[In Process]im the admin but my PC tells me im not..

[ericson09]

HI,
 
I just finished uninstalling the programs you told me to do except for bitTorrent and Limewire Pro because we still using that program.. is it really needed to uninstall it?


here's the logfile from DDS:



DDS (Ver_09-06-26.01) - NTFSx86 
Run by donna at 19:01:40.71 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.766.286 [GMT 8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\fxssvc.exe
svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\donna\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn10\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\donna\startm~1\programs\startup\erunta~1.lnk - c:\erunt\AUTOBACK.EXE
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\donna\applic~1\mozilla\firefox\profiles\64s1qrjh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\donna\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2007-9-29 149376]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-6-19 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-8 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-6-19 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-6-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-6-19 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-6-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-6-19 40552]
S2 McAfeeFramework;McAfee Framework Service;c:\mcafee\common framework\FrameworkService.exe [2007-6-17 104000]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-6-19 34216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-4-26 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-4-26 8320]
S4 gupdate1c9cb708b3c5072;Google Update Service (gupdate1c9cb708b3c5072);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2009-07-11 18:56   410,984   a-------   c:\windows\system32\deploytk.dll
2009-07-11 18:56   73,728   a-------   c:\windows\system32\javacpl.cpl
2009-07-08 16:11   25,992   a-------   c:\windows\system32\pgdfgsvc.exe
2009-07-08 16:07   <DIR>   --d-----   C:\ERUNT
2009-07-04 19:22   <DIR>   --d-----   C:\TC
2009-07-04 18:03   <DIR>   --d-----   c:\docume~1\donna\applic~1\BitTorrent
2009-06-30 21:56   12,942   a-------   C:\draft program cebu.docx
2009-06-30 18:13   81,920   a-------   c:\windows\system32\Startup.cpl
2009-06-20 15:40   <DIR>   a-dshr--   C:\cmdcons
2009-06-19 10:52   161,792   a-------   c:\windows\SWREG.exe
2009-06-19 10:52   155,136   a-------   c:\windows\PEV.exe
2009-06-19 10:52   98,816   a-------   c:\windows\sed.exe
2009-06-18 13:48   <DIR>   --d-----   c:\docume~1\donna\applic~1\Malwarebytes
2009-06-18 13:47   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 13:47   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-06-18 13:47   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-06-18 13:47   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-16 21:27   154,112   a-------   C:\June1 logomeap oath bayawan city.doc
2009-06-16 11:22   171,967   a-------   c:\windows\system32\Odbcjet.hlp
2009-06-16 11:22   7,348   a-------   c:\windows\system32\Odbcjet.cnt
2009-06-16 11:22   13,632   --------   c:\windows\system32\drivers\omci.sys
2009-06-15 23:02   <DIR>   --d-----   c:\program files\Trend Micro
2009-06-15 21:49   <DIR>   --d-----   c:\windows\system32\wbem\Repository
2009-06-15 21:44   <DIR>   --d-----   c:\windows\system32\NtmsData
2009-06-13 14:49   <DIR>   --d-----   c:\program files\PowerArchiver
2009-06-12 09:19   246,272   --------   c:\windows\system32\dllcache\ieproxy.dll
2009-06-12 09:19   12,800   --------   c:\windows\system32\dllcache\xpshims.dll

==================== Find3M  ====================

2009-05-13 13:15   5,936,128   a-------   c:\windows\system32\dllcache\mshtml.dll
2009-05-13 13:15   915,456   a-------   c:\windows\system32\wininet.dll
2009-05-13 13:15   915,456   a-------   c:\windows\system32\dllcache\wininet.dll
2009-05-07 23:32   345,600   a-------   c:\windows\system32\localspl.dll
2009-05-07 23:32   345,600   --------   c:\windows\system32\dllcache\localspl.dll
2009-05-04 18:52   129,910   a-------   c:\windows\War3Unin.dat
2009-05-01 05:22   1,985,024   a-------   c:\windows\system32\dllcache\iertutil.dll
2009-05-01 05:22   11,064,832   a-------   c:\windows\system32\dllcache\ieframe.dll
2009-05-01 05:22   1,207,808   a-------   c:\windows\system32\dllcache\urlmon.dll
2009-05-01 05:22   25,600   a-------   c:\windows\system32\dllcache\jsproxy.dll
2009-05-01 05:22   385,536   a-------   c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 19:21   173,056   a-------   c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 20:26   1,847,168   a-------   c:\windows\system32\win32k.sys
2009-04-17 20:26   1,847,168   --------   c:\windows\system32\dllcache\win32k.sys
2009-04-15 22:51   585,216   a-------   c:\windows\system32\rpcrt4.dll
2009-04-15 22:51   585,216   --------   c:\windows\system32\dllcache\rpcrt4.dll
2008-07-17 20:07   7,168   a--sh---   c:\program files\Thumbs.db
2007-09-01 15:20   374   a-------   c:\docume~1\donna\applic~1\internaldb6334.dat
2007-09-01 14:22   18,432   a-------   c:\docume~1\donna\applic~1\internaldb41.dat
2007-09-01 14:22   556   a-------   c:\docume~1\donna\applic~1\internaldb8467.dat
2006-04-20 14:30   801,957   a-------   c:\documents and settings\donna\!secwad.exe
2006-04-20 14:30   4,234   a-------   c:\documents and settings\donna\!versions.dat

============= FINISH: 19:02:30.93 ===============




ATTACH.txt:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2005 8:31:11 PM
System Uptime: 7/11/2009 3:54:58 PM (4 hours ago)

Motherboard: Dell Computer Corp. |  | 0TC667
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 28.763 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: M-Systems DiskOnChip 2000
Device ID: ROOT\MTD\0000
Manufacturer: M-Systems Flash Disk Pioneers
Name: M-Systems DiskOnChip 2000
PNP Device ID: ROOT\MTD\0000
Service: tffsport

