Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Tool Bar 7.1

Started by chcseattle , Sep 01 2007 10:52 AM

  • Please log in to reply

#1
chcseattle
Posted 01 September 2007 - 10:52 AM

chcseattle

    New Member

  • Member
  • Pip
  • 4 posts
Following all your instructions from another user by downloading HJTInstall and ran a report, the annoying tool bar seems to be gone. However, the flashing icon on the lower right hand corner still flashing with blue background and Red X. Once you click on it, it take you to this address link removed selling virus software. How can I remove them altogether? Enclosed my latest log. Thanks for your help in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:30 AM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004EBE.dat
O22 - SharedTaskScheduler: aht - {46f5a8b0-0b73-48c5-9e40-3c443a43c161} - C:\WINDOWS\system32\muvdjo.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 11470 bytes

Edited by Rawe, 01 September 2007 - 04:41 PM.

  • 0

Advertisements

#2
Rawe
Posted 01 September 2007 - 04:41 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome aboard :whistling:

Please download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
chcseattle
Posted 03 September 2007 - 09:36 AM

chcseattle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the Log from ComboFix. Please review and let ne know how to remove the annoying Icon. Thanks,

ComboFix 07-08-30.3 - "Carvin" 2007-09-03 8:28:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.267 [GMT -7:00]


((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))


2007-09-03 07:24 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-01 08:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 08:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-31 22:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-31 20:26 <DIR> d-------- C:\DOCUME~1\Carvin\APPLIC~1\Creative
2007-08-31 17:42 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-15 20:05 <DIR> d-------- C:\Program Files\Freecorder
2007-08-15 20:03 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-08-15 20:03 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-08-15 20:02 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-15 20:00 <DIR> d-------- C:\Program Files\Replay Media Catcher
2007-08-15 19:59 <DIR> d-------- C:\Program Files\Replay Converter
2007-08-15 19:56 <DIR> d-------- C:\WINDOWS\FLV Player
2007-08-15 19:56 <DIR> d-------- C:\DOCUME~1\Carvin\APPLIC~1\GetRightToGo
2007-08-11 14:51 <DIR> d-------- C:\Program Files\iTunes
2007-08-11 14:51 <DIR> d-------- C:\Program Files\iPod


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-03 07:24 --------- d-------- C:\Program Files\McAfee
2007-08-31 18:57 12800 --a-s---- C:\WINDOWS\system32\muvdjo.dll
2007-08-17 16:05 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-11 14:50 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 19:27 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 17:26 --------- d-------- C:\DOCUME~1\Cameron\APPLIC~1\SiteAdvisor
2007-07-24 12:02 33800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-24 07:40 79304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 09:08 40488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 09:08 35240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 09:08 201288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-19 22:42 --------- d-------- C:\DOCUME~1\Carvin\APPLIC~1\Snapfish
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 20:26 --------- d-------- C:\Program Files\QuickTime
2007-07-13 09:20 113952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-05-09 06:36 11817800 --a--c--- C:\Program Files\GoogleEarth.exe
2006-06-18 18:51:12 88 -csh--r C:\WINDOWS\system32\4B30627D4D.sys
2006-06-18 18:51:19 6,580 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((( snapshot_2007-09-01_ 85304.34 )))))))))))))))))))))))))))))))))))))))))

