Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

start up very slow and now, no startup bar and desktop icons

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: start up very slow and now, no startup bar and desktop icons

Unread postby amash » January 8th, 2009, 5:39 pm

John,

I couldn't copy and paste the C:\SwSetup\Hpgob\CH\Setup.exe file into the two virus scan websites you suggested.
These websites only allow me to browse and insert a file into the white box. so i chased the file and got the below results from both websites:

File HPGOB_B1.1.3_SCH.CVA received on 12.22.2008 22:41:55 (CET)
Current status: finished
Result: 0/38 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.22 -
AntiVir 7.9.0.45 2008.12.22 -
Authentium 5.1.0.4 2008.12.22 -
Avast 4.8.1281.0 2008.12.21 -
AVG 8.0.0.199 2008.12.22 -
BitDefender 7.2 2008.12.22 -
CAT-QuickHeal 10.00 2008.12.22 -
ClamAV 0.94.1 2008.12.22 -
Comodo 800 2008.12.22 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 -
F-Secure 8.0.14332.0 2008.12.22 -
Fortinet 3.117.0.0 2008.12.22 -
GData 19 2008.12.22 -
Ikarus T3.1.1.45.0 2008.12.22 -
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.22 -
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 -
Microsoft 1.4205 2008.12.22 -
NOD32 3712 2008.12.22 -
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.22 -
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.22 -
Rising 21.09.02.00 2008.12.22 -
SecureWeb-Gateway 6.7.6 2008.12.22 -
Sophos 4.37.0 2008.12.22 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.22 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.22 -
VBA32 3.12.8.10 2008.12.22 -
ViRobot 2008.12.22.1530 2008.12.22 -
VirusBuster 4.5.11.0 2008.12.22 -
Additional information
File size: 2700 bytes
MD5...: 05b9dd0b4fadf20bb79b8a0f31725b4d
SHA1..: f1eab7e1d1685fba4d9cad81a0cce64f0232172e
SHA256: 59e46baa8449562ed8681ec4975144215845f61841e276ced3c905768c50322d
SHA512: 556f907acf6c0a8b2216b6b0e10a8302e39ecbec38fd0d0674038897876d2e19
3d0ecac839d46f44bdf5a6133fd0d7d084037d0bfc2995abb830f19f7ec23569
ssdeep: 48:N1Z7KuMmRUReLTy+38ao0be68GcWB1ho5LEp/FLOf4JOKbQTVa01cQIWsKfOv
OuE:LZ9MmRUReLTy+38ao0be68GcWB1ho5L7
PEiD..: -
TrID..: File type identification
Compaq Diagnostics (99.4%)
Generic INI configuration (0.5%)
PEInfo: -




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Service load:
0% 100%
File: HPGOB_B1.1.3_SCH.CVA
Status:
OK
MD5: 05b9dd0b4fadf20bb79b8a0f31725b4d
Packers detected:
-
Scanner results
Scan taken on 08 Jan 2009 21:24:03 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


==========================================================


ComboFix 09-01-08.01 - mike 2009-01-09 8:11:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.154 [GMT 11:00]
Running from: c:\documents and settings\mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mike\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090108-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\SYSTEM32\wdmaud.sys
.