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 3110c
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 3110c
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 3110c
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP1451: 4/12/2009 9:22:03 PM - Installed Windows XP Wdf01007.
RP1452: 4/14/2009 10:43:58 AM - Software Distribution Service 3.0
RP1453: 4/15/2009 12:48:11 PM - Software Distribution Service 3.0
RP1454: 4/15/2009 1:51:09 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1455: 4/16/2009 3:06:07 PM - Software Distribution Service 3.0
RP1456: 4/16/2009 3:13:16 PM - Software Distribution Service 3.0
RP1457: 4/17/2009 8:40:56 PM - System Checkpoint
RP1458: 4/19/2009 7:32:33 PM - System Checkpoint
RP1459: 4/20/2009 7:58:14 PM - System Checkpoint
RP1460: 4/21/2009 8:49:29 PM - System Checkpoint
RP1461: 4/23/2009 8:21:20 PM - System Checkpoint
RP1462: 4/24/2009 11:47:12 AM - Software Distribution Service 3.0
RP1463: 4/25/2009 5:23:21 PM - System Checkpoint
RP1464: 4/26/2009 6:13:19 PM - System Checkpoint
RP1465: 4/27/2009 8:38:06 PM - System Checkpoint
RP1466: 4/28/2009 9:42:02 AM - Software Distribution Service 3.0
RP1467: 4/28/2009 12:43:03 PM - Removed PowerArchiver 2010
RP1468: 4/28/2009 12:43:29 PM - Installed PowerArchiver 2010
RP1469: 4/28/2009 1:53:55 PM - Before uninstall Internet Download Manager
RP1470: 4/28/2009 4:25:32 PM - Before uninstall Internet Download Manager
RP1471: 4/29/2009 9:02:23 PM - System Checkpoint
RP1472: 4/30/2009 1:03:12 PM - Software Distribution Service 3.0
RP1473: 5/1/2009 1:09:53 PM - System Checkpoint
RP1474: 5/2/2009 10:47:35 AM - Software Distribution Service 3.0
RP1475: 5/3/2009 6:57:22 PM - System Checkpoint
RP1476: 5/4/2009 8:38:05 PM - System Checkpoint
RP1477: 5/5/2009 9:22:11 AM - Software Distribution Service 3.0
RP1478: 5/6/2009 8:19:19 PM - System Checkpoint
RP1479: 5/7/2009 9:23:47 PM - System Checkpoint
RP1480: 5/8/2009 6:26:59 AM - Software Distribution Service 3.0
RP1481: 5/9/2009 3:27:54 PM - System Checkpoint
RP1482: 5/10/2009 7:33:40 PM - System Checkpoint
RP1483: 5/12/2009 1:18:37 PM - Software Distribution Service 3.0
RP1484: 5/13/2009 10:27:34 AM - Software Distribution Service 3.0
RP1485: 5/14/2009 12:25:45 PM - System Checkpoint
RP1486: 5/15/2009 10:37:15 AM - Software Distribution Service 3.0
RP1487: 5/17/2009 6:42:15 PM - System Checkpoint
RP1488: 5/18/2009 11:20:20 PM - Before uninstall Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)
RP1489: 5/18/2009 11:23:52 PM - Before uninstall Wolfram Notebook Indexer 2.0
RP1490: 5/18/2009 11:24:03 PM - Removed Wolfram Notebook Indexer 2.0
RP1491: 5/19/2009 9:00:43 AM - Removed PowerArchiver 2010
RP1492: 5/19/2009 9:01:10 AM - Installed PowerArchiver 2010
RP1493: 5/19/2009 9:32:20 AM - Software Distribution Service 3.0
RP1494: 5/20/2009 4:01:23 PM - System Checkpoint
RP1495: 5/21/2009 9:17:51 PM - System Checkpoint
RP1496: 5/22/2009 12:48:35 PM - Software Distribution Service 3.0
RP1497: 5/24/2009 1:35:42 PM - System Checkpoint
RP1498: 5/25/2009 8:39:42 PM - System Checkpoint
RP1499: 5/26/2009 1:15:05 PM - Software Distribution Service 3.0
RP1500: 5/27/2009 7:26:33 PM - System Checkpoint
RP1501: 5/28/2009 8:29:55 PM - System Checkpoint
RP1502: 5/29/2009 6:21:52 PM - Software Distribution Service 3.0
RP1503: 5/30/2009 8:19:13 PM - System Checkpoint
RP1504: 6/1/2009 8:16:47 PM - System Checkpoint
RP1505: 6/2/2009 11:38:44 AM - Software Distribution Service 3.0
RP1506: 6/3/2009 1:33:11 PM - System Checkpoint
RP1507: 6/5/2009 10:44:09 AM - Software Distribution Service 3.0
RP1508: 6/7/2009 7:16:42 PM - System Checkpoint
RP1509: 6/9/2009 10:38:08 AM - Software Distribution Service 3.0
RP1510: 6/10/2009 9:40:42 PM - System Checkpoint
RP1511: 6/12/2009 10:34:34 AM - System Checkpoint
RP1512: 6/12/2009 11:07:17 AM - Software Distribution Service 3.0
RP1513: 6/12/2009 6:53:32 PM - Software Distribution Service 3.0
RP1514: 6/13/2009 2:48:53 PM - Removed PowerArchiver 2010
RP1515: 6/13/2009 2:49:24 PM - Installed PowerArchiver 2010
RP1516: 6/14/2009 4:57:40 PM - Software Distribution Service 3.0
RP1517: 6/15/2009 9:23:08 PM - Restore Operation
RP1518: 6/15/2009 9:31:19 PM - Software Distribution Service 3.0
RP1519: 6/15/2009 9:47:50 PM - Restore Operation
RP1520: 6/15/2009 9:56:11 PM - june 15
RP1521: 6/16/2009 10:48:14 AM - Before uninstall A1Click Ultra PC Cleaner 1.01 (Registered Version)
RP1522: 6/16/2009 10:50:19 AM - Before uninstall Tumble Bugs
RP1523: 6/16/2009 10:51:28 AM - Before uninstall DNA
RP1524: 6/16/2009 6:04:37 PM - Software Distribution Service 3.0
RP1525: 6/16/2009 6:16:25 PM - Before uninstall Ask Toolbar
RP1526: 6/16/2009 6:18:22 PM - Before uninstall Dell ResourceCD
RP1527: 6/18/2009 1:20:48 PM - System Checkpoint
RP1528: 6/19/2009 2:01:48 PM - Software Distribution Service 3.0
RP1529: 6/20/2009 6:00:28 PM - System Checkpoint
RP1530: 6/21/2009 8:06:12 PM - System Checkpoint
RP1531: 6/23/2009 10:33:19 AM - System Checkpoint
RP1532: 6/23/2009 9:23:11 PM - Software Distribution Service 3.0
RP1533: 6/25/2009 7:06:41 PM - System Checkpoint
RP1534: 6/26/2009 8:38:08 PM - Software Distribution Service 3.0
RP1535: 6/27/2009 9:49:04 PM - System Checkpoint
RP1536: 6/28/2009 10:11:44 PM - System Checkpoint
RP1537: 6/30/2009 6:06:51 PM - Software Distribution Service 3.0
RP1538: 7/3/2009 4:35:47 PM - Software Distribution Service 3.0
RP1539: 7/4/2009 5:22:50 PM - System Checkpoint
RP1540: 7/5/2009 7:44:59 PM - System Checkpoint
RP1541: 7/7/2009 7:13:25 AM - Software Distribution Service 3.0
RP1542: 7/8/2009 6:01:20 PM - System Checkpoint
RP1543: 7/10/2009 12:16:51 PM - Software Distribution Service 3.0
RP1544: 7/10/2009 12:50:07 PM - Software Distribution Service 3.0
RP1545: 7/11/2009 6:40:30 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP1546: 7/11/2009 6:42:57 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1547: 7/11/2009 6:44:23 PM - Removed Java(TM) 6 Update 3
RP1548: 7/11/2009 6:46:58 PM - Removed Java(TM) 6 Update 7
RP1549: 7/11/2009 6:48:43 PM - Removed MyWay Search Assistant
RP1550: 7/11/2009 6:56:09 PM - Installed Java(TM) 6 Update 14

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Software Update
Bible Explorer 4 Download Edition
BitTorrent
BufferChm
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Chikka Messenger V4
Command & Conquer Generals
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Costco Photo Organizer
Counter-Strike 1.6
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
EasyCleaner
EducateU
ERUNT 1.1j
File Viewer Utility 1.2
Fusion Pack v6.5
Garena
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet 3900 series
HPDeskjet3900Series
ICatch (VI) PC Camera
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Download Manager
Internet Explorer Default Page
InterVideo WinDVD 4
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java(TM) 6 Update 14
L&H TTS3000 British English
Learn2 Player (Uninstall Only)
LimeWire PRO 5.1.2
Little Shop Road Trip
Luxor Amun Rising
Macromedia Flash Player
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.5)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 7 Essentials
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
nProtect KeyCrypt
Octoshape add-in for Adobe Flash Player
PC Connectivity Solution
Photo Click
Photo Story 3 for Windows
PhotoStitch
Physical Therapy Prep
PowerArchiver 2010
PowerDVD
PTEXAM: The Complete Study Guide
QuickBooks Simple Start Special Edition
QuickSolutions
QuickTime
RemoteCapture 2.7.0
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Warcraft III: All Products
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia Modem  (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem  (02/24/2009 4.0)
Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
Windows Driver Package - Nokia Modem  (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.2
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

7/11/2009 6:41:17 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
7/11/2009 3:56:59 PM, error: Service Control Manager [7000]  - The NTPort Library Driver service failed to start due to the following error:  The system cannot find the file specified.
7/11/2009 3:55:59 PM, error: NETLOGON [3095]  - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

==== End Of File ===========================





thanks..

[PCBruiser]

Yes, it is necessary.  And, using torrents is the most likely source of the malware on your system.  Use torrents, and you are almost 100% likely to be back here needing malware removed again.

http://spywarehammer.com/simplemachinesforum/index.php?topic=110.0

[ericson09]

hi... i already uninstall bittorrent and limewirepro..

and here's the latest DDS logfile:




DDS (Ver_09-06-26.01) - NTFSx86 
Run by donna at 10:34:31.43 on Sun 07/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.766.241 [GMT 8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\fxssvc.exe
svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\donna\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn10\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\donna\startm~1\programs\startup\erunta~1.lnk - c:\erunt\AUTOBACK.EXE
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\donna\applic~1\mozilla\firefox\profiles\64s1qrjh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\donna\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2007-9-29 149376]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-6-19 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-8 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-6-19 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-6-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-6-19 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-6-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-6-19 40552]
S2 McAfeeFramework;McAfee Framework Service;c:\mcafee\common framework\FrameworkService.exe [2007-6-17 104000]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-6-19 34216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-4-26 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-4-26 8320]
S4 gupdate1c9cb708b3c5072;Google Update Service (gupdate1c9cb708b3c5072);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2009-07-11 18:56   410,984   a-------   c:\windows\system32\deploytk.dll
2009-07-11 18:56   73,728   a-------   c:\windows\system32\javacpl.cpl
2009-07-08 16:11   25,992   a-------   c:\windows\system32\pgdfgsvc.exe
2009-07-08 16:07   <DIR>   --d-----   C:\ERUNT
2009-07-04 19:22   <DIR>   --d-----   C:\TC
2009-06-30 21:56   12,942   a-------   C:\draft program cebu.docx
2009-06-30 18:13   81,920   a-------   c:\windows\system32\Startup.cpl
2009-06-20 15:40   <DIR>   a-dshr--   C:\cmdcons
2009-06-19 10:52   161,792   a-------   c:\windows\SWREG.exe
2009-06-19 10:52   155,136   a-------   c:\windows\PEV.exe
2009-06-19 10:52   98,816   a-------   c:\windows\sed.exe
2009-06-18 13:48   <DIR>   --d-----   c:\docume~1\donna\applic~1\Malwarebytes
2009-06-18 13:47   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 13:47   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-06-18 13:47   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-06-18 13:47   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-16 21:27   154,112   a-------   C:\June1 logomeap oath bayawan city.doc
2009-06-16 11:22   171,967   a-------   c:\windows\system32\Odbcjet.hlp
2009-06-16 11:22   7,348   a-------   c:\windows\system32\Odbcjet.cnt
2009-06-16 11:22   13,632   --------   c:\windows\system32\drivers\omci.sys
2009-06-15 23:02   <DIR>   --d-----   c:\program files\Trend Micro
2009-06-15 21:49   <DIR>   --d-----   c:\windows\system32\wbem\Repository
2009-06-15 21:44   <DIR>   --d-----   c:\windows\system32\NtmsData
2009-06-13 14:49   <DIR>   --d-----   c:\program files\PowerArchiver

==================== Find3M  ====================

2009-05-13 13:15   5,936,128   a-------   c:\windows\system32\dllcache\mshtml.dll
2009-05-13 13:15   915,456   a-------   c:\windows\system32\wininet.dll
2009-05-13 13:15   915,456   a-------   c:\windows\system32\dllcache\wininet.dll
2009-05-07 23:32   345,600   a-------   c:\windows\system32\localspl.dll
2009-05-07 23:32   345,600   --------   c:\windows\system32\dllcache\localspl.dll
2009-05-04 18:52   129,910   a-------   c:\windows\War3Unin.dat
2009-05-01 05:22   12,800   --------   c:\windows\system32\dllcache\xpshims.dll
2009-05-01 05:22   1,985,024   a-------   c:\windows\system32\dllcache\iertutil.dll
2009-05-01 05:22   11,064,832   a-------   c:\windows\system32\dllcache\ieframe.dll
2009-05-01 05:22   1,207,808   a-------   c:\windows\system32\dllcache\urlmon.dll
2009-05-01 05:22   25,600   a-------   c:\windows\system32\dllcache\jsproxy.dll
2009-05-01 05:22   385,536   a-------   c:\windows\system32\dllcache\iedkcs32.dll
2009-05-01 05:22   246,272   --------   c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 19:21   173,056   a-------   c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 20:26   1,847,168   a-------   c:\windows\system32\win32k.sys
2009-04-17 20:26   1,847,168   --------   c:\windows\system32\dllcache\win32k.sys
2009-04-15 22:51   585,216   a-------   c:\windows\system32\rpcrt4.dll
2009-04-15 22:51   585,216   --------   c:\windows\system32\dllcache\rpcrt4.dll
2008-07-17 20:07   7,168   a--sh---   c:\program files\Thumbs.db
2007-09-01 15:20   374   a-------   c:\docume~1\donna\applic~1\internaldb6334.dat
2007-09-01 14:22   18,432   a-------   c:\docume~1\donna\applic~1\internaldb41.dat
2007-09-01 14:22   556   a-------   c:\docume~1\donna\applic~1\internaldb8467.dat
2006-04-20 14:30   801,957   a-------   c:\documents and settings\donna\!secwad.exe
2006-04-20 14:30   4,234   a-------   c:\documents and settings\donna\!versions.dat

============= FINISH: 10:35:14.45 ===============




ATTACH.txt:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2005 8:31:11 PM
System Uptime: 7/12/2009 10:06:13 AM (0 hours ago)

Motherboard: Dell Computer Corp. |  | 0TC667
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 28.008 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: M-Systems DiskOnChip 2000
Device ID: ROOT\MTD\0000
Manufacturer: M-Systems Flash Disk Pioneers
Name: M-Systems DiskOnChip 2000
PNP Device ID: ROOT\MTD\0000
Service: tffsport

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 3110c
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 3110c
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 3110c
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP1452: 4/14/2009 10:43:58 AM - Software Distribution Service 3.0
RP1453: 4/15/2009 12:48:11 PM - Software Distribution Service 3.0
RP1454: 4/15/2009 1:51:09 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1455: 4/16/2009 3:06:07 PM - Software Distribution Service 3.0
RP1456: 4/16/2009 3:13:16 PM - Software Distribution Service 3.0
RP1457: 4/17/2009 8:40:56 PM - System Checkpoint
RP1458: 4/19/2009 7:32:33 PM - System Checkpoint
RP1459: 4/20/2009 7:58:14 PM - System Checkpoint
RP1460: 4/21/2009 8:49:29 PM - System Checkpoint
RP1461: 4/23/2009 8:21:20 PM - System Checkpoint
RP1462: 4/24/2009 11:47:12 AM - Software Distribution Service 3.0
RP1463: 4/25/2009 5:23:21 PM - System Checkpoint
RP1464: 4/26/2009 6:13:19 PM - System Checkpoint
RP1465: 4/27/2009 8:38:06 PM - System Checkpoint
RP1466: 4/28/2009 9:42:02 AM - Software Distribution Service 3.0
RP1467: 4/28/2009 12:43:03 PM - Removed PowerArchiver 2010
RP1468: 4/28/2009 12:43:29 PM - Installed PowerArchiver 2010
RP1469: 4/28/2009 1:53:55 PM - Before uninstall Internet Download Manager
RP1470: 4/28/2009 4:25:32 PM - Before uninstall Internet Download Manager
RP1471: 4/29/2009 9:02:23 PM - System Checkpoint
RP1472: 4/30/2009 1:03:12 PM - Software Distribution Service 3.0
RP1473: 5/1/2009 1:09:53 PM - System Checkpoint
RP1474: 5/2/2009 10:47:35 AM - Software Distribution Service 3.0
RP1475: 5/3/2009 6:57:22 PM - System Checkpoint
RP1476: 5/4/2009 8:38:05 PM - System Checkpoint
RP1477: 5/5/2009 9:22:11 AM - Software Distribution Service 3.0
RP1478: 5/6/2009 8:19:19 PM - System Checkpoint
RP1479: 5/7/2009 9:23:47 PM - System Checkpoint
RP1480: 5/8/2009 6:26:59 AM - Software Distribution Service 3.0
RP1481: 5/9/2009 3:27:54 PM - System Checkpoint
RP1482: 5/10/2009 7:33:40 PM - System Checkpoint
RP1483: 5/12/2009 1:18:37 PM - Software Distribution Service 3.0
RP1484: 5/13/2009 10:27:34 AM - Software Distribution Service 3.0
RP1485: 5/14/2009 12:25:45 PM - System Checkpoint
RP1486: 5/15/2009 10:37:15 AM - Software Distribution Service 3.0
RP1487: 5/17/2009 6:42:15 PM - System Checkpoint
RP1488: 5/18/2009 11:20:20 PM - Before uninstall Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)
RP1489: 5/18/2009 11:23:52 PM - Before uninstall Wolfram Notebook Indexer 2.0
RP1490: 5/18/2009 11:24:03 PM - Removed Wolfram Notebook Indexer 2.0
RP1491: 5/19/2009 9:00:43 AM - Removed PowerArchiver 2010
RP1492: 5/19/2009 9:01:10 AM - Installed PowerArchiver 2010
RP1493: 5/19/2009 9:32:20 AM - Software Distribution Service 3.0
RP1494: 5/20/2009 4:01:23 PM - System Checkpoint
RP1495: 5/21/2009 9:17:51 PM - System Checkpoint
RP1496: 5/22/2009 12:48:35 PM - Software Distribution Service 3.0
RP1497: 5/24/2009 1:35:42 PM - System Checkpoint
RP1498: 5/25/2009 8:39:42 PM - System Checkpoint
RP1499: 5/26/2009 1:15:05 PM - Software Distribution Service 3.0
RP1500: 5/27/2009 7:26:33 PM - System Checkpoint
RP1501: 5/28/2009 8:29:55 PM - System Checkpoint
RP1502: 5/29/2009 6:21:52 PM - Software Distribution Service 3.0
RP1503: 5/30/2009 8:19:13 PM - System Checkpoint
RP1504: 6/1/2009 8:16:47 PM - System Checkpoint
RP1505: 6/2/2009 11:38:44 AM - Software Distribution Service 3.0
RP1506: 6/3/2009 1:33:11 PM - System Checkpoint
RP1507: 6/5/2009 10:44:09 AM - Software Distribution Service 3.0
RP1508: 6/7/2009 7:16:42 PM - System Checkpoint
RP1509: 6/9/2009 10:38:08 AM - Software Distribution Service 3.0
RP1510: 6/10/2009 9:40:42 PM - System Checkpoint
RP1511: 6/12/2009 10:34:34 AM - System Checkpoint
RP1512: 6/12/2009 11:07:17 AM - Software Distribution Service 3.0
RP1513: 6/12/2009 6:53:32 PM - Software Distribution Service 3.0
RP1514: 6/13/2009 2:48:53 PM - Removed PowerArchiver 2010
RP1515: 6/13/2009 2:49:24 PM - Installed PowerArchiver 2010
RP1516: 6/14/2009 4:57:40 PM - Software Distribution Service 3.0
RP1517: 6/15/2009 9:23:08 PM - Restore Operation
RP1518: 6/15/2009 9:31:19 PM - Software Distribution Service 3.0
RP1519: 6/15/2009 9:47:50 PM - Restore Operation
RP1520: 6/15/2009 9:56:11 PM - june 15
RP1521: 6/16/2009 10:48:14 AM - Before uninstall A1Click Ultra PC Cleaner 1.01 (Registered Version)
RP1522: 6/16/2009 10:50:19 AM - Before uninstall Tumble Bugs
RP1523: 6/16/2009 10:51:28 AM - Before uninstall DNA
RP1524: 6/16/2009 6:04:37 PM - Software Distribution Service 3.0
RP1525: 6/16/2009 6:16:25 PM - Before uninstall Ask Toolbar
RP1526: 6/16/2009 6:18:22 PM - Before uninstall Dell ResourceCD
RP1527: 6/18/2009 1:20:48 PM - System Checkpoint
RP1528: 6/19/2009 2:01:48 PM - Software Distribution Service 3.0
RP1529: 6/20/2009 6:00:28 PM - System Checkpoint
RP1530: 6/21/2009 8:06:12 PM - System Checkpoint
RP1531: 6/23/2009 10:33:19 AM - System Checkpoint
RP1532: 6/23/2009 9:23:11 PM - Software Distribution Service 3.0
RP1533: 6/25/2009 7:06:41 PM - System Checkpoint
RP1534: 6/26/2009 8:38:08 PM - Software Distribution Service 3.0
RP1535: 6/27/2009 9:49:04 PM - System Checkpoint
RP1536: 6/28/2009 10:11:44 PM - System Checkpoint
RP1537: 6/30/2009 6:06:51 PM - Software Distribution Service 3.0
RP1538: 7/3/2009 4:35:47 PM - Software Distribution Service 3.0
RP1539: 7/4/2009 5:22:50 PM - System Checkpoint
RP1540: 7/5/2009 7:44:59 PM - System Checkpoint
RP1541: 7/7/2009 7:13:25 AM - Software Distribution Service 3.0
RP1542: 7/8/2009 6:01:20 PM - System Checkpoint
RP1543: 7/10/2009 12:16:51 PM - Software Distribution Service 3.0
RP1544: 7/10/2009 12:50:07 PM - Software Distribution Service 3.0
RP1545: 7/11/2009 6:40:30 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP1546: 7/11/2009 6:42:57 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1547: 7/11/2009 6:44:23 PM - Removed Java(TM) 6 Update 3
RP1548: 7/11/2009 6:46:58 PM - Removed Java(TM) 6 Update 7
RP1549: 7/11/2009 6:48:43 PM - Removed MyWay Search Assistant
RP1550: 7/11/2009 6:56:09 PM - Installed Java(TM) 6 Update 14
RP1551: 7/12/2009 10:27:55 AM - Before uninstall BitTorrent
RP1552: 7/12/2009 10:29:13 AM - Before uninstall LimeWire PRO 5.1.2

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Software Update
Bible Explorer 4 Download Edition
BufferChm
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Chikka Messenger V4
Command & Conquer Generals
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Costco Photo Organizer
Counter-Strike 1.6
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
EasyCleaner
EducateU
ERUNT 1.1j
File Viewer Utility 1.2
Fusion Pack v6.5
Garena
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet 3900 series
HPDeskjet3900Series
ICatch (VI) PC Camera
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Download Manager
Internet Explorer Default Page
InterVideo WinDVD 4
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java(TM) 6 Update 14
L&H TTS3000 British English
Learn2 Player (Uninstall Only)
Little Shop Road Trip
Luxor Amun Rising
Macromedia Flash Player
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.5)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 7 Essentials
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
nProtect KeyCrypt
Octoshape add-in for Adobe Flash Player
PC Connectivity Solution
Photo Click
Photo Story 3 for Windows
PhotoStitch
Physical Therapy Prep
PowerArchiver 2010
PowerDVD
PTEXAM: The Complete Study Guide
QuickBooks Simple Start Special Edition
QuickSolutions
QuickTime
RemoteCapture 2.7.0
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Warcraft III: All Products
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia Modem  (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem  (02/24/2009 4.0)
Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
Windows Driver Package - Nokia Modem  (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.2
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

7/11/2009 6:41:19 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
7/11/2009 3:56:59 PM, error: Service Control Manager [7000]  - The NTPort Library Driver service failed to start due to the following error:  The system cannot find the file specified.
7/11/2009 3:55:59 PM, error: NETLOGON [3095]  - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

==== End Of File ===========================





a jqs.exe file added in the startup process.. is that ok there running at startup?

thanks again

[PCBruiser]

Hi,

Yes that file is legitimate.  It is part of the newest versions of Java.

OK, please delete the version of ComboFix on your desktop.  Next,m download a fresh copy of ComboFix to your desktop from one of the sites I referred you to earlier.

1.  Open notepad, go to the format menu, uncheck Word Wrap, and then copy/paste the text in the code box below into it:

Code: [Select]


KILLALL::

File::
[HKLM\~\startupfolder\C:^Documents and Settings^donna^Start Menu^Programs^Startup^Empty.pif]
c:\windows\pss\!secwad.exeCommon Startup
c:\windows\pss\!sepatch.patCommon Startup
c:\windows\pss\!versions.datCommon Startup

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^donna^Start Menu^Programs^Startup^Empty.pif]
[-HKLM\~\startupfolder\^!secwad.exe]
[-HKLM\~\startupfolder\^!sepatch.pat]
[-HKLM\~\startupfolder\^!versions.dat]


Save this to your Desktop as CFScript.txt.

2.  Close all open browsers.




3.  Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.

4.  Please post the following:

a. combofix.txt
b. a fresh HJT log

[ericson09]

ComboFix 09-07-12.03 - donna 07/13/2009  7:19.4.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.766.460 [GMT 8:00]
Running from: c:\documents and settings\donna\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\donna\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\pss\!secwad.exeCommon Startup"
"c:\windows\pss\!sepatch.patCommon Startup"
"c:\windows\pss\!versions.datCommon Startup"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\21cccb.msi
c:\windows\Installer\3dd82a.msi
c:\windows\Installer\bebb3b.msp
c:\windows\Installer\c38335.msp

.
(((((((((((((((((((((((((   Files Created from 2009-06-12 to 2009-07-12  )))))))))))))))))))))))))))))))
.

2009-07-12 12:09 . 2006-10-26 11:56   32592   ----a-w-   c:\windows\system32\msonpmon.dll
2009-07-12 12:04 . 2009-07-12 12:04   --------   d-----w-   c:\program files\Microsoft Works
2009-07-12 12:01 . 2009-07-12 12:01   --------   d-----w-   c:\program files\Microsoft.NET
2009-07-12 11:48 . 2009-07-12 11:48   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2009-07-12 11:46 . 2009-07-12 11:46   --------   d-----w-   c:\documents and settings\donna\Local Settings\Application Data\Microsoft Help
2009-07-12 11:46 . 2009-07-12 13:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-11 10:56 . 2009-07-11 10:56   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-11 10:55 . 2009-07-11 10:55   152576   ----a-w-   c:\documents and settings\donna\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-08 08:11 . 2009-07-08 10:47   25992   ----a-w-   c:\windows\system32\pgdfgsvc.exe
2009-07-08 08:07 . 2009-07-09 07:39   --------   d-----w-   C:\ERUNT
2009-07-04 11:23 . 2009-07-04 11:24   2855   ----a-w-   c:\documents and settings\donna\Application Data\Microsoft\Internet Explorer\Quick Launch\TC.pif
2009-07-04 11:22 . 2009-07-12 03:48   --------   d-----w-   C:\TC
2009-06-26 07:34 . 2009-06-26 07:34   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2009-06-18 05:48 . 2009-06-18 05:48   --------   d-----w-   c:\documents and settings\donna\Application Data\Malwarebytes
2009-06-18 05:47 . 2009-06-17 03:27   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 05:47 . 2009-06-18 05:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-18 05:47 . 2009-06-18 05:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 05:47 . 2009-06-17 03:27   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-16 03:22 . 2001-08-22 00:42   13632   ------w-   c:\windows\system32\drivers\omci.sys
2009-06-15 15:02 . 2009-06-15 15:02   --------   d-----w-   c:\program files\Trend Micro
2009-06-15 14:20 . 2009-06-15 14:20   56320   ----a-w-   c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
2009-06-15 14:20 . 2009-06-15 14:20   36864   ----a-w-   c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
2009-06-15 14:20 . 2009-06-15 14:20   123138   ----a-w-   c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
2009-06-15 13:49 . 2009-06-15 13:49   --------   d-----w-   c:\windows\system32\wbem\Repository
2009-06-15 13:44 . 2009-06-16 02:41   --------   d-----w-   c:\windows\system32\NtmsData
2009-06-13 06:49 . 2009-07-12 02:51   --------   d-----w-   c:\program files\PowerArchiver

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 23:15 . 2007-06-18 12:38   --------   d-----w-   c:\documents and settings\donna\Application Data\DMCache
2009-07-12 14:08 . 2009-04-07 17:19   --------   d-----w-   c:\documents and settings\LocalService\Application Data\SACore
2009-07-12 12:03 . 2009-04-15 05:13   --------   d-----w-   c:\program files\MSBuild
2009-07-12 02:26 . 2007-12-31 09:01   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-07-11 12:05 . 2009-04-10 07:27   --------   d-----w-   c:\program files\Warcraft III
2009-07-11 11:50 . 2009-04-10 07:23   --------   d-----w-   c:\program files\Garena
2009-07-11 10:56 . 2005-10-16 15:14   --------   d-----w-   c:\program files\Java
2009-07-10 11:51 . 2007-06-17 02:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 05:13 . 2007-06-19 00:25   --------   d-----w-   c:\program files\McAfee
2009-06-16 10:19 . 2005-10-16 15:15   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-06-16 02:59 . 2006-09-07 13:56   --------   d-----w-   c:\program files\Google
2009-06-13 06:41 . 2009-04-28 04:46   --------   d-----w-   c:\program files\Your Uninstaller 2008
2009-06-04 04:16 . 2009-05-04 05:30   --------   d-----w-   c:\documents and settings\donna\Application Data\Skype
2009-06-04 04:15 . 2009-05-04 05:31   --------   d-----w-   c:\documents and settings\donna\Application Data\skypePM
2009-05-13 05:15 . 2004-08-10 17:51   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-05-13 02:56 . 2009-04-28 09:02   198064   ----a-w-   c:\documents and settings\donna\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-07 15:32 . 2004-08-10 17:51   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-05-04 10:52 . 2009-04-10 07:30   129910   ----a-w-   c:\windows\War3Unin.dat
2009-05-04 05:31 . 2009-05-04 05:31   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-04-26 05:36 . 2009-04-26 05:36   61440   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-26 05:36 . 2009-04-26 05:36   10240   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-26 05:36 . 2009-04-26 05:36   8192   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-26 05:32 . 2009-04-26 05:36   34396584   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-17 12:26 . 2004-08-10 17:51   1847168   ----a-w-   c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
2008-07-17 12:07 . 2006-05-24 00:30   7168   --sha-w-   c:\program files\Thumbs.db
.

(((((((((((((((((((((((((((((   SnapShot@2009-06-19_03.06.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 05:40 . 2006-10-26 05:40   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   95744              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2009-07-12 23:28 . 2009-07-12 23:28   16384              c:\windows\temp\Perflib_Perfdata_7c0.dat
+ 2006-07-24 02:50 . 2006-07-24 02:50   47920              c:\windows\system32\VBAME.DLL
+ 2009-07-12 12:09 . 2006-10-26 11:56   33104              c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2009-07-12 12:08 . 2006-10-26 11:56   67408              c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-07-12 12:08 . 2006-10-26 11:56   67408              c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-07-24 02:50 . 2006-07-24 02:50   39728              c:\windows\system32\SCP32.DLL
+ 2006-10-26 06:10 . 2006-10-26 06:10   33088              c:\windows\system32\FM20ENU.DLL
- 2005-12-25 12:24 . 2009-06-19 01:01   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-25 12:24 . 2009-07-12 21:02   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-12-25 12:24 . 2009-06-19 01:01   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-25 12:24 . 2009-07-12 21:02   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-25 12:24 . 2009-07-12 21:02   32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-25 12:24 . 2009-06-19 01:01   32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-11 23:53 . 2007-11-30 12:39   26488              c:\windows\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13\update\spcustom.dll
- 2009-06-11 23:53 . 2007-11-30 12:39   17272              c:\windows\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13\spmsg.dll
+ 2005-10-16 15:18 . 2005-10-16 15:18   72704              c:\windows\Installer\f2a6.msi
+ 2009-05-07 10:24 . 2009-05-07 10:24   22528              c:\windows\Installer\d0e4d.msi
+ 2008-07-29 13:07 . 2008-07-29 13:07   23040              c:\windows\Installer\bcc2b0.msp
+ 2009-04-15 05:09 . 2009-04-15 05:09   88576              c:\windows\Installer\b30ba6.msi
+ 2009-06-15 14:39 . 2009-06-15 14:39   24064              c:\windows\Installer\2ce4cf.msi
+ 2009-07-12 11:47 . 2009-07-12 11:47   48128              c:\windows\Installer\21327db.msi
+ 2007-07-08 06:49 . 2007-07-08 06:49   94208              c:\windows\Installer\1a14f6f.msi
+ 2009-07-12 12:09 . 2009-07-12 13:17   35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-12 12:04 . 2009-07-12 12:04   39624              c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   72472              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   39704              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   39712              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   60200              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   39728              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   43840              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   11544              c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12080              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12096              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12104              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12104              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12112              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12632              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12104              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12616              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   12616              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   12096              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2009-07-12 12:01 . 2009-07-12 12:01   12096              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2009-07-12 12:01 . 2009-07-12 12:01   12104              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   64288              c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   13312              c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   20280              c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   35648              c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   17208              c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   88896              c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-07-12 12:01 . 2009-07-12 12:01   80696              c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   16712              c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   31560              c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2009-07-12 12:04 . 2009-07-12 12:04   82784              c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   4608              c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2006-10-26 05:45 . 2006-10-26 05:45   293376              c:\windows\system32\WISPTIS.EXE
+ 2009-07-12 12:08 . 2006-10-26 11:56   864080              c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-07-12 12:08 . 2006-10-26 11:56   864080              c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2009-07-11 10:56 . 2009-07-11 10:56   148888              c:\windows\system32\javaws.exe
+ 2009-07-11 10:56 . 2009-07-11 10:56   144792              c:\windows\system32\javaw.exe
+ 2009-07-11 10:56 . 2009-07-11 10:56   144792              c:\windows\system32\java.exe
+ 2006-10-26 05:45 . 2006-10-26 05:45   207360              c:\windows\system32\INKED.DLL
+ 2004-08-10 17:57 . 2009-07-12 12:19   467600              c:\windows\system32\FNTCACHE.DAT
- 2009-06-11 23:53 . 2007-11-30 12:39   382840              c:\windows\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13\update\updspapi.dll
- 2009-06-11 23:53 . 2007-11-30 12:39   755576              c:\windows\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13\update\update.exe
- 2009-06-11 23:53 . 2007-11-30 12:39   231288              c:\windows\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13\spuninst.exe
+ 2008-05-12 00:21 . 2004-07-17 03:41   366080              c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-05-12 00:21 . 2004-07-17 03:41   863232              c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-04-15 05:14 . 2009-04-15 05:14   652800              c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2005-10-16 15:33 . 2005-10-16 15:33   285696              c:\windows\Installer\f39a.msi
+ 2005-10-16 15:33 . 2005-10-16 15:33   243712              c:\windows\Installer\f396.msi
+ 2005-10-16 15:32 . 2005-10-16 15:32   655360              c:\windows\Installer\f386.msi
+ 2005-10-16 15:26 . 2005-10-16 15:26   407040              c:\windows\Installer\f2f8.msi
+ 2005-10-16 15:25 . 2005-10-16 15:25   157184              c:\windows\Installer\f2f1.msi
+ 2005-10-16 15:23 . 2005-10-16 15:23   194048              c:\windows\Installer\f2ca.msi
+ 2005-10-16 15:19 . 2005-10-16 15:19   171008              c:\windows\Installer\f2be.msi
+ 2005-10-16 15:18 . 2005-10-16 15:18   656896              c:\windows\Installer\f2aa.msi
+ 2005-10-16 15:17 . 2005-10-16 15:17   669696              c:\windows\Installer\f2a2.msi
+ 2005-10-16 15:16 . 2005-10-16 15:16   256000              c:\windows\Installer\f29a.msi
+ 2005-10-16 15:15 . 2005-10-16 15:15   275968              c:\windows\Installer\f280.msi
+ 2008-01-09 00:55 . 2008-01-09 00:55   310272              c:\windows\Installer\cf2763.msi
+ 2008-04-23 15:21 . 2008-04-23 15:21   690176              c:\windows\Installer\cc9a66.msi
+ 2008-12-13 01:58 . 2008-12-13 01:58   754688              c:\windows\Installer\be2381.msp
+ 2009-04-15 05:14 . 2009-04-15 05:14   648192              c:\windows\Installer\be235e.msi
+ 2007-05-10 15:00 . 2007-05-10 15:00   470528              c:\windows\Installer\bdd6d5.msi
+ 2008-07-29 13:23 . 2008-07-29 13:23   250880              c:\windows\Installer\bcc2b9.msp
+ 2008-07-29 13:28 . 2008-07-29 13:28   278016              c:\windows\Installer\bcc2b7.msp
+ 2008-07-29 11:40 . 2008-07-29 11:40   291840              c:\windows\Installer\bcc2b5.msp
+ 2009-04-15 05:13 . 2009-04-15 05:13   137728              c:\windows\Installer\bcc2af.msi
+ 2008-07-29 09:35 . 2008-07-29 09:35   553472              c:\windows\Installer\b30bab.msp
+ 2008-07-29 09:33 . 2008-07-29 09:33   506368              c:\windows\Installer\b30ba9.msp
+ 2008-07-29 09:37 . 2008-07-29 09:37   911360              c:\windows\Installer\b30ba8.msp
+ 2007-03-14 15:32 . 2007-03-14 15:32   809984              c:\windows\Installer\a8466.msi
+ 2009-03-06 16:12 . 2009-03-06 16:12   140288              c:\windows\Installer\a6a425.msi
+ 2008-07-22 04:56 . 2008-07-22 04:56   313856              c:\windows\Installer\8ebb7.msp
+ 2007-08-15 03:24 . 2007-08-15 03:24   431104              c:\windows\Installer\7f2a39.msi
+ 2006-01-02 16:51 . 2006-01-02 16:51   433664              c:\windows\Installer\7c402b.msi
+ 2006-05-26 14:44 . 2006-05-26 14:44   115712              c:\windows\Installer\788534.msi
+ 2004-08-10 18:08 . 2004-08-10 18:08   264704              c:\windows\Installer\7506.msi
+ 2008-11-14 03:14 . 2008-11-14 03:14   432640              c:\windows\Installer\70e747.msi
+ 2009-04-26 05:47 . 2009-04-26 05:47   769024              c:\windows\Installer\6d2a68.msi
+ 2009-04-26 05:43 . 2009-04-26 05:43   458240              c:\windows\Installer\6d29b4.msi
+ 2009-04-26 05:39 . 2009-04-26 05:39   331264              c:\windows\Installer\6d297f.msi
+ 2006-02-26 03:49 . 2006-02-26 03:49   464384              c:\windows\Installer\6a91e.msi
+ 2006-02-26 03:48 . 2006-02-26 03:48   299008              c:\windows\Installer\6a918.msi
+ 2008-12-07 08:03 . 2008-12-07 08:03   163840              c:\windows\Installer\641fe9.msi
+ 2005-12-25 15:38 . 2005-12-25 15:38   467968              c:\windows\Installer\47d56a.msi
+ 2008-12-07 11:14 . 2008-12-07 11:14   868864              c:\windows\Installer\3cbf1f.msi
+ 2007-12-23 12:07 . 2007-12-23 12:07   331264              c:\windows\Installer\2ced0d.msi
+ 2009-03-20 03:48 . 2009-03-20 03:48   183808              c:\windows\Installer\29d552.msp
+ 2008-04-22 23:29 . 2008-04-22 23:29   220672              c:\windows\Installer\286f2a.msi
+ 2008-04-22 23:28 . 2008-04-22 23:28   224256              c:\windows\Installer\286f25.msi
+ 2008-04-22 23:28 . 2008-04-22 23:28   218624              c:\windows\Installer\286f20.msi
+ 2008-04-22 23:28 . 2008-04-22 23:28   229888              c:\windows\Installer\286f1b.msi
+ 2008-04-22 23:28 . 2008-04-22 23:28   508928              c:\windows\Installer\286f16.msi
+ 2008-04-22 23:24 . 2008-04-22 23:24   280576              c:\windows\Installer\286f10.msi
+ 2008-04-22 23:15 . 2008-04-22 23:15   891904              c:\windows\Installer\286eff.msi
+ 2008-12-07 10:53 . 2008-12-07 10:53   242688              c:\windows\Installer\26cdd4.msi
+ 2006-11-18 09:24 . 2006-11-18 09:24   428544              c:\windows\Installer\25df8a.msi
+ 2006-09-02 04:24 . 2006-09-02 04:24   965632              c:\windows\Installer\252d79.msi
+ 2008-05-12 02:15 . 2008-05-12 02:15   804352              c:\windows\Installer\229bda.msi
+ 2009-07-12 11:50 . 2009-07-12 11:50   501248              c:\windows\Installer\2132822.msi
+ 2009-07-12 11:49 . 2009-07-12 11:49   501248              c:\windows\Installer\213280e.msi
+ 2009-07-12 11:49 . 2009-07-12 11:49   506880              c:\windows\Installer\2132809.msi
+ 2009-07-12 11:48 . 2009-07-12 11:48   516608              c:\windows\Installer\2132802.msi
+ 2009-07-12 11:48 . 2009-07-12 11:48   513024              c:\windows\Installer\21327f5.msi
+ 2009-07-12 11:48 . 2009-07-12 11:48   501248              c:\windows\Installer\21327e5.msi
+ 2009-07-12 11:47 . 2009-07-12 11:47   501248              c:\windows\Installer\21327c2.msi
+ 2006-06-02 07:57 . 2006-06-02 07:57   270336              c:\windows\Installer\18f8308.msi
+ 2006-08-21 08:39 . 2006-08-21 08:39   274944              c:\windows\Installer\186e4fb.msi
+ 2009-06-13 06:49 . 2009-06-13 06:49   368128              c:\windows\Installer\174fbd.msi
+ 2008-04-22 22:48 . 2008-04-22 22:48   467456              c:\windows\Installer\15f078.msi
+ 2008-04-19 22:48 . 2008-04-19 22:48   355328              c:\windows\Installer\12e925.msi
+ 2009-07-12 12:16 . 2009-07-12 12:16   217864              c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-07-09 07:30 . 2009-07-09 07:30   413696              c:\windows\ERDNT\AutoBackup\7-9-2009\Users\00000002\UsrClass.dat
+ 2009-07-09 07:30 . 2005-10-20 04:02   163328              c:\windows\ERDNT\AutoBackup\7-9-2009\ERDNT.EXE
+ 2009-07-08 08:20 . 2009-07-08 08:20   413696              c:\windows\ERDNT\AutoBackup\7-8-2009\Users\00000002\UsrClass.dat
+ 2009-07-08 08:20 . 2005-10-20 04:02   163328              c:\windows\ERDNT\AutoBackup\7-8-2009\ERDNT.EXE
+ 2009-07-12 20:57 . 2009-07-12 20:57   425984              c:\windows\ERDNT\AutoBackup\7-13-2009\Users\00000002\UsrClass.dat
+ 2009-07-12 20:57 . 2005-10-20 04:02   163328              c:\windows\ERDNT\AutoBackup\7-13-2009\ERDNT.EXE
+ 2009-07-11 21:50 . 2009-07-11 21:50   425984              c:\windows\ERDNT\AutoBackup\7-12-2009\Users\00000002\UsrClass.dat
+ 2009-07-11 21:50 . 2005-10-20 04:02   163328              c:\windows\ERDNT\AutoBackup\7-12-2009\ERDNT.EXE
+ 2009-07-10 16:06 . 2009-07-10 16:06   413696              c:\windows\ERDNT\AutoBackup\7-11-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 16:06 . 2005-10-20 04:02   163328              c:\windows\ERDNT\AutoBackup\7-11-2009\ERDNT.EXE
+ 2009-07-10 00:54 . 2009-07-10 00:54   413696              c:\windows\ERDNT\AutoBackup\7-10-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 00:54 . 2005-10-20 04:02   163328              c:\windows\ERDNT\AutoBackup\7-10-2009\ERDNT.EXE
+ 2009-07-09 08:06 . 2009-07-09 08:06   413696              c:\windows\ERDNT\7-9-2009\Users\00000002\UsrClass.dat
+ 2009-07-09 07:43 . 2005-10-20 04:02   163328              c:\windows\ERDNT\7-9-2009\ERDNT.EXE
+ 2009-07-08 10:47 . 2009-07-08 10:47   413696              c:\windows\ERDNT\7-8-2009\Users\00000002\UsrClass.dat
+ 2009-07-08 08:08 . 2005-10-20 04:02   163328              c:\windows\ERDNT\7-8-2009\ERDNT.EXE
+ 2009-07-12 22:39 . 2009-07-12 22:39   425984              c:\windows\ERDNT\7-13-2009\Users\00000002\UsrClass.dat
+ 2009-07-12 22:39 . 2005-10-20 04:02   163328              c:\windows\ERDNT\7-13-2009\ERDNT.EXE
+ 2009-07-12 02:44 . 2009-07-12 02:44   425984              c:\windows\ERDNT\7-12-2009\Users\00000002\UsrClass.dat
+ 2009-07-12 02:10 . 2005-10-20 04:02   163328              c:\windows\ERDNT\7-12-2009\ERDNT.EXE
+ 2009-07-11 11:08 . 2009-07-11 11:08   425984              c:\windows\ERDNT\7-11-2009\Users\00000002\UsrClass.dat
+ 2009-07-11 11:08 . 2005-10-20 04:02   163328              c:\windows\ERDNT\7-11-2009\ERDNT.EXE
+ 2009-07-10 05:18 . 2009-07-10 05:18   413696              c:\windows\ERDNT\7-10-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 04:17 . 2005-10-20 04:02   163328              c:\windows\ERDNT\7-10-2009\ERDNT.EXE
+ 2009-07-12 12:04 . 2009-07-12 12:04   330520              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   105248              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   211736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   609104              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   367400              c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   118112              c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   416544              c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-07-12 12:02 . 2009-07-12 12:02   371496              c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   781104              c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   232248              c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   248632              c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   920376              c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   146232              c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2009-07-12 12:03 . 2009-07-12 12:03   404296              c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   150320              c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   1079808              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 05:40 . 2006-10-26 05:40   1093632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00   1326080              c:\windows\system32\webfldrs.msi
+ 2005-12-25 12:31 . 2005-10-16 15:14   9946112              c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
+ 2008-05-12 00:22 . 2004-08-04 10:00   1326080              c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-05-12 00:22 . 2004-07-17 03:41   5080576              c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 04:08 . 2007-05-25 04:08   9609728              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2005-10-16 15:32 . 2005-10-16 15:32   4410368              c:\windows\Installer\f38a.msi
+ 2005-10-16 15:27 . 2005-10-16 15:27   9649152              c:\windows\Installer\f305.msi
+ 2005-10-16 15:21 . 2005-10-16 15:21   1187840              c:\windows\Installer\f2c2.msi
+ 2005-10-16 15:19 . 2005-10-16 15:19   1049088              c:\windows\Installer\f2b6.msi
+ 2005-10-16 15:19 . 2005-10-16 15:19   2099712              c:\windows\Installer\f2ae.msi
+ 2005-10-16 15:15 . 2005-10-16 15:15   1914880              c:\windows\Installer\f27a.msi
+ 2008-06-19 10:28 . 2008-06-19 10:28   1573376              c:\windows\Installer\d5a7fb.msp
+ 2008-03-25 08:30 . 2008-03-25 08:30   2989056              c:\windows\Installer\cc9a82.msp
+ 2008-12-13 01:57 . 2008-12-13 01:57   8397824              c:\windows\Installer\be236c.msp
+ 2008-07-29 11:26 . 2008-07-29 11:26   1043456              c:\windows\Installer\bcc2b8.msp
+ 2008-07-29 12:37 . 2008-07-29 12:37   2679808              c:\windows\Installer\bcc2b6.msp
+ 2008-07-29 13:15 . 2008-07-29 13:15   3697664              c:\windows\Installer\bcc2b4.msp
+ 2008-07-29 11:34 . 2008-07-29 11:34   1448448              c:\windows\Installer\bcc2b3.msp
+ 2008-07-29 12:22 . 2008-07-29 12:22   4137984              c:\windows\Installer\bcc2b2.msp
+ 2008-07-29 11:18 . 2008-07-29 11:18   3376640              c:\windows\Installer\bcc2b1.msp
+ 2008-07-29 09:45 . 2008-07-29 09:45   2543616              c:\windows\Installer\b30baf.msp
+ 2008-07-29 09:29 . 2008-07-29 09:29   2926080              c:\windows\Installer\b30bae.msp
+ 2008-07-29 09:41 . 2008-07-29 09:41   6487040              c:\windows\Installer\b30bad.msp
+ 2008-07-29 09:39 . 2008-07-29 09:39   3403264              c:\windows\Installer\b30bac.msp
+ 2008-07-29 09:43 . 2008-07-29 09:43   1013248              c:\windows\Installer\b30baa.msp
+ 2008-07-29 09:31 . 2008-07-29 09:31   6083072              c:\windows\Installer\b30ba7.msp
+ 2006-07-21 00:55 . 2006-07-21 00:55   1096704              c:\windows\Installer\a49d12.msi
+ 2009-07-11 10:56 . 2009-07-11 10:56   1563648              c:\windows\Installer\97256e.msi
+ 2006-01-02 16:52 . 2006-01-02 16:52   1242624              c:\windows\Installer\7c4033.msi
+ 2006-01-02 16:51 . 2006-01-02 16:51   1288192              c:\windows\Installer\7c4026.msi
+ 2006-01-02 16:50 . 2006-01-02 16:50   1253376              c:\windows\Installer\7c401e.msi
+ 2006-01-02 16:49 . 2006-01-02 16:49   1276928              c:\windows\Installer\7c4016.msi
+ 2009-05-04 05:29 . 2009-05-04 05:29   1602048              c:\windows\Installer\72ce75.msi
+ 2008-10-20 02:18 . 2008-10-20 02:18   6474240              c:\windows\Installer\64cc77.msp
+ 2006-04-30 10:50 . 2006-04-30 10:50   5864960              c:\windows\Installer\5227a.msp
+ 2004-08-10 18:09 . 2004-08-10 18:10   3443712              c:\windows\Installer\50c4.msi
+ 2008-12-07 07:31 . 2008-12-07 07:31   8989696              c:\windows\Installer\41cb42.msi
+ 2008-12-07 07:27 . 2008-12-07 07:27   1549312              c:\windows\Installer\41c8e4.msi
+ 2009-01-21 14:22 . 2009-01-21 14:22   2600448              c:\windows\Installer\4047e2.msi
+ 2007-04-17 01:11 . 2007-04-17 01:11   3200000              c:\windows\Installer\3bcb2.msi
+ 2009-02-25 11:08 . 2009-02-25 11:08   8311808              c:\windows\Installer\341cac.msp
+ 2009-05-07 01:17 . 2009-05-07 01:17   5026816              c:\windows\Installer\341c97.msp
+ 2008-04-22 23:10 . 2008-04-22 23:10   1015808              c:\windows\Installer\286efa.msi
+ 2009-07-12 11:50 . 2009-07-12 11:50   1640960              c:\windows\Installer\2132827.msi
+ 2009-07-12 11:50 . 2009-07-12 11:50   1652736              c:\windows\Installer\213281d.msi
+ 2009-07-12 11:49 . 2009-07-12 11:49   1652736              c:\windows\Installer\2132818.msi
+ 2009-07-12 11:49 . 2009-07-12 11:49   1652736              c:\windows\Installer\2132813.msi
+ 2009-07-12 11:48 . 2009-07-12 11:48   2319872              c:\windows\Installer\21327ea.msi
+ 2009-07-12 11:48 . 2009-07-12 11:48   1647616              c:\windows\Installer\21327e0.msi
+ 2009-07-12 11:47 . 2009-07-12 11:47   1640960              c:\windows\Installer\21327d2.msi
+ 2009-07-12 11:47 . 2009-07-12 11:47   2022912              c:\windows\Installer\21327cd.msi
+ 2009-07-12 11:47 . 2009-07-12 11:47   1713152              c:\windows\Installer\21327c7.msi
+ 2009-07-12 11:46 . 2009-07-12 11:46   2397184              c:\windows\Installer\21327bd.msi
+ 2009-04-12 13:07 . 2009-04-12 13:07   1485312              c:\windows\Installer\2125f39.msi
+ 2007-04-12 23:41 . 2007-04-12 23:41   1152512              c:\windows\Installer\1d61bd.msi
+ 2009-04-24 04:31 . 2009-04-24 04:31   1425920              c:\windows\Installer\1634b9.msp
+ 2009-05-03 23:46 . 2009-05-03 23:46   8299008              c:\windows\Installer\16183f7.msp
+ 2009-04-24 04:30 . 2009-04-24 04:30   2583552              c:\windows\Installer\16183d9.msp
+ 2006-08-10 22:58 . 2006-08-10 22:58   1094656              c:\windows\Installer\14c03f.msi
+ 2009-05-25 02:33 . 2009-05-25 02:33   1401344              c:\windows\Installer\11b105.msi
+ 2008-04-18 06:56 . 2008-04-18 06:56   6215680              c:\windows\Installer\113fbc2.msp
+ 2008-02-27 03:58 . 2008-02-27 03:58   4890624              c:\windows\Installer\1106b8.msi
+ 2006-06-16 06:10 . 2006-06-16 06:10   1103360              c:\windows\Installer\10f8e53.msi
+ 2009-07-12 12:09 . 2009-07-12 13:17   1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-12 12:09 . 2009-07-12 13:17   1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-09-15 08:25 . 2006-09-15 08:25   3611416              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2009-07-09 07:30 . 2009-07-09 07:30   8142848              c:\windows\ERDNT\AutoBackup\7-9-2009\Users\00000001\ntuser.dat
+ 2009-07-08 08:20 . 2009-07-08 08:20   8130560              c:\windows\ERDNT\AutoBackup\7-8-2009\Users\00000001\ntuser.dat
+ 2009-07-12 20:57 . 2009-07-12 20:57   8241152              c:\windows\ERDNT\AutoBackup\7-13-2009\Users\00000001\ntuser.dat
+ 2009-07-11 21:50 . 2009-07-11 21:50   8208384              c:\windows\ERDNT\AutoBackup\7-12-2009\Users\00000001\ntuser.dat
+ 2009-07-10 16:06 . 2009-07-10 16:06   8183808              c:\windows\ERDNT\AutoBackup\7-11-2009\Users\00000001\ntuser.dat
+ 2009-07-10 00:54 . 2009-07-10 00:54   8179712              c:\windows\ERDNT\AutoBackup\7-10-2009\Users\00000001\ntuser.dat
+ 2009-07-09 08:06 . 2009-07-09 08:06   8179712              c:\windows\ERDNT\7-9-2009\Users\00000001\ntuser.dat
+ 2009-07-08 10:47 . 2009-07-08 10:47   8138752              c:\windows\ERDNT\7-8-2009\Users\00000001\ntuser.dat
+ 2009-07-12 22:39 . 2009-07-12 22:39   8245248              c:\windows\ERDNT\7-13-2009\Users\00000001\ntuser.dat
+ 2009-07-12 02:44 . 2009-07-12 02:44   8212480              c:\windows\ERDNT\7-12-2009\Users\00000001\ntuser.dat
+ 2009-07-11 11:08 . 2009-07-11 11:08   8200192              c:\windows\ERDNT\7-11-2009\Users\00000001\ntuser.dat
+ 2009-07-10 05:18 . 2009-07-10 05:18   8179712              c:\windows\ERDNT\7-10-2009\Users\00000001\ntuser.dat
+ 2005-12-25 14:56 . 2005-12-25 14:56   6170112              c:\windows\Downloaded Installations\{C0FA7138-477B-4FEC-8F23-640C21C2287B}\Microsoft AntiSpyware.msi
+ 2007-03-14 15:31 . 2007-03-14 15:31   6809228              c:\windows\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\Adobe Photoshop Album 3 SE.msi
+ 2006-05-26 15:19 . 2006-05-26 15:19   6575104              c:\windows\Downloaded Installations\{49D57714-1E1D-47B2-8D8B-6A62CCD043E0}\URGE.msi
+ 2009-05-18 15:04 . 2009-05-18 15:04   1062400              c:\windows\Downloaded Installations\{0CDE9D9D-D4F4-4BDF-BC91-5EF80E8017C1}\NotebookIndexer 2.0 1148203.msi
+ 2009-07-12 12:02 . 2009-07-12 12:02   1276720              c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-07-12 12:02 . 2009-07-12 12:02   1612592              c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   8007680              c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-07-12 12:04 . 2009-07-12 12:04   1215328              c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2005-10-16 15:25 . 2005-10-16 15:25   22943232              c:\windows\Installer\f2ce.msi
+ 2005-10-16 15:19 . 2005-10-16 15:19   12983808              c:\windows\Installer\f2b2.msi
+ 2008-07-03 03:37 . 2008-07-03 03:37   11759104              c:\windows\Installer\d5a7f2.msp
+ 2009-02-25 11:07 . 2009-02-25 11:07   11646464              c:\windows\Installer\be239e.msp
+ 2008-12-13 02:21 . 2008-12-13 02:21   10473472              c:\windows\Installer\be2376.msp
+ 2008-08-11 03:51 . 2008-08-11 03:51   15916544              c:\windows\Installer\8caca.msp
+ 2008-08-11 03:49 . 2008-08-11 03:49   22457344              c:\windows\Installer\8caad.msp
+ 2009-04-07 10:07 . 2009-04-07 10:08   32140288              c:\windows\Installer\8a2a25.msi
+ 2008-02-25 07:07 . 2008-02-25 07:07   11772416              c:\windows\Installer\844a5b.msp
+ 2008-10-20 02:22 . 2008-10-20 02:22   11758592              c:\windows\Installer\70ed15.msp
+ 2008-09-24 04:05 . 2008-09-24 04:05   16381440              c:\windows\Installer\70e777.msp
+ 2007-07-12 01:17 . 2007-07-12 01:17   15256576              c:\windows\Installer\6ff4e1.msp
+ 2009-04-03 23:35 . 2009-04-03 23:35   38325760              c:\windows\Installer\4bb7e1.msp
+ 2007-10-14 15:33 . 2007-10-14 15:33   26646016              c:\windows\Installer\27df86.msp
+ 2008-07-29 15:20 . 2008-07-29 15:20   11767296              c:\windows\Installer\243aa4.msp
+ 2009-07-12 12:09 . 2009-07-12 12:09   18181632              c:\windows\Installer\2133929.msi
+ 2004-08-10 18:10 . 2004-08-10 18:10   19204096              c:\windows\Installer\1599f.msp
+ 2009-07-10 04:51 . 2009-07-10 04:51   11486720              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
- 2009-04-15 05:18 . 2009-04-15 05:18   11486720              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

continuation on the nxt post..exceeds 50000 characters.....

[ericson09]

continuation of ComboFix.txt...


.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\donna\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\erunt\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0pgdfgsvc C 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=c:\windows\pss\NTUSER.DATCommon Startup

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=c:\windows\pss\ntuser.dat.LOGCommon Startup

[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=c:\windows\pss\ntuser.iniCommon Startup

[HKLM\~\startupfolder\^Thumbs.db]
path=\Thumbs.db
backup=c:\windows\pss\Thumbs.dbCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1c9cb708b3c5072"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Registry"="c:\program files\Greatis\RegRunSuite\lsoon.exe" -1 30 "c:\program files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"GameXL"=
"MCUpdateExe"=c:\progra~1\McAfee.com\Agent\McUpdate.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"CleanUp"=c:\progra~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [9/29/2007 12:35 PM 149376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/8/2009 12:52 AM 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4/26/2009 1:39 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4/26/2009 1:39 PM 8320]
S4 gupdate1c9cb708b3c5072;Google Update Service (gupdate1c9cb708b3c5072);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-06-19 02:53]

2009-01-10 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-06-19 02:53]

2009-07-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\donna\Application Data\Mozilla\Firefox\Profiles\64s1qrjh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\donna\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 07:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):05,45,9d,fa,9f,f9,b9,9b,d6,7c,bc,b6,a3,e9,a6,9a,f6,e0,75,92,04,
   46,be,2c,3d,f2,d7,b3,aa,04,5d,87,15,4a,a6,d2,58,76,4a,54,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):81,d9,c4,8e,8f,c6,2a,92,a2,56,36,40,66,f4,29,5c,ed,d8,69,e2,fd,
   e9,de,f2,17,72,d9,94,0a,c2,2a,dd,26,02,8d,25,36,9a,4c,ab,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8db79e2b-75ad-4c43-b2b8-34f8efad1fd1}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ee
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
   df,1c,2f,3b,8a,0a,32,11,89,01,b5,33,11,6b,75,43,e0,4c,bd,e3,8a,73,55,b2,e2,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0dc886d-bd9e-491e-970d-2829a7077e75}]
@Denied: (Full) (Everyone)
"Model"=dword:00000075
"Therad"=dword:00000018
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\fxssvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-12  7:41 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-12 23:41
ComboFix.txt  2009-06-19 03:12
ComboFix2.txt  2009-06-21 05:18
ComboFix3.txt  2009-06-20 07:56

Pre-Run: 30,335,254,528 bytes free
Post-Run: 30,312,132,608 bytes free

624   --- E O F ---   2009-07-12 13:20

[ericson09]

this is the fresh HJT logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:46 AM, on 7/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9432 bytes



thanks again

[PCBruiser]

Hi,

Is msconfig working now or not?

[ericson09]

Hi,

msconfig still doesnt working..

what to do next?

thanks again

[ericson09]

Hi,

can we still fix my problem?

thanks..

[PCBruiser]

Hi,

I'm sorry for the delay but last week was very busy for me.  Unavoidable.

Honestly, I don't think we are going to be able to fix this.  I have tried every trick I know of to make msconfig work, and I don't know what more we can do.  I am going to review this topic completely, and see if there is anything I missed.  You should also know that this topic has been looked at by several other experts, and they too have run out of ideas on what to try.

Bottom line, the only thing I can really suggest at this point is a fresh install of Windows.  If you are willing to do that, then I suggest going to Windows 7.  W7 RC1 is available as a free download from Microsoft.   It can be used for free for about a year, and then will stop working until you purchase a license.  I am running W7 on all of my systems now, and really like it, and strongly recommend it.

If you do not want to do a fresh install, there are a few more things I am willing to try, but they might kill your current install of Windows.  So, before we can do them, you should do a full image backup of your system to a second or external hard drive, not your boot hard drive or another partition on that drive.

Let me know.  I am more than happy to continue to try to fix this, but in the end, there are no guarantees that I can be successful.  I think there is a real possibility that the malware you had on your system truly damaged the install beyond our abilities to repair it.

[ericson09]

i need help..

the hal.dll file was missing..

i cant connect to windows.. i just use the other PC..

ill wait for your reply..

i already use windows recovery console using the CD

but it doesnt repair the damage

i already use bootcfg /rebuild and expand d:\i386\hal.dl_ c:\windows\system32\hal.dll

thanks..

[PCBruiser]

That's not good.  The HAL is a critical part of the registry files, and gives Windows information about the hardware configurations.  If that is missing, it often means your hard may have failed.  We need to test the hard drive.  This kind of behavior often suggests a possible hard drive failure.

Here's how to do that.  First, you need to determine what brand hard drive you have.  Unless you happen to know that information, the easiest way to find out is simply to look at the drive itself, and the manufacturer's name will be on a label on the top of the drive.  To do this, turn off your computer, unplug it from the wall and wait an hour.  Then open the case and you should have a clear view of the hard drive.  The manufacturer will be either:

Western Digital
Seagate
Toshiba
Hitachi (or IBM for older Hitachi drives)
Samsung

There are a couple of more minor manufacturers, but those are the "big-5" with over a 90% market share.

Once you know who made the drive, close the case and plug the system back into the wall.

Use another system to do the following steps to create the test disk.  Now, go to the manufacturer's web site.  Under Downloads or Support, etc., you will find the manufacturer's hard drive diagnostics.  You should find two versions, one that creates a bootable floppy, the other that creates a bootable CD.  Pick one or the other, whichever is more convenient.  Then create the bootable disk following the manufacturer's instructions, boot from the disk, and run the diagnostics - there are usually two of them, a Quick one and a much longer Complete one.  Run the Quick one first, and if there are no errors, run the Complete one.  It isn't necessary to run the Complete one if the Quick one shows errors.  Post what you discover.

If you decide to download the CD version, that will be an iso file.  To burn an .iso file, you need to use something like Nero, and do an image burn.  If you do a regular burn the CD won't work.  Alternatively, you can grab a free .iso burner here:

http://isorecorder.alexfeinman.com/isorecorder.htm

Watch the versions, v1 is for doing the burn on an XP SP1 system, v2 for XP SP2 and SP3.  After you download the file, right click on it, and choose Install from the context menu.  That will install the .iso burner.  You may need to reboot.

After that, navigate to the .iso file, right click on it and there will be a new context menu item called something like "Copy file to CD".  Use that, and it will correctly burn the .iso file for you.

[ericson09]

hi i already use my OS CD to repair some damage..

i reinstall the OS but still everytime the PC restart because of the updates in windows, the hal.dll missing error still runs..

i just use the recovery console and bootcfg /rebuild the exit

after it reboots, windows runs again..


here fresh HJT log.. if there's a problem pls let me know.. and what do i need to download or what updates do i still need to update..

thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:15 AM, on 7/21/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

--
End of file - 9795 bytes

[PCBruiser]

Hi,

Your log looks clean.  You are back to SP1 and IE6, so we need to get your system updated to SP3 and IE8, and then do Windows Updates. 

First, please print these instructions so that you have them available to you during your work.

Next, please go to the following links and download the full installers for SP3 and IE8:

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=en

http://www.microsoft.com/windows/ie/downloads/default.mspx

Save the installers to your Desktop.

Do not install them yet!

Next, copy all the text in the code box that follows to Notepad.  Make sure you click on Notepad's Format menu and uncheck Word Wrap first.

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BITS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\WUAUSERV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BITS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\WUAUSERV]
@="Service"
Save the file to your desktop in a file called safemode.txt.  Next, right click on the file, choose Rename from the context menu, highlight the file's extension, and change the file's extension from txt to reg.  Click anywhere on your desktop.  The file should now be named safemode.reg.  Double click on the file.  You will get a warning, permit the merge, and then you will get a merged message.

Now, boot the system to Safe Mode.  Once you are in Safe Mode, install SP3.

Reboot back into Safe Mode and install IE8.

Finally reboot into regular Windows and let's see if things are working now.

If they are, do a Windows Update.  After that completes, reboot, and do Windows Update again, and so on, until there are no more to do, since even the updates have updates and updates of updates.

Next read and implement the suggestions in the following article in the wiki:

http://spywarehammer.com/simplemachinesforum/index.php?topic=2944.0

Finally post back if you have any questions or problems, and to let me know that this has worked properly.