-c--a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
-c--a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
-c--a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
-c--a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
-c--a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
-c--a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
-c--a-w 1,200,128 2007-07-11 06:04:22 C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
-c--a-w 1,265,664 2007-07-11 06:08:05 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
-c--a-w 68,608 2007-07-11 06:06:09 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
-c--a-w 72,192 2007-07-11 06:06:19 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
-c--a-w 1,529,184 2007-06-03 14:42:31 C:\WINDOWS\assembly\GAC_32\Microsoft.MapPoint.GraphicsAPI\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.GraphicsAPI.dll
-c--a-w 4,308,992 2007-07-11 06:06:20 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
-c--a-w 2,902,016 2007-07-11 06:06:17 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
-c--a-w 482,304 2007-07-11 06:06:21 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
-c--a-w 258,048 2007-07-11 06:06:03 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
-c--a-w 114,176 2007-07-11 06:06:03 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
-c--a-w 260,096 2007-07-11 06:06:27 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
-c--a-w 5,156,864 2007-07-11 06:06:12 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
-c--a-w 10,752 2007-07-11 06:06:08 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
-c--a-w 507,904 2007-07-11 06:06:02 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
-c--a-w 13,312 2007-07-11 06:06:05 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
-c--a-w 50,528 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\DemCodecClient\1.0.610.11001__31bf3856ad364e35\DemCodecClient.dll
-c--a-w 8,192 2007-07-11 06:06:18 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
-c--a-w 36,864 2007-07-11 06:06:18 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
-c--a-w 5,632 2007-07-11 06:06:19 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
-c--a-w 75,104 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\ImageCodec\1.0.610.11001__31bf3856ad364e35\ImageCodec.dll
-c--a-w 413,696 2007-07-11 06:06:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
-c--a-w 36,864 2007-07-11 06:06:07 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
-c--a-w 647,168 2007-07-11 06:06:07 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
-c--a-w 73,728 2007-07-11 06:06:08 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
-c--a-w 749,568 2007-07-11 06:06:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
-c--a-w 419,168 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Data.dll
-c--a-w 214,368 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.CompactMapFile\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Data.CompactMapFile.dll
-c--a-w 255,328 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.VirtualEarthTileDataSource\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.dll
-c--a-w 144,736 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Geometry\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Geometry.dll
-c--a-w 431,456 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Graphics3D\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Graphics3D.dll
-c--a-w 16,224 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MassiveManagedWrapper\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.MassiveManagedWrapper.dll
-c--a-w 1,025,376 2007-06-03 14:42:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.dll
-c--a-w 132,448 2007-06-03 14:42:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Utility\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Utility.dll
-c--a-w 667,648 2007-07-11 06:06:28 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
-c--a-w 372,736 2007-07-11 06:06:28 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
-c--a-w 110,592 2007-07-11 06:06:29 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
-c--a-w 28,672 2007-07-11 06:06:00 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
-c--a-w 5,632 2007-07-11 06:06:29 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
-c--a-w 32,768 2007-07-11 06:06:01 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
-c--a-w 12,800 2007-07-11 06:06:02 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
-c--a-w 7,168 2007-07-11 06:06:02 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
-c--a-w 110,592 2007-07-11 06:06:24 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
-c--a-w 2,940,928 2007-07-11 06:06:25 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
-c--a-w 413,696 2007-07-11 06:06:25 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
-c--a-w 81,920 2007-07-11 06:06:10 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
-c--a-w 716,800 2007-07-11 06:06:22 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
-c--a-w 888,832 2007-07-11 06:06:04 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
-c--a-w 5,001,216 2007-07-11 06:06:17 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
-c--a-w 397,312 2007-07-11 06:06:10 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
-c--a-w 188,416 2007-07-11 06:06:11 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
-c--a-w 577,536 2007-07-11 06:06:26 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
