Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bamital infection in winlogon.exe and explorer.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 JClark86

JClark86

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 28 October 2010 - 08:39 AM

So, a short while back I got infected with Antimalware Doctor/Thinkpoint. We managed to manually remove them by deleting the files from another user account, but a lot of detritus remains. I have installed Malwarebytes, HiJack This, Super Anti-Spyware, Spybot Search and Destroy, Avast, AVG and a host of other tools - because all of them kept finding different problems. (The computer already had McAfee.) I used AVG to remove a rootkit, but now that I look at my DDS log I still see the file name associated with it (ceskrl) under services. I used the other pieces of software to remove various pieces of malware - I kept scanning until it came out repeatedly clean. In the end, I thought I had cleared out everything except one problem I just could not get rid of.

Winlogon.exe and explorer.exe show as infected in AVG and Avast. AVG says they have the trojan Patched_c.JHH and .JHC; Avast says that it's Bamital (Bamital seems to be the more commonly used term, so I went with it.) Neither program can clean them, and no other program even detects the infection.

I might think it was a false positive, but I'm getting redirects of my Google searches with IE that match the commonly posted symptoms with Bamital (I switched to Firefox and so far I have seen no redirects) and error boxes telling me I don't have permission to access files that spring up when I first open Firefox, pointing at files in my JRE6 folder. More precisely: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." This pops up twice, first with C:\Program Files\Java\jre6\lib\deploy\jqs\ff\..\..\..\..\bin\jqsnotify.exe in the title and then with C:\Documents and Settings\jclark\Application Data\Mozilla\Firefox\Profiles\9mbx003o.default\extensions\{E2283E8F-47...

I fixed that by manually turning off Java QuickStart and then removing all extensions from Firefox, but the message itself persists in several other situations, such as trying to install Flash automatically. I had to manually go find the Flash installer in my temp file and run it, and at the end I got the error again for msiexec.dll or whatever the windows installer file was called (but Flash still installed.)

Seeing that Combofix was generally the recommended way across support boards to fix messed-up system files, I attempted to run it (yes I know I'm not supposed to, but I'm pretty sure it's the only thing that can actually stand a chance at repairing explorer.exe and winlogon.exe, and this was before I really found this board) but it would not work; I got multiple error boxes citing me not having permission to access files, similar to the above but with different files in the title.

I should perhaps note I am a decently advanced user - not so advanced that I haven't gotten malware before, but advanced enough that I have never before failed to get rid of it. There's just seemingly no program that can both detect and fix the problem with explorer.exe/winlogon.exe. The permission errors MIGHT have something to do with me being on a networked work computer (Windows XP Pro SP 3, by the way), but I have generally been able to install or run anything else before that I have ever tried - the errors are brand new.

Any thoughts? Thanks!

DDS Log below, Attach and GMER log attached.

DDS (Ver_10-10-21.02) - NTFSx86
Run by jclark at 7:59:13.76 on Thu 10/28/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.1294 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GPS Pathfinder Office 3.00\conmgr.exe
C:\Program Files\GPS Pathfinder Office 3.00\PfPjChgr.exe
C:\PROGRA~1\COMMON~1\Trimble\REMOTE~1\TRDMU.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jclark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ncf.edu/
uWindow Title = Microsoft Internet Explorer provided by New College of Florida
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PFO Check Settings] pfochk.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\jclark\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\jclark\desktop\virus removal tool\setup_9.0.0.722_26.10.2010_23-19\startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gpspat~2.lnk - c:\program files\gps pathfinder office 3.00\conmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gpspat~1.lnk - c:\program files\gps pathfinder office 3.00\PfPjChgr.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242760769417
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242763554281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jclark\applic~1\mozilla\firefox\profiles\9mbx003o.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {163DEDD5-4850-40D3-8B84-CFD437C11211} - c:\documents and settings\administrator\local settings\application data\{163DEDD5-4850-40D3-8B84-CFD437C11211}
FF - HiddenExtension: XULRunner: {6A233C29-DC6D-4112-B649-561A51CA1A6D} - c:\documents and settings\jclark\local settings\application data\{6A233C29-DC6D-4112-B649-561A51CA1A6D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 57199132;57199132 Boot Guard Driver;c:\windows\system32\drivers\57199132.sys [2010-10-26 37392]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-7 340592]
R1 57199131;57199131;c:\windows\system32\drivers\57199131.sys [2010-10-26 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 setup_9.0.0.722_26.10.2010_23-19drv;setup_9.0.0.722_26.10.2010_23-19drv;c:\windows\system32\drivers\5719913.sys [2010-10-26 315408]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-5-19 67904]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-10-30 36608]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-7 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-7 42424]
S0 ceskrl;ceskrl; [x]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-25 16968]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-5-19 64432]
S3 uti3otqy;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [2010-10-26 7168]

