Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Infections; Bad Computer, No Biscuit!


  • This topic is locked This topic is locked
4 replies to this topic

#1 xiard

xiard

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 28 December 2007 - 04:04 PM

I've been going through the initial forum post requirements for several days now. In addition to those requirements, I'm also running Norton Antivirus with current virus definitions.

I believe I'm now ready to post my logs. Things are vastly improved over the original situation. As I saw in other posts, administrative access was disabled, so I couldn't run Control Panel, Task Manager, Windows Update, etc. I now can do all of that. I also had something called EliteProtector coming up, and that appears to be gone now. During my last scans, NAV found two more problems:

Norton AntiVirus has detected... c:\qoobox\quaran~1\c\d...\bot.dll. Backdoor.Trojan. The file was automatically deleted.
Norton AntiVirus has detected... c:\windows\system32\shovth.exe. Win32.SillyFDC. The file was automatically deleted.

So I don't think I'm completely out of the woods yet. I have run both HijackThis and ComboFix. Both logs follow:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:15 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Lifeguard\Scheduler daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Lifeguard scheduler.lnk = C:\Program Files\Lifeguard\Scheduler daemon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140556443055
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147538403140
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE06704A-68E6-4113-8F07-7CD244D7A14A}: NameServer = 207.69.188.185 207.69.188.186
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 9475 bytes

And here is the ComboFix log:

ComboFix 07-12-21.4 - Gene 2007-12-28 13:56:55.3 - NTFSx86
Running from: C:\Documents and Settings\Gene\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\config\systemprofile\Application Data\antivirus.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 13:55 . 2007-12-28 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-28 13:46 . 2007-12-28 13:46 <DIR> d-------- C:\Program Files\Sygate
2007-12-28 13:46 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-12-28 13:46 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-12-28 13:46 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-12-28 13:46 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-12-28 13:46 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-12-28 13:46 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-12-28 13:46 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-27 15:48 . 2007-12-28 11:16 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-25 21:27 . 2007-12-25 21:27 93 -r-hs---- C:\autorun.inf
2007-12-25 11:18 . 2007-12-25 11:18 <DIR> d-------- C:\Program Files\SysInternals
2007-12-25 11:18 . 2007-12-28 13:46 <DIR> d-------- C:\installs
2007-12-25 08:53 . 2007-12-25 08:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-25 08:53 . 2007-12-25 08:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-25 08:52 . 2007-12-27 17:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 19:00 . 2007-12-24 19:00 142,848 --a------ C:\WINDOWS\system32\drivers\Iibt52.sys
2007-12-24 18:16 . 2007-12-24 18:16 142,848 --a------ C:\WINDOWS\system32\drivers\Npv55.sys
2007-12-24 18:13 . 2007-12-27 17:22 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-24 18:11 . 2007-12-24 18:11 2,552 --a------ C:\autorun.PNF
2007-12-24 14:29 . 2007-12-24 14:29 29 --a------ C:\WINDOWS\system32\sqeuwaod.tmp
2007-12-24 14:28 . 2007-12-24 14:28 0 --a------ C:\WINDOWS\wsystmp_ajb.exe
2007-12-24 09:14 . 2007-12-24 09:14 <DIR> d-------- C:\Program Files\EliteProtector
2007-12-18 16:43 . 2007-12-20 19:05 23,821 --a------ C:\WINDOWS\ntfyapp.config
2007-12-18 16:42 . 2007-12-18 16:42 53,248 --a------ C:\WINDOWS\system32\oleauth32.dll
2007-12-18 16:41 . 2007-12-18 16:41 29,184 --a------ C:\WINDOWS\windisk.exe
2007-12-18 16:29 . 2007-12-18 16:29 15,872 --a------ C:\WINDOWS\windisk.dll
2007-12-16 16:08 . 2007-12-27 17:11 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-16 15:32 . 2007-12-16 15:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-12 19:38 . 2007-12-27 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 22:27 --------- d-----w C:\Program Files\Windows Defender
2007-12-27 22:23 --------- d-----w C:\Program Files\SymNetDrv
2007-12-27 22:23 --------- d-----w C:\Program Files\Symantec
2007-12-27 22:22 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-27 22:21 --------- d-----w C:\Program Files\Microsoft Works
2007-12-27 22:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-27 22:19 --------- d-----w C:\Program Files\Lifeguard
2007-12-27 22:19 --------- d-----w C:\Program Files\ItsDeductible2006
2007-12-27 22:16 --------- d-----w C:\Program Files\EarthLink TotalAccess
2007-12-27 22:15 --------- d-----w C:\Program Files\EarthLink Setup
2007-12-27 22:14 --------- d-----w C:\Program Files\DellSupport
2007-12-27 22:14 --------- d-----w C:\Program Files\Common Files\WexTech Shared
2007-12-27 22:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 22:11 --------- d-----w C:\Program Files\Common Files\EarthLink
2007-12-24 23:21 242,176 ----a-w C:\WINDOWS\Media\F7777warxy77.dll
2007-12-16 21:09 --------- d-----w C:\Documents and Settings\Gene\Application Data\Intuit
2007-12-16 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 20:46 --------- d-----w C:\Program Files\TurboTax
2007-11-25 19:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-22 23:58 1,721,712 ------w C:\WINDOWS\system32\InetClnt.dll
2007-10-14 13:02 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-25_21.28.54.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-16 20:55:41 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-12-26 16:23:19 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-12-16 20:55:57 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2007-12-26 16:23:35 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-12-16 20:55:58 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2007-12-26 16:23:37 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-12-16 20:55:59 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-12-26 16:23:41 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-12-16 20:55:51 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2007-12-26 16:23:29 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-12-16 20:55:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-12-26 16:23:12 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-12-16 20:55:34 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2007-12-26 16:23:12 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-12-16 20:56:18 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2007-12-26 16:23:52 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-12-16 20:55:47 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-26 16:23:24 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-12-16 20:55:40 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2007-12-26 16:23:18 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-12-16 20:55:33 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2007-12-26 16:23:11 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-12-16 20:55:36 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2007-12-26 16:23:13 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-12-16 20:55:54 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-12-26 16:23:32 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-12-16 20:55:55 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-12-26 16:23:33 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-12-16 20:55:55 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2007-12-26 16:23:34 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-12-16 20:55:37 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2007-12-26 16:23:16 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-12-16 20:55:38 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2007-12-26 16:23:16 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-12-16 20:55:39 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2007-12-26 16:23:16 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-12-16 20:55:40 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2007-12-26 16:23:17 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-12-16 20:55:37 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-12-26 16:23:14 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-12-16 20:56:24 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-12-26 16:23:55 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-12-16 20:56:23 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2007-12-26 16:23:54 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-12-16 20:55:29 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2007-12-26 16:23:09 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-12-16 20:56:22 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-12-26 16:23:54 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-12-16 20:56:25 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2007-12-26 16:23:55 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-12-16 20:55:32 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-12-26 16:23:11 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-12-16 20:55:31 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2007-12-26 16:23:10 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-12-16 20:55:32 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2007-12-26 16:23:10 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-12-16 20:56:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2007-12-26 16:23:47 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-12-16 20:55:42 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2007-12-26 16:23:20 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-12-16 20:56:09 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2007-12-26 16:23:48 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-12-16 20:56:02 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2007-12-26 16:23:43 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-12-16 20:55:36 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2007-12-26 16:23:13 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-12-16 20:55:53 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-12-26 16:23:31 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-12-16 20:55:44 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2007-12-26 16:23:21 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-12-16 20:55:43 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-12-26 16:23:20 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-12-16 20:55:44 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2007-12-26 16:23:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-12-16 20:56:15 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-12-26 16:23:51 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-12-16 20:56:04 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-12-26 16:23:44 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-12-16 20:56:16 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-12-26 16:23:52 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-12-16 20:56:05 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-12-26 16:23:45 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-12-16 20:56:07 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-12-26 16:23:46 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-12-16 20:55:41 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-12-26 16:23:19 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-12-16 20:55:45 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-12-26 16:23:22 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-12-16 20:56:20 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-12-26 16:23:53 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-12-16 20:55:47 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-12-26 16:23:25 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-12-16 20:55:48 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-12-26 16:23:26 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-12-16 20:55:49 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-12-26 16:23:27 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-12-16 20:55:50 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2007-12-26 16:23:28 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-12-16 20:56:13 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-12-26 16:23:50 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-12-26 16:29:13 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\336500aebc65f9017ad573a8283c9d26\Accessibility.ni.dll
+ 2007-12-26 16:29:14 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\416f9b70f44ffe1c65c6f22c853716f0\AspNetMMCExt.ni.dll
+ 2007-12-26 16:29:15 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7a68a5cd4ee29d02a5ec851bdf0e594a\CustomMarshalers.ni.dll
+ 2007-12-26 16:29:14 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\4e6001d9eaaa4e23941b8ecdf5322adb\dfsvc.ni.exe
+ 2007-12-26 16:29:16 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\92020fe42ae045c1cbb8a71f6024c353\Microsoft.Build.Engine.ni.dll
+ 2007-12-26 16:29:17 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\ea8e1240b0088a9927bb8feee120d44b\Microsoft.Build.Framework.ni.dll
+ 2007-12-26 16:29:20 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6f133343f9c883875013d4a5d0a07cac\Microsoft.Build.Tasks.ni.dll
+ 2007-12-26 16:29:21 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d3b13bd60ed3dddbc1943a3097a61564\Microsoft.Build.Utilities.ni.dll
+ 2007-12-26 16:29:24 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3a3f4f4773e09ec7893a2ec4ede4e9a0\Microsoft.VisualBasic.ni.dll
+ 2007-12-26 16:26:06 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\1256dff4d72a62adc756eaadf69028d5\mscorlib.ni.dll
+ 2007-12-26 16:29:26 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\11fde472bc9c69a0805589db64cd9fe6\System.Configuration.ni.dll
+ 2007-12-26 16:26:51 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\aa965b575f2a318e4020a7a59df869f3\System.Data.ni.dll
+ 2007-12-26 16:29:28 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\e7f12b555ff38567874875339322f63d\System.Deployment.ni.dll
+ 2007-12-26 16:27:12 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\17505a7950a00928752a9be04e527ac8\System.Design.ni.dll
+ 2007-12-26 16:29:32 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\17cc6a1447aef082f66a960b29bb2587\System.DirectoryServices.Protocols.ni.dll
+ 2007-12-26 16:29:31 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\27e79ec7a891ca61297cb0b39e88bde5\System.DirectoryServices.ni.dll
+ 2007-12-26 16:27:16 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8de3192e8c6305fbf37e0df47e45556d\System.Drawing.Design.ni.dll
+ 2007-12-26 16:27:15 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\1143cc5b71b79d28049ab32a79e2d7eb\System.Drawing.ni.dll
+ 2007-12-26 16:29:34 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ad8337c6182c568df3431583392aedba\System.EnterpriseServices.ni.dll
+ 2007-12-26 16:29:34 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ad8337c6182c568df3431583392aedba\System.EnterpriseServices.Wrapper.dll
+ 2007-12-26 16:29:36 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\feefef20675ada2a19955dc788350720\System.Security.ni.dll
+ 2007-12-26 16:29:37 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\201f0ab65b363b8a3faf55a4f3a2a903\System.Transactions.ni.dll
+ 2007-12-26 16:30:09 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\1337ba3b56cee7530e9278a08ecd813c\System.Web.Mobile.ni.dll
+ 2007-12-26 16:30:10 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\1bce3ef136749f92ff639e71099114fd\System.Web.RegularExpressions.ni.dll
+ 2007-12-26 16:30:13 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59c6f3ff9f4ba2c046fdb9b753e52a1c\System.Web.Services.ni.dll
+ 2007-12-26 16:30:04 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1e6b3b9bc5151d2947e4d613514ff7e5\System.Web.ni.dll
+ 2007-12-26 16:27:40 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\52380e1292e48c7f81d8233bda4209ef\System.Windows.Forms.ni.dll
+ 2007-12-26 16:27:52 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\cfeb6294dc2a0ac6119d1a8dc03e30dd\System.Xml.ni.dll
+ 2007-12-26 16:26:36 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\a2b2b1b4f90112d7fcb0fc724ca524d1\System.ni.dll
+ 2007-12-27 20:49:16 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-12-27 20:49:19 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-12-27 20:49:24 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-12-27 20:50:51 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-12-27 20:51:23 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-12-27 20:49:33 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-12-28 18:46:40 4,608 ----a-r C:\WINDOWS\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
- 2005-09-23 12:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-04-13 08:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 12:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-13 08:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 12:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-13 08:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 12:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-13 08:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 12:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-04-13 08:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 12:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-04-13 08:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 12:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-13 08:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 12:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-13 08:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 12:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-04-13 08:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 12:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-04-13 08:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 12:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-04-13 08:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 12:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-04-13 08:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 12:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-13 08:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 12:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-04-13 08:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 12:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-04-13 08:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 12:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-04-13 08:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 12:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-04-13 08:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 12:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-04-13 08:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 12:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-04-13 08:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 12:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-13 08:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 12:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-04-13 08:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 12:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-13 08:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 12:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-04-13 08:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 12:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-13 08:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 12:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-04-13 08:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 12:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-04-13 08:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 12:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-13 08:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 12:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-04-13 08:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 12:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-04-13 08:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 12:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-13 08:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 12:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-04-13 08:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 12:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-04-13 08:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 12:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-04-13 08:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 12:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-04-13 08:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 12:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-04-13 08:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 12:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-04-13 08:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 12:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-04-13 08:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 12:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-04-13 08:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 12:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-04-13 08:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 12:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-04-13 08:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 12:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-04-13 08:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 12:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-04-13 08:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 12:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-04-13 08:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 12:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-04-13 08:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 12:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-04-13 08:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 12:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-04-13 08:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 12:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-04-13 08:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 12:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-04-13 08:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2005-09-23 12:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-04-13 08:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 12:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-04-13 08:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2005-09-23 12:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-04-13 08:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2005-09-23 12:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-04-13 08:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2004-10-15 23:31:58 99,480 ----a-w C:\WINDOWS\system32\FwsVpn.dll
- 2007-03-15 22:19:28 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 19:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-12-22 16:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-04-13 08:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2007-12-16 20:58:39 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-26 16:24:21 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-16 20:58:39 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-26 16:24:21 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2004-10-15 23:31:56 218,264 ----a-w C:\WINDOWS\system32\SetAid.dll
- 2006-12-10 18:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-12-16 20:55:34 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-12-26 16:23:12 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-12-16 20:55:34 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2007-12-26 16:23:12 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"ntfyapp"="C:\WINDOWS\ntfyapp.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"HPAIO_PrintFolderMgr"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe" [2001-05-15 20:23]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-12-24 18:36]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"sis32"="C:\WINDOWS\system32\winsos.exe" []
"winroot"="C:\WINDOWS\system32\winsn.exe" []
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

C:\Documents and Settings\Gene\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-08 10:07:58]
Lifeguard scheduler.lnk - C:\Program Files\Lifeguard\Scheduler daemon.exe [2003-08-12 11:22:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kxp48.sys]
@="Driver"

S1 kcp;kcp;C:\WINDOWS\system32\drivers\kcp.sys []
S3 hpoid407;IEEE-1284.4 Driver K Series;C:\WINDOWS\system32\DRIVERS\hpoid407.sys [2001-05-15 18:16]
S3 hpoius07;USB to IEEE-1284.4 Translation Driver K Series;C:\WINDOWS\system32\DRIVERS\hpoius07.sys [2001-05-15 18:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\
\Shell\open\Command - F:\80938F05.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - PROCEXP90
*Newly Created Service* - SMCSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-10-14 14:42:38 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HOMEOFFICE-Boyd).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-12-28 18:51:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-24 17:13:25 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Gene.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 14:22:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll
.
Completion time: 2007-12-28 14:22:26
C:\ComboFix2.txt ... 2007-12-26 02:25
.
2007-12-27 20:49:29 --- E O F ---

Thanks in advance for any help anyone can offer...

David Cater

BC AdBot (Login to Remove)

 


m

#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:01 PM

Posted 13 January 2008 - 07:23 PM

Hello xiard,

Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please post a fresh HijackThis log and we can begin the cleaning process.

Regards,
SNOWHITE
Posted Image

#3 xiard

xiard
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 13 January 2008 - 07:39 PM

I'm no longer at my parents' house (they live in another state), so I can't easily get a new hijack log. Is it not possible to use the one I already posted?

Thanks for the response,

David

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:01 PM

Posted 13 January 2008 - 10:00 PM

I'm no longer at my parents' house (they live in another state), so I can't easily get a new hijack log. Is it not possible to use the one I already posted?

Thanks for the response,

David

No, I am sorry but we need new HijackThis log. The one that is posted is old and I will not be able to work with it, because I need to see what is the current situation of the computer. I see some registry leftovers and infections but I am afraid that we cant do anything you also need to have the computer with you, so you can follow my instructions.

Regards,
SNOWHITE
Posted Image

#5 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:10:01 PM

Posted 21 January 2008 - 06:01 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users