-c--a-w 81,920 2007-07-11 06:06:11 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
-c--a-w 372,736 2007-07-11 06:06:23 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
-c--a-w 258,048 2007-07-11 06:06:26 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
-c--a-w 299,008 2007-07-11 06:06:23 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
-c--a-w 131,072 2007-07-11 06:06:24 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
-c--a-w 258,048 2007-07-11 06:06:08 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
-c--a-w 114,688 2007-07-11 06:06:12 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
-c--a-w 835,584 2007-07-11 06:06:27 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
-c--a-w 86,016 2007-07-11 06:06:13 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
-c--a-w 823,296 2007-07-11 06:06:14 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
-c--a-w 5,152,768 2007-07-11 06:06:14 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
-c--a-w 2,027,520 2007-07-11 06:06:15 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
-c--a-w 61,440 2007-07-11 06:04:31 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_e480c84a\CustomMarshalers.dll
-c--a-w 3,301,376 2007-07-11 06:04:36 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_02cf258f\mscorlib.dll
-c--a-w 1,855,488 2007-07-11 06:04:43 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_54237721\System.dll
-c--a-w 1,454,080 2007-07-11 06:04:48 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_1998649f\System.Design.dll
-c--a-w 847,872 2007-07-11 06:04:50 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_6cc7c560\System.Drawing.dll
-c--a-w 90,112 2007-07-11 06:04:51 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_586a6999\System.Drawing.Design.dll
-c--a-w 2,953,216 2007-07-11 06:04:56 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_e2b4ece9\System.Windows.Forms.dll
-c--a-w 2,027,520 2007-07-11 06:05:00 C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_c7737dfd\System.Xml.dll
-c--a-w 61,440 2007-07-11 06:08:25 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9508071c\CustomMarshalers.dll
-c--a-w 118,784 2007-07-11 06:09:08 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a0c3e728\CustomMarshalers.dll
-c--a-w 8,908,800 2007-07-11 06:09:29 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e8a6078a\mscorlib.dll
-c--a-w 4,788,224 2007-07-11 06:09:06 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_657836d8\System.dll
-c--a-w 1,470,464 2007-07-11 06:08:50 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_293c08d9\System.Design.dll
-c--a-w 3,395,584 2007-07-11 06:09:21 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e341252f\System.Design.dll
-c--a-w 835,584 2007-07-11 06:08:52 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5a813cc2\System.Drawing.dll
-c--a-w 2,244,608 2007-07-11 06:09:24 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_735b4322\System.Drawing.dll
-c--a-w 192,512 2007-07-11 06:09:09 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9416e85f\System.Drawing.Design.dll
-c--a-w 90,112 2007-07-11 06:08:28 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f670226f\System.Drawing.Design.dll
-c--a-w 3,018,752 2007-07-11 06:08:36 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_37392dbc\System.Windows.Forms.dll
-c--a-w 7,884,800 2007-07-11 06:09:14 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_73f76d31\System.Windows.Forms.dll
-c--a-w 5,513,216 2007-07-11 06:09:18 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_63cb913f\System.Xml.dll
-c--a-w 26,624 2007-07-12 01:02:04 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\df6398db67ad8205efbe9e6c5e6588ca\Accessibility.ni.dll
-c--a-w 888,832 2007-07-12 01:02:08 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExtdb0f6cd3d755b5c91ea5011841d683\AspNetMMCExt.ni.dll
-c--a-w 237,568 2007-07-12 01:03:28 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\abc237093b8ce26731d144df3ca2a91c\CustomMarshalers.ni.dll
-c--a-w 106,496 2007-07-12 01:02:52 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DemCodecClient\4bef104951b12171951821f2cf4b8130\DemCodecClient.ni.dll
-c--a-w 15,360 2007-07-12 01:03:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\ca287aeca124e2a08106473a5b3dec21\dfsvc.ni.exe
-c--a-w 249,856 2007-07-12 01:02:52 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ImageCodec\88f4a758ee45101651a1615f1df8ae89\ImageCodec.ni.dll
-c--a-w 880,640 2007-07-12 01:03:29 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\303fbf38270217336306a612ee63f21e\Microsoft.Build.Engine.ni.dll
-c--a-w 81,920 2007-07-12 01:03:30 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2499fe5ccd67d4e90be1a6eea50f25ef\Microsoft.Build.Framework.ni.dll
-c--a-w 1,687,552 2007-07-12 01:03:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a2449e6a5cbb0cda924993ebee5056dc\Microsoft.Build.Tasks.ni.dll
-c--a-w 163,840 2007-07-12 01:03:33 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\3d50af4de8a4375f5419b102c2a561ae\Microsoft.Build.Utilities.ni.dll
-c--a-w 2,441,216 2007-07-12 01:02:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a3cc4efcda57dbfb95264980c51a54f2\Microsoft.JScript.ni.dll
-c--a-w 925,696 2007-07-12 01:02:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#2b47bae3bb78205b17659128ee6a2bb\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
-c--a-w 2,637,824 2007-07-12 01:02:45 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#bef3ac78f6743e3b1f53634ba72d887\Microsoft.MapPoint.GraphicsAPI.ni.dll