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-09 07:10 . 2009-01-09 07:10 <DIR> d-------- c:\program files\ERUNT
2009-01-04 00:11 . 2009-01-04 00:11 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-03 20:37 . 2009-01-03 20:38 <DIR> d-------- c:\program files\CCleaner
2009-01-03 20:15 . 2009-01-03 20:15 <DIR> d-------- c:\documents and settings\mike\Application Data\Uniblue
2008-12-30 09:16 . 2008-12-30 09:16 203,776 --a------ c:\windows\system32\clrviddc.dll
2008-12-26 08:14 . 2008-12-26 08:14 <DIR> d-------- c:\documents and settings\mike\Application Data\PCF-VLC
2008-12-25 23:10 . 2008-12-25 23:10 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-25 23:09 . 2008-12-25 23:09 <DIR> d-------- c:\program files\Real
2008-12-25 23:09 . 2008-12-25 23:10 <DIR> d-------- c:\program files\Common Files\Real
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\documents and settings\mike\Application Data\Participatory Culture Foundation
2008-12-24 23:51 . 2008-12-24 23:51 <DIR> d-------- c:\program files\Participatory Culture Foundation
2008-12-24 21:38 . 2009-01-03 09:02 250 --a------ c:\windows\gmer.ini
2008-12-21 10:14 . 2008-12-21 10:14 <DIR> d-------- c:\program files\Alwil Software
2008-12-19 09:17 . 2008-12-19 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-19 07:57 . 2008-12-19 07:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-18 23:06 . 2008-12-18 23:06 <DIR> d-------- c:\program files\Lavasoft
2008-12-18 00:55 . 2008-12-18 00:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-18 00:55 . 2009-01-09 07:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 16:36 . 2008-12-14 16:36 <DIR> d-------- c:\documents and settings\mike\Application Data\Malwarebytes
2008-12-14 16:36 . 2008-12-14 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 08:49 . 2008-12-13 08:49 <DIR> d-------- c:\program files\Trend Micro
2008-12-12 09:01 . 2008-12-12 09:01 <DIR> d-------- c:\program files\Common Files\Scanner
2008-12-12 08:58 . 2008-12-12 08:58 <DIR> d-------- c:\documents and settings\mike\Application Data\Yahoo!
2008-12-12 08:58 . 2008-12-31 10:06 <DIR> dr-h----- c:\documents and settings\All Users\Application Data\yahoo!
2008-12-12 08:57 . 2008-12-31 10:08 <DIR> d-------- c:\program files\Yahoo!
2008-12-10 08:35 . 2008-12-10 08:35 <DIR> d-------- c:\windows\system32\scripting
2008-12-10 08:35 . 2008-12-10 08:35 <DIR> d-------- c:\windows\system32\en
2008-12-10 08:35 . 2008-12-10 08:35 <DIR> d-------- c:\windows\system32\bits
2008-12-10 08:35 . 2008-12-10 08:35 <DIR> d-------- c:\windows\l2schemas
2008-12-10 08:31 . 2008-12-10 08:35 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-10 07:31 . 2008-04-14 11:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-12-10 07:30 . 2008-04-14 11:11 397,312 --------- c:\windows\system32\mmcex.dll
2008-12-10 07:30 . 2008-04-14 11:11 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll
2008-12-10 07:30 . 2008-04-14 11:11 106,496 --------- c:\windows\system32\mmcfxcommon.dll
2008-12-10 07:30 . 2008-04-14 11:11 61,440 --------- c:\windows\system32\kmsvc.dll
2008-12-10 07:30 . 2008-04-14 11:11 37,376 --------- c:\windows\system32\l2gpstore.dll
2008-12-10 07:30 . 2008-04-14 11:12 33,792 --------- c:\windows\system32\mmcperf.exe
2008-12-10 07:30 . 2008-04-14 11:09 6,144 --------- c:\windows\system32\kbdpash.dll
2008-12-10 07:30 . 2008-04-14 11:09 6,144 --------- c:\windows\system32\kbdnepr.dll
2008-12-10 07:28 . 2008-04-14 11:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-12-10 06:47 . 2008-12-10 06:47 <DIR> d-------- c:\program files\Windows Defender
2008-12-09 09:40 . 2008-12-09 09:40 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-09 09:38 . 2008-12-09 09:39 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-09 09:38 . 2008-12-09 09:39 <DIR> d-------- C:\db3e0b543d6345ef8927e1fc
2008-12-09 09:37 . 2008-12-09 09:38 <DIR> d-------- C:\689900305e87959c74
2008-12-09 09:01 . 2008-12-09 09:01 <DIR> d-------- c:\program files\Apple Software Update
2008-12-09 08:59 . 2008-12-09 08:59 <DIR> d-------- c:\program files\iPod
2008-12-09 08:58 . 2008-12-09 08:59 <DIR> d-------- c:\program files\iTunes
2008-12-09 08:58 . 2008-12-09 08:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 08:56 . 2008-12-09 08:56 <DIR> d-------- c:\program files\Bonjour
2008-12-09 08:43 . 2009-01-02 09:20 <DIR> d--hs---- c:\documents and settings\NetworkService\Temporary Internet Files
2008-12-09 08:43 . 2008-12-09 08:43 <DIR> d--hs---- c:\documents and settings\NetworkService\History
2008-12-08 23:53 . 2008-12-08 23:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 23:53 . 2008-12-08 23:52 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 07:37 --------- d-----w c:\documents and settings\mike\Application Data\HP
2009-01-01 22:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 23:19 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-30 14:10 --------- d-----w c:\documents and settings\mike\Application Data\skypePM
2008-12-26 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 03:26 --------- d-----w c:\program files\Java
2008-12-18 14:24 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 11:54 --------- d-----w c:\program files\Microsoft Works
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 13:27 --------- d-----w c:\program files\Hewlett-Packard
2008-12-08 21:59 --------- d-----w c:\program files\Common Files\Apple
2008-12-08 21:56 --------- d-----w c:\program files\QuickTime
2008-12-07 22:12 --------- d-----w c:\program files\Google
2008-11-23 03:11 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-11-19 10:07 --------- d-----w c:\program files\Applications
2008-11-16 13:34 --------- d-----w c:\program files\Spyware Doctor
2008-11-16 13:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-16 13:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-16 13:25 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-16 12:03 --------- d-----w c:\program files\AVG
2008-11-16 09:41 165 ----a-w c:\documents and settings\All Users\Application Data\service.dat
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 03:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-01-18 08:30 408 ----a-w c:\documents and settings\mike\Application Data\wklnhst.dat
2006-10-02 15:43 2,402,550 ----a-w c:\windows\inf\SET237.tmp
2004-08-04 21:00 1,431,144 ----a-w c:\windows\inf\SET2A7.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_ 9.14.17.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
- 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
- 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
- 2007-08-08 01:25:10 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-12-31 04:02:59 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2007-08-08 01:25:35 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-12-31 04:03:06 4,174,336 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2007-08-08 01:25:36 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-12-31 04:03:05 346,624 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2007-08-08 01:25:10 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-12-31 04:02:59 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2007-08-08 01:25:34 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-12-31 04:02:56 602,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2007-08-08 01:25:34 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-12-31 04:03:08 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2007-08-08 01:25:36 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-12-31 04:03:03 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2007-08-08 01:25:36 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-12-31 04:03:03 131,072 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2007-08-08 01:25:36 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-12-31 04:03:03 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2007-08-08 01:25:36 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-12-31 04:03:03 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2007-08-08 01:25:35 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-12-31 04:03:02 5,210,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2007-08-08 01:25:35 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-12-31 04:03:02 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2007-08-08 01:25:36 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-12-31 04:03:06 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2007-08-08 01:25:10 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-12-31 04:03:00 102,400 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2007-08-08 01:25:10 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-12-31 04:03:10 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2007-08-08 01:25:10 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-12-31 04:03:10 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2007-08-08 01:25:10 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-12-31 04:02:59 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2007-08-08 01:25:10 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-12-31 04:02:59 929,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2007-08-08 01:25:12 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-12-31 04:02:57 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2007-08-08 01:25:12 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-12-31 04:02:57 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2007-08-08 01:25:11 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-12-31 04:02:58 5,971,968 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2007-08-08 01:25:36 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-12-31 04:02:56 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2007-08-08 01:28:53 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-12-31 04:03:09 1,152,040 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2007-08-08 01:28:53 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-12-31 04:03:09 1,635,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2007-08-08 01:28:53 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-12-31 04:03:09 578,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2007-08-08 01:25:36 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-12-31 04:02:56 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2007-08-08 01:25:36 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-12-31 04:02:56 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2007-08-08 01:25:35 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-12-31 04:03:05 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2007-08-08 01:25:35 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-12-31 04:03:05 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2007-08-08 01:25:34 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-12-31 04:03:05 1,204,224 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2007-08-08 01:25:36 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-12-31 04:02:56 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-12-31 04:46:43 503,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
+ 2008-12-31 04:46:49 1,232,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850\Microsoft.Transactions.Bridge.ni.dll
+ 2008-12-31 04:46:52 401,408 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-12-31 04:47:13 1,581,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll
+ 2008-12-31 04:06:28 40,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll
+ 2008-12-31 04:06:13 12,570,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll
+ 2008-12-31 04:05:07 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
+ 2008-12-31 04:08:20 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll
+ 2008-12-31 04:08:26 552,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll
+ 2008-12-31 04:07:35 15,036,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll
+ 2008-12-31 04:08:28 274,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll
+ 2008-12-31 04:08:23 245,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll
+ 2008-12-31 04:08:07 2,035,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll
+ 2008-12-31 04:08:14 2,416,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll
+ 2008-12-31 04:46:54 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
+ 2008-12-31 04:46:55 299,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e\SMDiagnostics.ni.dll
+ 2008-12-31 04:46:57 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
+ 2008-12-31 04:45:17 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6\System.IdentityModel.Selectors.ni.dll
+ 2008-12-31 04:45:14 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3\System.IdentityModel.ni.dll
+ 2008-12-31 04:45:20 417,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e\System.IO.Log.ni.dll
+ 2008-12-31 04:08:18 1,134,592 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2008-12-31 04:45:29 2,445,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23\System.Runtime.Serialization.ni.dll
+ 2008-12-31 04:46:28 18,071,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba\System.ServiceModel.ni.dll
+ 2008-12-31 04:47:50 2,039,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll
+ 2008-12-31 04:48:11 3,084,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll
+ 2008-12-31 04:48:22 4,579,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0\System.Workflow.ComponentModel.ni.dll
+ 2008-12-31 04:48:30 2,088,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378\System.Workflow.Runtime.ni.dll
+ 2008-12-31 04:48:35 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806\UIAutomationClient.ni.dll
+ 2008-12-31 04:48:38 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99\UIAutomationClientsideProviders.ni.dll
+ 2008-12-31 04:06:26 50,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519\UIAutomationProvider.ni.dll
+ 2008-12-31 04:06:27 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122\UIAutomationTypes.ni.dll
+ 2008-12-31 04:05:33 3,395,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86\WindowsBase.ni.dll
+ 2008-12-31 04:48:45 270,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9\WindowsFormsIntegration.ni.dll
+ 2008-12-31 04:46:58 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
+ 2005-10-20 01:02:28 163,328 ----a-w c:\windows\ERDNT\9-01-2009\ERDNT.EXE
+ 2008-04-14 00:11:48 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2008-04-14 00:11:48 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2008-04-14 00:11:51 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-04-14 00:11:52 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-04-14 00:11:53 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 00:12:22 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2004-08-04 21:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2008-04-14 00:11:54 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-14 00:11:54 251,904 -c--a-w c:\windows\ie7\iepeers.dll
+ 2008-04-14 00:11:54 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2008-04-14 00:11:54 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2008-04-14 00:12:22 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-14 00:11:54 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-04-14 00:11:55 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2008-04-14 00:11:56 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2008-04-14 00:11:56 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2008-04-14 00:12:27 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-04-14 00:11:59 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2004-08-04 21:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-04-14 00:12:00 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-04-14 00:12:00 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2008-04-14 00:12:02 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-04-14 00:12:02 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 07:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 07:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 06:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 06:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\ie7\urlmon.dll