=============== Created Last 30 ================

2010-10-27 20:51:58 -------- d-----w- c:\program files\Lame for Audacity
2010-10-27 15:04:10 -------- d-----w- c:\program files\IrfanView
2010-10-27 13:23:14 -------- d-----w- c:\program files\Smart MP3 Converter
2010-10-26 21:28:44 7168 ----a-w- c:\windows\system32\drivers\uti3otqy.sys
2010-10-26 21:20:49 37392 ----a-w- c:\windows\system32\drivers\57199132.sys
2010-10-26 21:20:49 315408 ----a-w- c:\windows\system32\drivers\5719913.sys
2010-10-26 21:20:49 128016 ----a-w- c:\windows\system32\drivers\57199131.sys
2010-10-26 12:43:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-26 12:40:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-26 12:29:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-26 12:29:58 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-25 20:20:35 -------- d-----w- c:\docume~1\jclark\locals~1\applic~1\Mozilla
2010-10-25 20:00:22 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-25 20:00:20 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-25 20:00:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-10-25 18:56:33 -------- d--h--w- C:\$AVG
2010-10-25 18:47:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-25 18:47:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-25 18:33:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-25 18:33:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 18:33:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-25 18:04:57 -------- d-----w- c:\docume~1\jclark\applic~1\AVG10
2010-10-25 18:02:49 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-25 18:00:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-25 17:57:26 -------- d-----w- c:\docume~1\jclark\applic~1\SUPERAntiSpyware.com
2010-10-25 17:56:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-25 17:51:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-25 17:45:05 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-25 17:38:39 -------- d-----w- c:\program files\Trend Micro
2010-10-22 18:23:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-21 18:02:12 -------- d-----w- c:\docume~1\jclark\applic~1\Malwarebytes
2010-10-21 18:01:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-21 17:56:37 -------- d-----w- c:\windows\pss
2010-10-21 17:49:21 0 ----a-w- c:\windows\Efeyave.bin
2010-10-21 17:49:19 -------- d-----w- c:\docume~1\jclark\locals~1\applic~1\{6A233C29-DC6D-4112-B649-561A51CA1A6D}
2010-10-21 17:39:04 -------- d-----w- C:\QUARANTINE
2010-10-21 17:37:45 194 ----a-w- c:\docume~1\jclark\applic~1\4552.bat
2010-10-21 17:36:23 195 ----a-w- c:\docume~1\jclark\applic~1\39598.bat
2010-10-21 17:36:07 -------- d-----w- c:\docume~1\jclark\applic~1\Equg
2010-10-21 17:36:07 -------- d-----w- c:\docume~1\jclark\applic~1\Bapae
2010-10-19 16:19:11 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-19 16:19:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-19 16:19:11 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-19 16:19:10 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-18 19:10:50 -------- d-----w- c:\documents and settings\jclark\.tokentool
2010-10-14 22:56:08 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 22:56:08 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 22:56:08 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 22:56:02 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-18 15:44:20 191488 ----a-w- c:\windows\system32\hlvdd.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 8:00:23.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JClark86

JClark86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 02 November 2010 - 07:43 AM

I fixed the problem - you can close the topic, thanks!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 PM

Posted 02 November 2010 - 04:30 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users