-c--a-w 1,781,760 2007-07-12 01:02:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\105679eb151ce2e18dcd5fa7de458d06\Microsoft.MapPoint.Graphics3D.ni.dll
-c--a-w 495,616 2007-07-12 01:02:21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1182576c35ff40e8812ac6896221e092\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
-c--a-w 1,159,168 2007-07-12 01:02:38 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1c0ce2d19f642bf6268289e96e645306\Microsoft.MapPoint.Data.ni.dll
-c--a-w 270,336 2007-07-12 01:02:10 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\457a015c4ed52c856242a4446d4ddfce\Microsoft.MapPoint.MapControl3D.ni.dll
-c--a-w 18,432 2007-07-12 01:03:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\5e02dbd62e72807a4c98af52329055b0\Microsoft.MapPoint.MassiveManagedWrapper.ni.dll
-c--a-w 442,368 2007-07-12 01:02:22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\a8f886c6e1e690a414ae37894d36fd03\Microsoft.MapPoint.Utility.ni.dll
-c--a-w 405,504 2007-07-12 01:02:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\eebcf7d767aecc12596dce50d4f30946\Microsoft.MapPoint.Geometry.ni.dll
-c--a-w 3,637,248 2007-07-12 01:02:18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\f162d8df5fbfa81a61137afc25e76350\Microsoft.MapPoint.Rendering3D.ni.dll
-c--a-w 1,720,320 2007-07-12 01:03:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c5cc33f5d7c0cea017baad1e0daa426d\Microsoft.VisualBasic.ni.dll
-c--a-w 17,920 2007-07-12 01:02:45 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\87ecb847826f4be737db97c02a12fadd\Microsoft.VisualC.ni.dll
-c--a-w 77,824 2007-07-12 01:02:51 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5612b523e7f6fd5c2caf668d9156ed0d\Microsoft.Vsa.ni.dll
-c--a-w 11,304,960 2007-07-11 06:07:42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\78d747b14b94ae0588ce95d570704573\mscorlib.ni.dll
-c--a-w 8,130,560 2007-07-11 06:08:09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4ab91a043c6f50fa26ab214f69908be7\System.ni.dll
-c--a-w 163,840 2007-07-12 01:02:47 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\4319342f69d9727d4e3f0ae8ee68d7c0\System.Configuration.Install.ni.dll
-c--a-w 1,003,520 2007-07-12 01:02:24 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\c86724b99cb7eb7830f5c29bf2e5133e\System.Configuration.ni.dll
-c--a-w 6,676,480 2007-07-11 06:08:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\f14f04e0c720fda570787859c2571ad1\System.Data.ni.dll
-c--a-w 1,179,648 2007-07-12 01:03:25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c419b2f4e395de805e12103c774a5cda\System.Data.OracleClient.ni.dll
-c--a-w 2,695,168 2007-07-12 01:02:30 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\53365ce77813be3e93a99bc284c365e6\System.Data.SqlXml.ni.dll
-c--a-w 1,724,416 2007-07-12 01:02:34 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\301ab485831a234c3da95abde1b95d8e\System.Deployment.ni.dll
-c--a-w 10,702,848 2007-07-11 06:09:02 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\189478feb48cb6f815572b3f3a8e1b62\System.Design.ni.dll
-c--a-w 512,000 2007-07-12 01:03:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6a479dfc65f27c1b42588c69bd1d14cf\System.DirectoryServices.Protocols.ni.dll
-c--a-w 1,216,512 2007-07-12 01:02:57 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e7e76286c5fdf01a23019e831dfc15fb\System.DirectoryServices.ni.dll
-c--a-w 1,601,536 2007-07-11 06:09:08 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a128a993c0b37d09c82729178771d21\System.Drawing.ni.dll
-c--a-w 229,376 2007-07-11 06:09:11 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\3284a86fd01d8ebfa612c58ec028aab5\System.Drawing.Design.ni.dll
-c--a-w 659,456 2007-07-12 01:02:55 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ee110ef32986788a64d883a0236a1eb0\System.EnterpriseServices.ni.dll
-c--a-w 294,912 2007-07-12 01:02:55 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ee110ef32986788a64d883a0236a1eb0\System.EnterpriseServices.Wrapper.dll
-c--a-w 1,064,960 2007-07-12 01:02:47 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\4dd302b376764119559341c20a09e67f\System.Management.ni.dll
-c--a-w 815,104 2007-07-12 01:02:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\eb5daadbc5b8f3c849a9ffc2c12b788e\System.Runtime.Remoting.ni.dll
-c--a-w 339,968 2007-07-12 01:02:32 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6be9b97d98536793bb578e7abdc55622\System.Runtime.Serialization.Formatters.Soap.ni.dll
-c--a-w 729,088 2007-07-12 01:02:31 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\9eecbfd25c4ec748ae6cf2d0fc9643b4\System.Security.ni.dll
-c--a-w 229,376 2007-07-12 01:03:27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\387c216993436876b109de19bb151141\System.ServiceProcess.ni.dll
-c--a-w 684,032 2007-07-12 01:02:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\1ec20b1517f1280959a65874400356ec\System.Transactions.ni.dll
-c--a-w 12,185,600 2007-07-12 01:03:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67b817431f5f1b5e2cbd49b1db722ea6\System.Web.ni.dll
-c--a-w 2,306,048 2007-07-12 01:03:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\8b1029316694e70714b99e3cd6f11f5c\System.Web.Mobile.ni.dll
-c--a-w 237,568 2007-07-12 01:03:25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\5a43680753f155e008f4959ef685afa3\System.Web.RegularExpressions.ni.dll
-c--a-w 1,941,504 2007-07-12 01:03:22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services85e81ffdbff12d9bc897928439c9bfc\System.Web.Services.ni.dll
-c--a-w 13,107,200 2007-07-11 06:09:44 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f02839006eb47ed69bc715c647eaaa67\System.Windows.Forms.ni.dll
-c--a-w 5,623,808 2007-07-11 06:09:56 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d79992ddeba22e1133e9d956346ac52a\System.Xml.ni.dll
-c--a-w 72,704 2005-09-23 14:28:52 C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
-c--a-w 7,680 2005-09-23 14:28:52 C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
-c--a-w 7,680 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
-c--a-w 7,680 2005-09-23 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
-c--a-w 7,680 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
-c--a-w 200,704 2007-01-02 23:34:04 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
-c--a-w 32,768 2007-01-02 23:34:04 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
-c--a-w 8,192 2007-01-02 23:29:28 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
-c--a-w 73,728 2007-01-02 23:29:12 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
-c--a-w 86,016 2007-01-02 23:29:12 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
-c--a-w 1,998,848 2007-01-02 23:21:20 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
-c--a-w 86,528 2005-09-23 14:28:52 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
-c--a-w 2,273,280 2007-01-02 23:28:28 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
-c--a-w 2,281,472 2007-01-02 23:28:46 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
-c----w 73,728 2007-01-15 23:11:26 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
-c----w 57,344 2007-01-15 23:11:30 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
-c--a-w 1,200,128 2007-01-02 23:40:24 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
-c----w 57,344 2007-01-15 23:11:30 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
-c--a-w 258,048 2007-04-14 04:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
-c--a-w 32,768 2007-04-14 04:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
-c--a-w 81,920 2007-04-14 03:57:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
-c--a-w 86,016 2007-04-14 03:57:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
-c--a-w 102,400 2007-04-14 03:58:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
-c--a-w 73,728 2007-01-15 23:11:26 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
-c--a-w 94,208 2004-07-15 05:34:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
-c--a-w 1,232,896 2007-04-14 04:35:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
-c--a-w 1,265,664 2007-04-14 04:35:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
-c--a-w 282,624 2004-07-15 05:24:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4732\_fusion.dll
-c--a-w 315,392 2004-07-15 05:25:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4732\_mscorjit.dll
-c--a-w 2,138,112 2004-07-15 19:29:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4732\_mscorlib.dll
-c--a-w 77,824 2003-02-21 00:09:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4732\_mscorsn.dll
-c--a-w 2,510,848 2004-07-15 05:26:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4732\_mscorsvr.dll
-c--a-w 2,502,656 2004-07-15 05:28:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4732\_mscorwks.dll
-c--a-w 348,160 2003-02-21 09:42:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4732\_msvcr71.dll
-c--a-w 10,752 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
-c--a-w 138,240 2005-09-23 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
-c--a-w 87,552 2005-09-23 14:28:36 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
-c--a-w 58,712 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
-c--a-w 507,904 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
-c--a-w 36,864 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
-c--a-w 10,752 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
-c--a-w 8,192 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
-c--a-w 23,552 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
-c--a-w 75,264 2007-04-13 10:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
-c--a-w 13,824 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
-c--a-w 32,608 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
-c--a-w 106,496 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
-c--a-w 32,600 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
-c--a-w 106,496 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
-c--a-w 88,576 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
-c--a-w 76,984 2005-09-23 14:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
-c--a-w 1,144,832 2005-09-23 14:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
-c--a-w 13,312 2005-09-23 14:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
-c--a-w 68,608 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
-c--a-w 31,936 2005-09-23 14:28:44 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
-c--a-w 5,120 2007-04-13 10:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
-c--a-w 547,840 2005-09-23 14:29:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
-c--a-w 788,992 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
-c--a-w 9,728 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
-c--a-w 8,192 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
-c--a-w 36,864 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
-c--a-w 5,632 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
-c--a-w 228,688 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
-c--a-w 28,672 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
-c--a-w 55,296 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
-c--a-w 72,192 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
-c--a-w 40,960 2005-09-23 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
-c--a-w 413,696 2007-04-13 10:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
-c--a-w 36,864 2005-09-23 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
-c--a-w 647,168 2007-04-13 10:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
-c--a-w 73,728 2005-09-23 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
-c--a-w 749,568 2007-04-13 10:21:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
-c--a-w 110,592 2005-09-23 14:29:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
-c--a-w 372,736 2005-09-23 14:29:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
-c--a-w 667,648 2005-09-23 14:29:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
-c--a-w 28,672 2005-09-23 14:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
-c--a-w 5,632 2005-09-23 14:29:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
-c--a-w 32,768 2005-09-23 14:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
-c--a-w 12,800 2005-09-23 14:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
-c--a-w 7,168 2005-09-23 14:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
-c--a-w 87,040 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
-c--a-w 69,632 2005-09-23 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
-c--a-w 802,304 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
-c--a-w 73,216 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
-c--a-w 288,768 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
-c--a-w 326,656 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
-c--a-w 81,408 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
-c--a-w 4,308,992 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
-c--a-w 102,912 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
-c--a-w 330,752 2005-09-23 14:29:00 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
-c--a-w 67,072 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
-c--a-w 9,216 2005-09-23 14:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
-c--a-w 227,328 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
-c--a-w 10,240 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
-c--a-w 99,152 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
-c--a-w 15,360 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
-c--a-w 78,336 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
-c--a-w 136,192 2007-04-13 10:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
-c--a-w 53,248 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
-c--a-w 32,768 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
-c--a-w 59,072 2005-09-23 14:29:02 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
-c--a-w 7,680 2005-09-23 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
-c--a-w 382,464 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
-c--a-w 110,592 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
-c--a-w 413,696 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
-c--a-w 81,920 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
-c--a-w 2,902,016 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
-c--a-w 482,304 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
-c--a-w 716,800 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
-c--a-w 888,832 2007-04-13 10:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
-c--a-w 5,001,216 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
-c--a-w 397,312 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
-c--a-w 188,416 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
-c--a-w 2,940,928 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
-c--a-w 81,920 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
-c--a-w 577,536 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
-c--a-w 258,048 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
-c--a-w 47,616 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
-c--a-w 114,176 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
-c--a-w 372,736 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
-c--a-w 258,048 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
-c--a-w 299,008 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
-c--a-w 131,072 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
-c--a-w 258,048 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
-c--a-w 114,688 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
-c--a-w 260,096 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
-c--a-w 5,156,864 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
-c--a-w 835,584 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
-c--a-w 86,016 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
-c--a-w 823,296 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
-c--a-w 5,152,768 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
-c--a-w 2,027,520 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
-c--a-w 71,680 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
-c--a-w 1,166,672 2007-04-13 10:21:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
-c--a-w 1,330,688 2007-04-13 10:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
-c--a-w 406,016 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
-c--a-w 28,160 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
-c--a-w 18,944 2005-09-23 14:28:36 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
-c--a-w 136,192 2005-09-23 14:28:42 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
-c--a-w 4,608 2005-09-23 14:28:44 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
-c--a-w 183,808 2005-09-23 14:29:04 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
-c--a-w 208,896 2005-09-23 14:28:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
-c--a-w 22,528 2005-09-23 14:29:00 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI409\mscorsecr.dll
-c--a-w 13,536 2005-06-28 17:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
-c--a-w 213,216 2005-06-28 17:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
-c--a-w 2,332,368 2007-03-22 21:47:06 C:\WINDOWS\system32\D3DX9_29.DLL
-c--a-w 150,016 2005-09-23 14:28:52 C:\WINDOWS\system32\mscorier.dll
-c--a-w 32,768 2003-02-21 00:16:34 C:\WINDOWS\system32\netfxperf.dll
-c--a-w 61,136 2007-03-22 21:47:06 C:\WINDOWS\system32\xinput9_1_0.dll
-c--a-w 32,768 2007-09-03 14:23:45 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
-c--a-w 32,768 2007-09-03 14:23:45 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-09-03 14:23:45 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 364,160 2007-04-23 10:32:54 C:\WINDOWS\system32\dllcache\update.sys
-c--a-w 6,144 2006-12-22 20:02:36 C:\WINDOWS\system32\mui409\mscorees.dll
----a-w 304,992 2007-08-04 01:57:38 C:\WINDOWS\Temp280621188829472mcinst.exe
-c--a-w 548,864 2006-06-05 21:14:28 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
-c--a-w 626,688 2006-06-05 21:14:28 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
-c--a-w 258,048 2007-07-11 06:06:03 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
-c--a-w 114,176 2007-07-11 06:06:03 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
----a-w 1,200,128 2007-07-11 06:04:22 C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 1,265,664 2007-07-11 06:08:05 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 68,608 2007-07-11 06:06:09 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-07-11 06:06:19 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 1,529,184 2007-06-03 14:42:31 C:\WINDOWS\assembly\GAC_32\Microsoft.MapPoint.GraphicsAPI\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.GraphicsAPI.dll
----a-w 4,308,992 2007-07-11 06:06:20 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,902,016 2007-07-11 06:06:17 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-07-11 06:06:21 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-07-11 06:06:03 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-07-11 06:06:03 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-07-11 06:06:27 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,156,864 2007-07-11 06:06:12 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-07-11 06:06:08 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2007-07-11 06:06:02 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-07-11 06:06:05 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 50,528 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\DemCodecClient\1.0.610.11001__31bf3856ad364e35\DemCodecClient.dll
----a-w 8,192 2007-07-11 06:06:18 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-07-11 06:06:18 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-07-11 06:06:19 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 75,104 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\ImageCodec\1.0.610.11001__31bf3856ad364e35\ImageCodec.dll
----a-w 413,696 2007-07-11 06:06:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-07-11 06:06:07 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-07-11 06:06:07 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-07-11 06:06:08 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 749,568 2007-07-11 06:06:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 419,168 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Data.dll
----a-w 214,368 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.CompactMapFile\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Data.CompactMapFile.dll
----a-w 255,328 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.VirtualEarthTileDataSource\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.dll
----a-w 144,736 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Geometry\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Geometry.dll
----a-w 431,456 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Graphics3D\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Graphics3D.dll
----a-w 16,224 2007-06-03 14:42:30 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MassiveManagedWrapper\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.MassiveManagedWrapper.dll
----a-w 1,025,376 2007-06-03 14:42:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.dll
----a-w 132,448 2007-06-03 14:42:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Utility\1.1.703.22001__31bf3856ad364e35\Microsoft.MapPoint.Utility.dll
----a-w 667,648 2007-07-11 06:06:28 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-07-11 06:06:28 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-07-11 06:06:29 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-07-11 06:06:00 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w
  • 0

#4
Rawe
Posted 03 September 2007 - 10:09 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again :whistling:

Your combolog got cut off but let's check with this tool before checking the entire cf log.

Please download SmitfraudFix © S!Ri to your desktop.

Double-click SmitFraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#5
chcseattle
Posted 03 September 2007 - 02:32 PM

chcseattle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the log from SmitFraudFix. Thanks,

SmitFraudFix v2.219

Scan done at 13:27:28.50, Mon 09/03/2007
Run from C:\Documents and Settings\Carvin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carvin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carvin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Carvin\FAVORI~1

C:\DOCUME~1\Carvin\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{46f5a8b0-0b73-48c5-9e40-3c443a43c161}"="aht"

[HKEY_CLASSES_ROOT\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\__c004EBE.dat"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 205.171.3.65

Description: Actiontec Gateway - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 205.171.3.65

HKLM\SYSTEM\CCS\Services\Tcpip\..\{81A4A7B0-1E72-45FB-8BF5-1B17ADE3BA55}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9848C14D-6F96-48A9-96EC-CB5D90FD386E}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81A4A7B0-1E72-45FB-8BF5-1B17ADE3BA55}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9848C14D-6F96-48A9-96EC-CB5D90FD386E}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{81A4A7B0-1E72-45FB-8BF5-1B17ADE3BA55}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9848C14D-6F96-48A9-96EC-CB5D90FD386E}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
Rawe
Posted 04 September 2007 - 03:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again :whistling:

Please print these instructions out, or write them down, as you can't read them during the fix.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode
5) Choose your usual account.

Once in Safe Mode, double-click SmitfraudFix.exe.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

----------

Go to Start » Run » type in: regedit » OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to File » Export
    Make sure in that window there is a tick next to "All" under Export Branch.
    Leave the "Save As Type" as "Registration Files".
    Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click Save and then go to File » Exit.
This is so the registry can be restored to this point if we need it. It may take a minute.

Next, please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as Fixit.reg to your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Now double-click on the Fixit.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.

-------

Please post a fresh HijackThis log along with the SmitFraudFix rapport.
  • 0

#7
chcseattle
Posted 06 September 2007 - 08:14 AM

chcseattle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Advisers,
The instructions were clear and precise. I finally managed to remove the unwanted icon from the computer. Thanks very much for your assistance and keep up the good work.
  • 0

#8
Rawe
Posted 06 September 2007 - 10:16 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please post the logs I asked for :whistling:

To make sure there's no other malware left.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP