Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Avast, couldn't remove Bamital-AO, now blank desktop, no taskbar


  • This topic is locked This topic is locked
23 replies to this topic

#1 A1T1

A1T1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 December 2010 - 04:13 PM

Hi, my computer started hanging up in Internet Explorer a week or so ago so I thought I better scan it for viruses. I had an out of date AVG free version which wasn't working or updating so I removed it and installed the latest Avast free version. I ran it and it found a few issues but only one, Win32: Bamital-AO it wasn't able to remove, saying the files were "read only". So I re-ran Avast in "boot scan" mode. It found quite a few more issues but still couldn't remove the Bamital-AO files (in explorer.exe and winlogon.exe). After the boot scan the taskbar and desktop failed to load. I tried: restarting, logging on another profile, running explorer.exe manually thru task manager ("Windows cannot access ...") and System Restore thru msconfig.exe (twice), all without success. Now I'm stuck and don't know where to go from here. I don't know how to get onto the internet to download the programs recommended in the getting started posts on this forum so I can't provide any of the logs yet. I appreciate any help you can provide me. I'm running Windows XP.

Thanks,
Al

Edited by Blade Zephon, 28 December 2010 - 11:24 PM.
Leaving in Log Forum; OP cannot provide logs. ~BZ


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 02 January 2011 - 10:18 AM

Hello ,

Posted Image

Sorry for the delay. :( If you still need help, please let me know. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 10 January 2011 - 12:34 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 13 January 2011 - 12:05 AM

Hi Alec,

Bamital infects winlogon and explorer, and this should fix it. :)

If you still have no access to the internet, download the following tool to a flash drive from a different computer, then put it on the infected one and run it.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. IF YOU USE AVG IT MUST BE UNINSTALLED OR THIS WILL NOT RUN.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to Alec.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 A1T1

A1T1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 13 January 2011 - 02:45 AM

Ok. I'll save you the messy details but after a few tries I finally got a log. See attached. I got 2 {Fatal System Error} messages when Combofix was running and I had to restart both times. My desktop and taskbar are back and, in fact, loaded after the first aborted Combofix run! I'm happy for that!
Also, not sure if relevant, but when I first started having major issues with my pc around xmas at one point I had a ZalmanFrisbee FTP box pop up and act like it was trying to transfer files. I immediately closed it and then uninstalled it. I know I never installed that program nor had ever seen/heard of it before. That's when I got worried...

Attached Files

  • Attached File  log.txt   16.13KB   1 downloads


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 13 January 2011 - 07:27 AM

Good morning :)

Excellent progress, but only part way there. What I would like for you to do is update to SP3, then have another run with ComboFix and post the report, please. After that it ought to be better still. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 A1T1

A1T1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 13 January 2011 - 04:59 PM

Ok, installed SP3 (thought I already had it!) and re-ran Combofix. Log attached.

Attached Files

  • Attached File  log2.txt   390.94KB   2 downloads


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 13 January 2011 - 05:32 PM

Hello,

Looking better. :) How is it running?


Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 A1T1

A1T1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 14 January 2011 - 01:39 AM

Hi Tea,
Ran TDSSKiller and it found one rootkit which it seems to have cleaned out. Attached are the before and after logs. I'm finally able to use my pc again and run internet explorer without it giving me problems. Things are looking up! I still feel like something is amiss though but can't say what. Any further thoughts? Thanks for all your help up to this point!!!

Attached Files



#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 14 January 2011 - 11:56 AM

Happy Friday to you :)

You're so welcome! Glad it's so much better. :thumbup2:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 A1T1

A1T1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 14 January 2011 - 01:13 PM

Tea,
My system still seems a little wacky/slow but could just be the updates and all sorting out. Ran ComboFix with the CFScript. Do you prefer I attach log file or paste it into post? I'll paste it this time:

ComboFix 11-01-14.01 - Alec 01/14/2011 9:42.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.492 [GMT -8:00]
Running from: c:\documents and settings\Alec\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alec\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 17:53 . 2011-01-14 17:53 -------- d-----w- c:\windows\LastGood
2011-01-14 07:18 . 2010-11-16 20:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A1F2E988-F60B-4059-B355-DC4C956B4805}\mpengine.dll
2011-01-14 07:18 . 2010-10-19 18:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-14 07:04 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-14 06:52 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-01-14 06:43 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-01-14 06:43 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-14 06:43 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-14 06:43 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-01-14 06:38 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-14 06:38 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-01-14 06:23 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-01-14 06:23 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-14 06:19 . 2009-08-07 03:23 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-01-13 19:53 . 2011-01-13 19:53 -------- d-----w- c:\windows\ServicePackFiles
2011-01-13 19:46 . 2006-12-29 08:31 19569 ----a-w- c:\windows\002821_.tmp
2011-01-13 19:42 . 2011-01-13 19:42 -------- d-----w- c:\windows\EHome
2010-12-28 16:57 . 2011-01-13 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-28 16:57 . 2010-12-28 16:57 -------- d-----w- c:\program files\Alwil Software
2010-12-28 16:38 . 2010-12-28 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2010-12-24 07:25 . 2010-12-24 07:25 -------- d-----w- c:\documents and settings\Alec\Application Data\27EBC6A018243AE41055187A56663652

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot_2011-01-13_20.31.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 07:42 . 2009-06-29 07:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2005-05-26 11:16 . 2009-08-07 03:24 44768 c:\windows\system32\wups2.dll
+ 2005-01-06 03:38 . 2009-08-07 03:24 35552 c:\windows\system32\wups.dll
+ 2005-01-06 01:10 . 2009-08-07 03:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
- 2006-01-27 19:33 . 2007-08-11 04:46 26488 c:\windows\system32\spupdsvc.exe
+ 2006-01-27 19:33 . 2007-07-27 18:41 26488 c:\windows\system32\spupdsvc.exe
- 2008-08-09 03:56 . 2007-08-11 04:46 17272 c:\windows\system32\spmsg.dll
+ 2008-08-09 03:56 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2011-01-14 06:19 . 2009-08-07 03:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2011-01-14 06:19 . 2009-08-07 03:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2008-01-11 05:53 44544 c:\windows\system32\pngfilt.dll
+ 2009-11-06 06:17 . 2009-11-06 06:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2005-01-06 01:07 . 2008-04-14 13:42 91648 c:\windows\system32\mtxoci.dll
+ 2005-01-06 01:07 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 11264 c:\windows\system32\msrle32.dll
- 2006-11-08 05:03 . 2007-12-07 02:21 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 05:03 . 2010-11-06 00:34 52224 c:\windows\system32\msfeedsbs.dll
- 2005-01-06 01:07 . 2008-04-14 13:42 58880 c:\windows\system32\msdtclog.dll
+ 2005-01-06 01:07 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2006-11-07 11:26 . 2010-11-03 12:24 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 11:26 . 2007-12-06 11:00 13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00 . 2007-12-07 02:21 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2007-12-06 11:00 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2004-08-04 12:00 . 2008-04-14 13:41 80384 c:\windows\system32\iccvid.dll
+ 2006-10-17 19:58 . 2010-11-06 00:34 63488 c:\windows\system32\icardie.dll
- 2006-10-17 19:58 . 2007-12-07 02:21 63488 c:\windows\system32\icardie.dll
+ 2004-08-04 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2005-01-06 03:38 . 2009-08-07 03:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2005-01-06 01:10 . 2009-08-07 03:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2008-01-11 05:53 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2007-12-07 02:21 . 2010-11-06 00:34 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-12-07 02:21 . 2007-12-07 02:21 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-08-04 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2007-12-06 11:00 . 2007-12-06 11:00 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-12-06 11:00 . 2010-11-03 12:24 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2007-12-06 11:00 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21 . 2007-12-07 02:21 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-12-07 02:21 . 2010-11-06 00:34 63488 c:\windows\system32\dllcache\icardie.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2009-08-07 03:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 12:00 . 2009-08-07 03:24 96480 c:\windows\system32\cdm.dll
+ 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2004-08-04 12:00 . 2008-04-14 13:41 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 12:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2004-08-04 12:00 . 2008-04-14 13:41 58880 c:\windows\system32\atl.dll
+ 2004-08-04 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2009-06-25 03:56 . 2009-06-25 03:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2010-09-23 23:55 . 2010-09-23 23:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2007-04-14 04:58 . 2007-04-14 04:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 10:26 . 2010-09-23 10:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 10:26 . 2010-09-23 10:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 10:26 . 2010-09-23 10:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 11:17 . 2010-09-23 11:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 05:30 . 2007-04-14 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 03:19 . 2003-02-21 03:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 11:17 . 2010-09-23 11:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-01-14 17:16 . 2011-01-14 17:16 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-01-14 17:32 . 2011-01-14 17:32 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-09-02 03:23 . 2009-09-02 03:23 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-01-14 17:30 . 2011-01-14 17:30 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-14 17:17 . 2011-01-14 17:17 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2006-10-27 04:13 . 2006-10-27 04:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
+ 2007-03-22 01:58 . 2007-03-22 01:58 24416 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2006-10-27 04:07 . 2006-10-27 04:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
+ 2007-03-22 02:00 . 2007-03-22 02:00 72096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2011-01-14 17:20 . 2008-01-11 05:53 44544 c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 52224 c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 27648 c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll
+ 2011-01-14 17:20 . 2007-12-06 11:00 13824 c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe
+ 2011-01-14 17:20 . 2007-12-07 02:21 44544 c:\windows\ie7updates\KB2416400-IE7\iernonce.dll
+ 2011-01-14 17:20 . 2008-04-14 13:41 81920 c:\windows\ie7updates\KB2416400-IE7\ieencode.dll
+ 2011-01-14 17:20 . 2007-12-06 11:00 70656 c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe
+ 2011-01-14 17:20 . 2007-12-07 02:21 63488 c:\windows\ie7updates\KB2416400-IE7\icardie.dll
+ 2011-01-14 17:20 . 2008-04-14 13:41 35328 c:\windows\ie7updates\KB2416400-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2011-01-14 17:19 . 2011-01-14 17:19 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f2d7c458\System.Drawing.Design.dll
+ 2011-01-14 17:19 . 2011-01-14 17:19 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c362d34a\CustomMarshalers.dll
+ 2011-01-14 17:19 . 2011-01-14 17:19 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
- 2005-02-02 06:49 . 2008-03-30 00:04 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2005-01-06 01:10 . 2009-08-07 03:24 209632 c:\windows\system32\wuweb.dll
+ 2005-01-06 01:10 . 2009-08-07 03:24 327896 c:\windows\system32\wucltui.dll
+ 2005-01-06 01:10 . 2009-08-07 03:23 575704 c:\windows\system32\wuapi.dll
- 2006-10-19 04:47 . 2006-10-19 04:47 295936 c:\windows\system32\wmpeffects.dll
+ 2006-10-19 04:47 . 2008-06-25 02:12 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-04 12:00 . 2009-07-14 07:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 12:00 . 2008-06-18 13:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2004-08-04 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 406016 c:\windows\system32\usp10.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2008-10-15 16:34 337408 c:\windows\system32\netapi32.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 337408 c:\windows\system32\netapi32.dll
+ 2006-12-15 15:47 . 2009-08-07 03:23 274288 c:\windows\system32\mucltui.dll
+ 2004-08-04 12:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 12:00 . 2008-04-14 13:42 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-04 12:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2006-12-05 00:21 414720 c:\windows\system32\msscp.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\msrating.dll
+ 2005-01-06 01:07 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2005-01-06 01:07 . 2008-04-14 13:42 343040 c:\windows\system32\mspaint.exe
+ 2004-08-04 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 478208 c:\windows\system32\mshtmled.dll
+ 2006-11-08 05:03 . 2010-11-06 00:34 468480 c:\windows\system32\msfeeds.dll
+ 2005-01-06 01:07 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2005-01-06 01:07 . 2008-04-14 13:42 161792 c:\windows\system32\msdtcuiu.dll
+ 2005-01-06 01:07 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2005-01-06 01:07 . 2008-04-14 13:42 956928 c:\windows\system32\msdtctm.dll
+ 2005-01-06 01:07 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-11-06 06:17 . 2009-11-06 06:17 297808 c:\windows\system32\mscoree.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2008-06-18 09:09 100864 c:\windows\system32\logagent.exe
- 2004-08-04 12:00 . 2006-10-19 03:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-04 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
- 2004-08-04 12:00 . 2008-04-14 13:41 512000 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2005-01-06 01:10 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2005-01-06 01:10 . 2008-04-14 13:41 691712 c:\windows\system32\inetcomm.dll
+ 2006-10-17 19:57 . 2010-11-06 00:34 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 384512 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 19:27 . 2010-11-06 00:34 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-04 12:00 . 2007-12-06 04:59 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2008-10-23 12:36 286720 c:\windows\system32\gdi32.dll
+ 2005-01-05 16:54 . 2011-01-14 17:35 237552 c:\windows\system32\FNTCACHE.DAT
- 2005-01-05 16:54 . 2011-01-13 20:03 237552 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2007-12-07 02:21 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 12:00 . 2007-12-19 23:01 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2008-06-20 11:08 225856 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-04 12:00 . 2008-06-20 11:40 138496 c:\windows\system32\drivers\afd.sys
- 2004-08-04 12:00 . 2008-04-14 13:41 147968 c:\windows\system32\dnsapi.dll
+ 2004-08-04 12:00 . 2008-06-20 17:46 147968 c:\windows\system32\dnsapi.dll
+ 2005-01-06 01:10 . 2009-08-07 03:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2005-01-06 01:10 . 2009-08-07 03:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2005-01-06 01:10 . 2009-08-07 03:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-04 12:00 . 2009-07-14 07:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 12:00 . 2008-06-18 13:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2007-06-27 06:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2008-06-20 11:08 . 2008-06-20 11:08 225856 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2009-06-25 08:25 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2006-12-05 00:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-12-07 02:21 . 2010-11-06 00:34 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-04 12:00 . 2006-10-19 03:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 12:00 . 2008-06-18 09:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2010-01-29 15:01 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2005-01-06 01:09 . 2010-10-18 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-12-07 02:21 . 2010-11-06 00:34 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-12-07 02:21 . 2010-11-06 00:34 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 12:00 . 2007-12-06 04:59 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-23 12:36 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2007-12-19 23:01 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-06-20 17:46 . 2008-06-20 17:46 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 11:40 . 2008-06-20 11:40 138496 c:\windows\system32\dllcache\afd.sys
+ 2004-08-04 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2007-12-07 02:21 124928 c:\windows\system32\advpack.dll
- 2007-04-14 04:58 . 2007-04-14 04:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 10:26 . 2010-09-23 10:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 10:25 . 2010-09-23 10:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 04:56 . 2007-04-14 04:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 11:17 . 2010-09-23 11:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 05:30 . 2007-04-14 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-11-12 19:08 . 2010-11-12 19:08 889344 c:\windows\Installer\7a9b7.msp
+ 2011-01-14 17:17 . 2011-01-14 17:17 432640 c:\windows\Installer\7a94d.msi
+ 2011-01-14 17:16 . 2011-01-14 17:16 429568 c:\windows\Installer\7a946.msi
+ 2005-02-02 06:49 . 2011-01-14 17:27 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-02-02 06:49 . 2011-01-14 17:27 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-02-02 06:49 . 2008-03-30 00:04 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-10-27 03:49 . 2006-10-27 03:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
+ 2007-05-10 16:04 . 2007-05-10 16:04 846248 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE
+ 2006-10-27 03:12 . 2006-10-27 03:12 396592 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE
+ 2004-08-04 12:00 . 2007-06-27 06:10 317440 c:\windows\inf\unregmp2.exe
+ 2011-01-14 17:20 . 2007-12-07 02:21 824832 c:\windows\ie7updates\KB2416400-IE7\wininet.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 233472 c:\windows\ie7updates\KB2416400-IE7\webcheck.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 105984 c:\windows\ie7updates\KB2416400-IE7\url.dll
+ 2011-01-14 17:20 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll
+ 2011-01-14 17:20 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe
+ 2011-01-14 17:20 . 2007-12-07 02:21 102912 c:\windows\ie7updates\KB2416400-IE7\occache.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 671232 c:\windows\ie7updates\KB2416400-IE7\mstime.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 193024 c:\windows\ie7updates\KB2416400-IE7\msrating.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 478208 c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 459264 c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll
+ 2011-01-14 17:20 . 2007-12-06 11:01 625664 c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
+ 2011-01-14 17:20 . 2007-12-07 02:21 267776 c:\windows\ie7updates\KB2416400-IE7\iertutil.dll
+ 2011-01-14 17:20 . 2006-11-08 05:03 191488 c:\windows\ie7updates\KB2416400-IE7\iepeers.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 384512 c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 383488 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll
+ 2011-01-14 17:20 . 2007-12-06 04:59 161792 c:\windows\ie7updates\KB2416400-IE7\ieakui.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 230400 c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 153088 c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 133120 c:\windows\ie7updates\KB2416400-IE7\extmgr.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 214528 c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll
+ 2011-01-14 17:20 . 2007-12-19 23:01 347136 c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 124928 c:\windows\ie7updates\KB2416400-IE7\advpack.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6cceec36\System.Drawing.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c06b56ff\System.Drawing.Design.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f5e1cb70\CustomMarshalers.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-10-01 00:42 . 2008-10-01 00:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2005-01-06 01:10 . 2009-08-07 03:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-04 12:00 . 2010-04-06 12:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2011-01-13 19:56 . 2009-07-31 18:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 08:05 . 2009-07-21 08:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 3604480 c:\windows\system32\mshtml.dll
+ 2006-11-08 05:03 . 2010-11-06 00:34 6075904 c:\windows\system32\ieframe.dll
+ 2006-09-06 07:01 . 2010-07-05 20:32 2452872 c:\windows\system32\ieapfltr.dat
+ 2005-01-06 01:10 . 2009-08-07 03:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-04 12:00 . 2010-04-06 12:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2010-10-26 13:25 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-27 06:30 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-02-05 18:27 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2011-01-13 19:56 . 2009-07-31 18:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 12:00 . 2010-11-06 00:34 3604480 c:\windows\system32\dllcache\mshtml.dll
+ 2007-12-07 02:21 . 2010-11-06 00:34 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2007-04-17 09:32 . 2010-07-05 20:32 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2010-09-23 23:55 . 2010-09-23 23:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 05:35 . 2007-04-14 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 23:55 . 2010-09-23 23:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 05:35 . 2007-04-14 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 10:26 . 2010-09-23 10:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 10:25 . 2010-09-23 10:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 04:50 . 2007-04-14 04:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 23:55 . 2010-09-23 23:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-12-17 06:58 . 2009-12-17 06:58 5382144 c:\windows\Installer\7a9fa.msp
+ 2008-10-25 17:15 . 2008-10-25 17:15 6227456 c:\windows\Installer\7a9e4.msp
+ 2009-09-29 17:08 . 2009-09-29 17:08 6747648 c:\windows\Installer\7a9d1.msp
+ 2010-12-06 23:02 . 2010-12-06 23:02 5518848 c:\windows\Installer\7a99f.msp
+ 2010-08-26 01:06 . 2010-08-26 01:06 6479360 c:\windows\Installer\7a98c.msp
+ 2010-08-24 17:49 . 2010-08-24 17:49 6825472 c:\windows\Installer\7a95e.msp
+ 2007-03-22 01:58 . 2007-03-22 01:58 4145520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-05-10 17:11 . 2007-05-10 17:11 1767256 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2006-10-27 22:18 . 2006-10-27 22:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-03-22 01:56 . 2007-03-22 01:56 8425856 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2011-01-14 17:20 . 2007-12-07 02:21 1159680 c:\windows\ie7updates\KB2416400-IE7\urlmon.dll
+ 2011-01-14 17:20 . 2007-12-08 05:21 3592192 c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
+ 2011-01-14 17:20 . 2007-12-07 02:21 6066176 c:\windows\ie7updates\KB2416400-IE7\ieframe.dll
+ 2011-01-14 17:20 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dat
+ 2011-01-14 17:19 . 2011-01-14 17:19 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fc1dc5a3\System.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fbb04ae3\System.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d4dd655d\System.Xml.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_65f5395b\System.Xml.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_fd860c49\System.Windows.Forms.dll
+ 2011-01-14 17:19 . 2011-01-14 17:19 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_620c5e36\System.Windows.Forms.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_489598bc\System.Drawing.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9e26dd3f\System.Design.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_318f3da7\System.Design.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_57423d3a\mscorlib.dll
+ 2011-01-14 17:20 . 2011-01-14 17:20 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1bdeafc9\mscorlib.dll
- 2008-02-28 22:03 . 2008-02-28 22:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2011-01-14 17:19 . 2011-01-14 17:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2008-02-28 22:03 . 2008-02-28 22:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-01-14 17:19 . 2011-01-14 17:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2004-08-04 12:00 . 2009-07-14 07:43 10841088 c:\windows\system32\wmp.dll
+ 2004-08-04 12:00 . 2009-07-14 07:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2010-09-24 22:08 . 2010-09-24 22:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2009-04-04 15:35 . 2009-04-04 15:35 38325760 c:\windows\Installer\7aa20.msp
+ 2011-01-14 17:29 . 2011-01-14 17:29 20303872 c:\windows\Installer\7aa03.msp
+ 2011-01-14 17:23 . 2011-01-14 17:23 15710720 c:\windows\Installer\7a9bf.msp
+ 2010-09-24 15:08 . 2010-09-24 15:08 17518080 c:\windows\Installer\7a97a.msp
+ 2007-05-10 17:25 . 2007-05-10 17:25 14677368 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2007-05-08 18:10 . 2007-05-08 18:10 16874376 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-03 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2005-03-02 03:49 24672 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-19 05:16 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\hp\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\hp\\digital imaging\\bin\\hpqscnvw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [12/21/2006 1:36 PM 17456]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/21/2006 1:36 PM 670128]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 3:52 AM 106496]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/21/2006 1:36 PM 2041904]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [1/5/2005 5:46 PM 27008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 11:02 AM 135664]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [12/21/2006 1:36 PM 14924]
.
Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:01]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:01]

2011-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://mongocam1.viewnetcam.com:50000/SysCamInst.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 10:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\LxrJD31s.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-01-14 10:06:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 18:06
ComboFix2.txt 2011-01-13 20:35
ComboFix3.txt 2011-01-13 07:20

Pre-Run: 12,653,273,088 bytes free
Post-Run: 12,635,004,928 bytes free

- - End Of File - - 4E9F58E679F61E7E1A8FEA899602CA99



Thank you!

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 14 January 2011 - 02:12 PM

I actually prefer them pasted in, so you did just fine. :thumbup2:

That log looks much better. Give it a little time and another restart or so, then let me know if it's still running funny after while, just so we know for sure that's what is going on. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 A1T1

A1T1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 14 January 2011 - 04:05 PM

Hi Tea,
Ok, great! I'll play around with it today and see how it goes. This whole process has made me realize I need to be more proactive in keeping my system clean. I was thinking I should go through and uninstall all the garbage programs and stuff that is old or unused. Also wondering if there things loading at startup that are unneccessary. And, would you recommend re-installing Avast Free or other free AV program to protect my system from now on? I welcome your suggestions.

Happy Friday to you. :thumbsup:
Alec

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 PM

Posted 14 January 2011 - 04:49 PM

Hi Alec,

Avast! is good, or Avira, which is what I use on my own system. http://www.free-av.com/

If you like, I can go through it for you, and we'll do it the easy peasy way. :lol:

Get HijackThis from here: http://free.antivirus.com/hijackthis/

Open it up and choose scan and save a log file. The log will popup, and post that here for me to go through. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 A1T1

A1T1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 14 January 2011 - 11:04 PM

Hi Tea,
Sounds good. Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:55:19 PM, on 1/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Alec\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://mongocam1.viewnetcam.com:50000/SysCamInst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242618053912
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294945015701
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://usgbc.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 8477 bytes


Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users