+ 2008-04-14 00:12:08 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2008-04-14 00:12:08 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 07:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 07:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 07:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll.000
+ 2007-08-13 07:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 07:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll.000
+ 2007-08-13 07:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 07:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll.000
+ 2007-08-13 07:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 07:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll.000
+ 2007-08-13 07:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 07:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 07:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe.000
+ 2007-08-13 07:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 07:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll.000
+ 2007-08-13 07:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 07:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll.000
+ 2007-08-13 06:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-08-13 06:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll.000
+ 2007-02-12 05:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 01:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 07:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 07:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll.000
+ 2007-08-13 07:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 07:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 07:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll.000
+ 2007-08-13 07:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 07:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 07:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 07:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe.000
+ 2007-08-13 07:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 07:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll.000
+ 2007-08-13 07:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 07:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 07:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 07:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 07:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll.000
+ 2007-08-13 07:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 07:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll.000
+ 2007-08-13 07:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 07:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll.000
+ 2007-08-13 07:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 07:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll.000
+ 2007-08-13 07:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-08-13 07:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:34 22,752 -c----w c:\windows\ie7updates\KB956390-IE7\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w c:\windows\ie7updates\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:59 716,000 -c----w c:\windows\ie7updates\KB956390-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\updspapi.dll
+ 2007-08-13 07:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 07:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll.000
+ 2007-08-13 07:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 07:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 07:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll.000
+ 2007-08-13 07:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll.000
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll.000
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll.000
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll.000
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll.000
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll.000
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe.000
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll.000
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll.000
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll.000
+ 2008-08-27 02:54:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-27 02:54:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll.000
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll.000
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll.000
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll.000
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll.000
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll.000
+ 2008-10-16 15:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2006-10-29 17:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2007-10-10 22:55:14 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- 2006-10-29 17:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-10 22:55:10 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- 2006-10-29 17:34:00 352,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2007-10-10 22:55:12 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
- 2006-10-29 17:34:00 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-10 22:55:12 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
- 2006-10-29 17:34:02 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2007-10-10 22:55:14 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
- 2006-10-29 17:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2007-10-10 22:55:14 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- 2006-10-29 17:34:02 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2007-10-10 22:55:14 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
- 2006-10-29 17:34:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2007-10-10 22:55:14 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
- 2006-10-29 17:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2007-10-10 22:55:14 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- 2006-10-29 17:34:02 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2007-10-10 22:55:14 929,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2006-10-29 17:34:02 5,623,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2007-10-10 22:55:14 5,971,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2006-10-29 17:34:00 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2007-10-10 22:55:14 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
- 2006-10-29 17:34:00 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2007-10-10 22:55:14 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2006-10-29 17:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2007-10-10 22:55:14 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- 2006-07-25 11:32:00 14,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2007-10-05 16:18:12 16,936 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
- 2006-10-20 11:29:46 72,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2007-10-09 02:03:00 76,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
- 2006-10-20 11:21:24 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2007-10-09 01:58:12 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
- 2006-10-20 11:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2007-10-09 01:58:12 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2006-10-20 11:29:52 106,272 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2007-10-09 02:03:08 121,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
- 2006-10-20 11:21:26 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2007-10-09 01:58:14 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
- 2006-10-20 11:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2007-10-09 01:58:20 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2008-04-14 00:11:48 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 07:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2008-04-14 00:11:48 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2007-08-13 07:39:20 71,680 ------w c:\windows\system32\dllcache\admparse.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2006-09-23 02:12:50 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
+ 2007-08-13 07:42:54 17,408 ------w c:\windows\system32\dllcache\corpol.dll
- 2008-04-14 00:11:51 33,792 ----a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 07:54:10 33,792 ----a-w c:\windows\system32\dllcache\custsat.dll
+ 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 07:18:02 60,416 ------w c:\windows\system32\dllcache\hmmapi.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 07:44:02 69,120 ------w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 07:45:18 78,336 ------w c:\windows\system32\dllcache\ieencode.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2007-08-13 07:54:10 191,488 ------w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 07:39:12 55,296 ------w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 07:36:06 36,352 ------w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 07:39:02 92,672 ------w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 07:44:18 40,960 ------w c:\windows\system32\dllcache\licmgr10.dll
- 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 07:32:30 45,568 ------w c:\windows\system32\dllcache\mshta.exe
+ 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 07:01:12 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 07:54:10 156,160 ------w c:\windows\system32\dllcache\msls31.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
+ 2006-09-23 02:12:50 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-10-16 01:00:11 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-27 17:23:58 765,952 ------w c:\windows\system32\dllcache\vgx.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 01:00:11 666,112 ------w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ------w c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 00:11:52 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-04-14 00:11:52 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2006-10-20 11:29:46 69,408 ----a-w c:\windows\system32\dxva2.dll
+ 2007-10-09 02:03:00 73,752 ----a-w c:\windows\system32\dxva2.dll
- 2006-10-20 11:30:00 478,496 ----a-w c:\windows\system32\evr.dll
+ 2007-10-09 02:03:12 493,080 ----a-w c:\windows\system32\evr.dll
- 2008-04-14 00:11:53 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-12-09 21:51:52 381,632 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-31 04:12:23 381,632 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2006-10-29 17:33:58 556,296 ----a-w c:\windows\system32\icardagt.exe
+ 2007-10-10 22:55:10 579,584 ----a-w c:\windows\system32\icardagt.exe
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2006-10-29 17:33:58 9,480 ----a-w c:\windows\system32\icardres.dll
+ 2007-10-10 22:55:10 11,776 ----a-w c:\windows\system32\icardres.dll
- 2008-04-14 00:12:22 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-04-14 00:11:54 143,360 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-04-14 00:11:54 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
- 2004-08-04 21:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-14 00:11:54 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-14 00:11:54 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 07:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2008-04-14 00:11:54 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-14 00:11:54 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 07:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 07:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2008-04-14 00:11:54 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 07:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2006-10-29 17:33:58 83,968 ----a-w c:\windows\system32\infocardapi.dll
+ 2007-10-10 22:55:10 88,576 ----a-w c:\windows\system32\infocardapi.dll
- 2008-04-14 00:11:55 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 07:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2008-04-14 00:11:56 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2008-04-14 00:11:56 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 07:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
- 2006-10-20 11:30:06 1,980,704 ----a-w c:\windows\system32\milcore.dll
+ 2007-10-09 02:03:14 1,986,072 ----a-w c:\windows\system32\milcore.dll
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 04:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 07:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2008-04-14 00:12:27 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 07:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-14 00:11:59 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-04-13 16:26:26 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 07:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2004-08-04 21:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 07:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-04-14 00:12:00 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
- 2008-04-14 00:12:00 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
- 2008-04-14 00:12:02 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
- 2008-04-14 00:12:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2006-10-20 11:29:52 104,224 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2007-10-09 02:03:04 106,520 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
- 2006-10-20 11:29:58 344,352 ----a-w c:\windows\system32\PresentationHost.exe
+ 2007-10-09 02:03:08 350,744 ----a-w c:\windows\system32\PresentationHost.exe
- 2006-10-20 11:29:46 20,768 ----a-w c:\windows\system32\PresentationHostProxy.dll
+ 2007-10-09 02:03:02 33,304 ----a-w c:\windows\system32\PresentationHostProxy.dll
- 2006-10-20 11:30:02 769,312 ----a-w c:\windows\system32\PresentationNative_v0300.dll
+ 2007-10-09 02:03:12 779,800 ----a-w c:\windows\system32\PresentationNative_v0300.dll
+ 2007-10-09 01:58:20 16,896 ----a-w c:\windows\system32\tswpfwrp.exe
- 2006-10-20 11:29:54 159,008 ----a-w c:\windows\system32\UIAutomationCore.dll
+ 2007-10-09 02:03:08 161,304 ----a-w c:\windows\system32\UIAutomationCore.dll
- 2008-04-14 00:12:08 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-14 00:12:08 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 07:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-20 11:29:54 304,928 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-10-09 02:03:08 308,760 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-01-08 12:36:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_98.dat
+ 2009-01-08 12:36:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_dc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-22 7561216]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\mike\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-25 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-21 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-21 20560]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Flash1;Flash1;c:\swsetup\SP38062\winphlash\FLASH1.sys [2006-03-01 3456]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-09-15 428160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cbd2ba0-7738-11dd-8749-0016d3059666}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://au.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
mSearchURL = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\sif5mkh6.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 08:13:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\System32\dimsntfy.dll
.
Completion time: 2009-01-09 8:17:19
ComboFix-quarantined-files.txt 2009-01-08 21:17:16
ComboFix2.txt 2008-12-30 22:16:46

Pre-Run: 29,530,161,152 bytes free
Post-Run: 29,514,719,232 bytes free

673 --- E O F --- 2009-01-06 12:22:20


================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:59 AM, on 9/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presario&pf=laptop
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8912 bytes

===================================================================

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner (remove only)
Conexant HD Audio
Customer Experience Enhancement
ERUNT 1.1j
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP DVD Play 2.1
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Product Detection
HP Quick Launch Buttons 6.00 G2
HP Update
HP User Guides 0027
HP Wireless Assistant 2.00 E1
iTunes
Java(TM) 6 Update 11
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Miro
MobileMe Control Panel
Mozilla Firefox (3.0.5)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.5
NVIDIA Drivers
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
SmartAudio
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Spybot - Search & Destroy
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Defender
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
amash
Regular Member
 
Posts: 24
Joined: December 12th, 2008, 6:06 pm
Advertisement
Register to Remove

Re: start up very slow and now, no startup bar and desktop icons

Unread postby John B. » January 9th, 2009, 3:09 am

Hi,

Please make sure this file is deleted:
c:\windows\SYSTEM32\wdmaud.sys
If it is not, you can delete it.

I may not have time to go through all the logs today, but can you please let me know how your computer is running in the meantime. How about your initial problem(s)? Also tell about any other computer-related problems you have.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: start up very slow and now, no startup bar and desktop icons

Unread postby amash » January 9th, 2009, 10:57 am

things seemed to be fine now john, but i can't delete the fileas you asked.
it says it is in use or write protected.

also when i start up, before windows starts, a page appears for a few seconds asking which mode i want to start. must be something to to with combofix???

do you see any other problems in those logs?


regards,
amir
amash
Regular Member
 
Posts: 24
Joined: December 12th, 2008, 6:06 pm

Re: start up very slow and now, no startup bar and desktop icons

Unread postby John B. » January 10th, 2009, 10:31 am

Hi Amir,

also when i start up, before windows starts, a page appears for a few seconds asking which mode i want to start. must be something to to with combofix???

Yes, this is because of the Recovery Console that was installed. Due to the threat that current and future malware poses it is vital that you have some form of Recovery Console. It can be the difference between saving all your files and having an expensive doorstop. If you do not want this on startup it means that you would not have the Recovery Console anymore and if your system becomes unbootable you will not be able to get to your file. Let me know if you want to take this risk, I know how to deactivate the RC.

Step 1: Disable Windows Defender
Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Click Save
  • Close Windows Defender
  • Reboot your machine for the changes to take effect.
Once we are done you can re-enable Windows Defender Real Time Protection.

Step 2: Remove HijackThis entry
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside the item listed below (if present):

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE << Note: This one is optional. If you do not want ERUNT to make a registry backup at every boot, you can delete this line. Otherwise, keep it.


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 3: Download and Run OTMoveIt3
Download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :Files
    c:\windows\SYSTEM32\wdmaud.sys
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Step 4: Post logs
Please post the following logs in a reply to this topic:
  • Let me know if you want to keep the Recovery Console as a safety net or not
  • New HijackThis log
  • OTMoveIt3 log

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: start up very slow and now, no startup bar and desktop icons

Unread postby amash » January 13th, 2009, 7:58 am

John,

I will keep the RC option. Thanks for the explanation.

The OTMoveIt3 couldn't find the file:

========== FILES ==========
File/Folder c:\windows\SYSTEM32\wdmaud.sys not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_225615


====================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:49 PM, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mike\Desktop\OTMoveIt3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presario&pf=laptop
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8868 bytes
amash
Regular Member
 
Posts: 24
Joined: December 12th, 2008, 6:06 pm

Re: start up very slow and now, no startup bar and desktop icons

Unread postby John B. » January 13th, 2009, 3:23 pm

Hi,

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, I got some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional (beginning with Spybot S &D).

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:
  • Uninstall tools - The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
    • Go to Start
    • Click on Run
    • Type ComboFix /u (Note: This command is case sensitive.)
    After doing that with ComboFix, do this with OTMoveIt to remove the tools not removed by ComboFix.
    • Start OTMoveIt.exe
    • Click on CleanUp!
    • A list of tools will be downloaded from the internet
    • When a box pops up click Yes
    You may delete any logs left on the desktop.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download it here:
    SpywareBlaster
  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.
  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
  • Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox << Most used, I use this one myself.
    Opera
  • Bookmark general cleanup link - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly, check (so now bookmark) this link for tips & tricks:
    What to do if your Computer's running slowly
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions here:
http://images.malwarecomplaints.info/We ... general=on

>> Here << you can see how you can help us.

May your God go with you..

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: start up very slow and now, no startup bar and desktop icons

Unread postby amash » January 17th, 2009, 5:54 am

hey john,

thanks for that but, i keep getting redirected to page load error; something to do with www.googleadservices.com, on firefox- when i do a search and then click the sponsor banner on google search results page.

is this to do with the host files? was this for internet explorer only or also for firefox? i am only wanting to use firefox from now on.

what about all the little programs i downloaded and installed, like: gmer, gooredfix, dirlook, javara, erunt etc... do i leave them in my system?

also, do i now enable all my anti spyware and anti virus real time protection options?

cheers,

amir
amash
Regular Member
 
Posts: 24
Joined: December 12th, 2008, 6:06 pm

Re: start up very slow and now, no startup bar and desktop icons

Unread postby John B. » January 17th, 2009, 10:12 am

Hi,

thanks for that but, i keep getting redirected to page load error; something to do with www.googleadservices.com, on firefox- when i do a search and then click the sponsor banner on google search results page.

is this to do with the host files? was this for internet explorer only or also for firefox? i am only wanting to use firefox from now on.

I don't understand what you are saying here. Do you get redirects with Internet Explorer or with Firefox? Do you only get the redirects when Googling? Please tell me what you are exactly doing, because I cannot help you when you are unclear.

Did this just start happening? You did not tell me last time when I asked if you had anymore problems..

what about all the little programs i downloaded and installed, like: gmer, gooredfix, dirlook, javara, erunt etc... do i leave them in my system?

To uninstall GooredFix, click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
Instructions to remove other tools like Gmer and ComboFix was in my last speech. It is after the first blue header. Tools like JavaRa and Erunt you can keep on your system, but you can also get rid of them. They are not dangerous. To remove JavaRa you can just remove the folder and ERUNT can be uninstalled through Add/Remove programs.

also, do i now enable all my anti spyware and anti virus real time protection options?

Yes, you are all clean. But do that after you uninstalled all the tools you need/want to uninstall.

Please let me know.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: start up very slow and now, no startup bar and desktop icons

Unread postby amash » January 17th, 2009, 4:29 pm

John,

Sorry it's hard to explain. When I do a search in google, the first one or two results are the yellow coloured banner "sponsor links" on top of the page or the sponsored links on the right side of the google page -when i click on these links i get redirected:
===================================================================
Failed to Connect


The connection was refused when attempting to contact www.googleadservices.com.



Though the site seems valid, the browser was unable to establish a connection.


* Could the site be temporarily unavailable? Try again later.


* Are you unable to browse other sites? Check the computer's network connection.


* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.


==================================================================

The above is what I get. It doesnt happen with all the "sponsor link" banners but it does happen.
amash
Regular Member
 
Posts: 24
Joined: December 12th, 2008, 6:06 pm

Re: start up very slow and now, no startup bar and desktop icons

Unread postby John B. » January 18th, 2009, 7:49 am

Hi,

Explanation is much better already :D Thanks.

Let's see if the problem is in your hosts file. Do you only have this problem with Internet Explorer?
  • Click on Start
  • Click on Run
  • Copy and paste from the list below the correct one for your operating system. Be sure and include the word notepad
    • For XP & Vista:
      notepad C:\WINDOWS\system32\drivers\etc\hosts
    • For 2k:
      notepad C:\WINNT\SYSTEM32\DRIVERS\ETC\hosts
    • For 98 & ME:
      notepad C:\WINDOWS\hosts
  • Click OK, notepad will then open with your host file
  • Press Ctrl + F and then enter googleadservices
  • Click Find next and if it finds something post that here.
  • If it finds something you can click Find next another time, because another line with googleadservices may be found.

Post all lines found with that word.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: start up very slow and now, no startup bar and desktop icons

Unread postby amash » January 22nd, 2009, 9:15 pm

John,

I hope I'm not posting this too late...

Here is what I found in Hosts as you directed me:


127.0.0.1 4.afs.googleadservices.com

127.0.0.1 feedads.googleadservices.com

127.0.0.1 imageads.googleadservices.com #[Ewido.TrackingCookie.Googleadservices]

127.0.0.1 partner.googleadservices.com

127.0.0.1 www.googleadservices.com
amash
Regular Member
 
Posts: 24
Joined: December 12th, 2008, 6:06 pm

Re: start up very slow and now, no startup bar and desktop icons

Unread postby John B. » January 23rd, 2009, 2:46 pm

Hi,

Nearly too late. Just let me know immediately if you know/think you cannot reply within 5 days.

Please open your hosts file and delete this line (by using backspace):

Then save it like normally and test if you still have the problem.

If it is not solved, delete the other lines with googleadservices as well and test again.

Also reboot and see if you still have the problem/do not have the problem.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: start up very slow and now, no startup bar and desktop icons

Unread postby amash » January 24th, 2009, 4:51 pm

john,

that seemed to work. however, there are other search results that do the same.

so will this keep happening? should i continue to delete those entries in host files?

Below is another search result failure:


Failed to Connect


The connection was refused when attempting to contact clickserve.dartsearch.net.



Though the site seems valid, the browser was unable to establish a connection.


* Could the site be temporarily unavailable? Try again later.


* Are you unable to browse other sites? Check the computer's network connection.


* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.
amash
Regular Member
 
Posts: 24
Joined: December 12th, 2008, 6:06 pm

Re: start up very slow and now, no startup bar and desktop icons

Unread postby John B. » January 25th, 2009, 10:36 am

Hi,

Spybot - Search and Destroy has a function that can block bad sites. It does this by modifying the hosts file. You can check if you have that function enabled and if so, you can disable to see if that works.

If you still have those failed connections, open your hosts file again and completely empty it apart from the lines with # at the start (totally at the top) and one entry which is '127.0.0.1 localhost' (without quotation things).

Please note that both methods make your security a little less, but if you feel that these failed connections bother you, there is nothing different you can do apart from this and manually editing out the ones that you want to connect to.

Please let me know.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: start up very slow and now, no startup bar and desktop icons

Unread postby NonSuch » January 30th, 2009, 2:31 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware