdn said:


> I doubt if I will hear from MS as I don't think they have a fix for this problem.
> 
> I removed ComboFix and installed Skywareblaster and Skybot
> 
> ...


I'm attaching the fix to re-enable autoruns. Save it to your desktop. It's a zipped file that contains a registry file so if you want to use it, unzip (extract) the file and then double-click the FixAutorun.reg file and allow it to merge into the registry.

With MalwareBytes, I don't see the need to install WinPatrol nor do I see any need to install a third party defragger when windows can do the job quite nicely.


----------



## jdn (Dec 24, 2009)

Thank you. Allow me a moment to express my deep appreciation for your time and patience over the last month in helping me resolve the situation I was in. Unlike a lot of experts, your directions have always been clear and detailed to the point that I was able to follow them with little effort.
I am always amazed that there are people out there like you who are so gracious with their time and willing to share their expertise with others. May God bless you always. Give Maggie a hug for me.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure. 

BTW, it's Brandy, not Maggie but I certainly will give him a hug for you.


----------



## jdn (Dec 24, 2009)

WOW One of our Grace's puppies was named Brandi [ I named her] and my wife informed me this morning that the woman who owns her is going to return her to us. We will now have four Westies.


----------



## Cookiegal (Aug 27, 2003)

jdn said:


> WOW One of our Grace's puppies was named Brandi [ I named her] and my wife informed me this morning that the woman who owns her is going to return her to us. We will now have four Westies.


Awww, four Westies will surely keep you in shape since they have a lot of energy. I like the spelling "Brandi" and was going to go with that but decided on the traditional "Brandy". But everyone thinks it's a girl's name.


----------



## jdn (Dec 24, 2009)

FYI Couldn't access IE8 again. I found I could open it with no add ons. Looked at add ons installed on IE and found two associated with Skybot which I just installed. I disabled them and it corrected the problem.

System restore still not working. Goes through the whole restore routine and then says restore point not installed and nothing has change on your computer. I think this may have something to do with Norton but not sure. Any thoughts??


----------



## jdn (Dec 24, 2009)

System Restore works in safe mode.


----------



## Cookiegal (Aug 27, 2003)

Yes, it's common for NIS to block changes system restore is trying to make.

But why are you trying to do a system restore?


----------



## jdn (Dec 24, 2009)

Sorry for the delay in replying to your latest entry. I tried to do a restore just to see if it would work. I'm glad that I did since I found out that I have to be in Safe Mode for it to work. I can live with that. The only complaint I have now is that it takes a long time for the system to boot to the point I can perform any operations. 2 to 3 minutes. The other thing of concern to me is this: Back in Post #66, I mentioned that I tried to do a Repair using a Slipstream disk i had created a while ago using my Dell Windows Installation disk with SP3. As I reported, the system froze up during the repair and I had to power down. I couldn't reboot and recovered using a Ghost backup. Because of this happening I tried to do an sfc /scannow thinking I might have corrupted or missing files. The scan did not run well as it seemed to be looking for an installation disk other than the one I have. I look at some old post and found this was not a unique problem, especially with Windows XP Media Center Edition which I am running. My biggest concern is whether my installation disk will be of any use should I need it in the future.
If this is beyond the scope of this thread please let me know as I can imagine how busy you must be with people who have real problems. I can always create a new thread later on and see if anyone has had any success solving this problem.
One other item. Can you tell the registry address that the autoplay file you sent me will change. If I decide to reactivate the autoplay, I would like to save the item first so I can deactivate it again if I want to.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.

If you unzip the registry fix for autoruns then right-click the registry file and select "Open with" and "Notepad" then you can read all of the registry entries there.


----------

