SecurityTool and Redirected Google Links

  1. 13-10-2009  #1
    italianpnoy112
    italianpnoy112 is offline Newbie

    SecurityTool and Redirected Google Links

    Ok so just recently I was attacked by SecurityTool. Luckily I was able to find my way around it by downloading Malwarebytes and doing a Full Scan but it seems that every now and then it comes back and the havoc it reeks gets more annoying by the second. Another new thing that I started noticing is redirected search links. Whenever I click on one I get redirected to some spam page that has nothing related to what I'm searching.

    Here's my Hijack Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:01:45 PM, on 10/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: (no name) - {528EA803-D096-4B92-B669-C0DA7A9AE6DD} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {618C7065-CA25-4891-A9EF-0527474254AA} - (no file)
    O2 - BHO: (no name) - {8550754f-58b9-c524-0c18-e73cc8cfe729} - C:\WINDOWS\ukopoxubacepexo.dll
    O2 - BHO: (no name) - {92229a5e-c42b-4605-9275-a151afe26df0} - (no file)
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: (no name) - {d442792b-48c0-43d1-a6db-494589ecbc3b} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\sadasdgfd.exe" /runcleanupscript
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vibuyujes] Rundll32.exe "c:\windows\system32\zohewigu.dll",a
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: c:\windows\system32\ c:\windows\system32\bolakuzu.dll c:\windows\system32\zohewigu.dll,fotuliza.dll
    O21 - SSODL: roluvuhoy - {81af624f-3316-4144-bb19-67241da69071} - c:\windows\system32\bolakuzu.dll (file missing)
    O21 - SSODL: rubudemif - {5bc8c056-f51b-4809-91ec-fedf4372dc9c} - c:\windows\system32\zohewigu.dll
    O22 - SharedTaskScheduler: jugezatag - {81af624f-3316-4144-bb19-67241da69071} - c:\windows\system32\bolakuzu.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {5bc8c056-f51b-4809-91ec-fedf4372dc9c} - c:\windows\system32\zohewigu.dll
    O23 - Service: AntiPol (antippolice_) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 8442 bytes

  3. 13-10-2009  #2
    Neal
    Neal is offline Dedicated Member
    Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

    A guide and tutorial on using ComboFix




    If you have previously downloaded ComboFix,please delete that version now.



    It is IMPORTANT that it is saved directly to your desktop

    Close any open browsers.

    Disconnect from the Internet.

    Please do not re-connect your machine back to the Internet until Combofix has completely finished.

    Disable your antivirus program and any realtime malware scanners and script blockers now


    How To Disable



    Double click on combofix.exe and follow the prompts.

    When it's finished it will produce a log.
    Post the entire contents of C:\ComboFix.txt into your next reply.

    Note:
    Do not mouseclick combofix's window while it's running.

    That may cause the program to freeze/hang.

    Do NOT post the ComboFix-quarantined-files.txt unless I ask.

    Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



    *Note*
    In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
    Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

    ComboFix SHOULD NOT be used unless requested by a forum helper.
  4. 14-10-2009  #3
    italianpnoy112
    italianpnoy112 is offline Newbie
    ComboFix 09-10-13.01 - DonDon 10/13/2009 18:08.1.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.303 [GMT -7:00]
    Running from: c:\documents and settings\DonDon\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\85475938
    c:\documents and settings\All Users\Application Data\85475938\85475938.bat
    c:\documents and settings\All Users\Application Data\85475938\85475938.exe
    c:\documents and settings\DonDon\Start Menu\Programs\Security Tool.lnk
    c:\program files\WinPCap
    c:\program files\WinPCap\rpcapd.exe
    c:\windows\oqerilow.dll
    c:\windows\system32\bszip.dll
    c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro
    c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
    c:\windows\system32\drivers\gasfkyaehbxjwt.sys
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\fotuliza.dll
    c:\windows\system32\gasfkydtcpwwbv.dll
    c:\windows\system32\gasfkyinqqajiu.dll
    c:\windows\system32\gasfkylelsxicx.dll
    c:\windows\system32\gasfkyompunmvh.dat
    c:\windows\system32\gasfkyrieojlpb.dat
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\ripeyoji.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    c:\windows\system32\yanukoka.dll
    c:\windows\system32\zohewigu.dll
    c:\windows\system32\zokulabo.exe
    c:\windows\ukopoxubacepexo.dll
    c:\windows\utotidedugugek.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_gasfkycbnkihsk
    -------\Legacy_gasfkycbnkihsk
    -------\Legacy_SENEKA
    -------\Legacy_ILVMONEYDRIVER53
    -------\Legacy_npf
    -------\Service_IlvMoneyDRIVER53
    -------\Service_npf


    ((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
    .

    2009-10-13 02:01 . 2009-10-13 02:01 -------- d-----w- c:\program files\Trend Micro
    2009-10-09 20:31 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-09 20:31 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-09 20:29 . 2009-10-09 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-09 20:19 . 2009-10-09 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-10-08 08:36 . 2009-10-08 08:36 -------- d-----w- c:\program files\AVG
    2009-10-05 01:21 . 2009-10-05 01:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-10-05 01:16 . 2009-10-05 01:16 -------- d-----w- c:\program files\Atari
    2009-10-05 01:10 . 2009-10-05 01:10 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-10-05 01:10 . 2009-10-05 01:10 -------- d-----w- c:\documents and settings\DonDon\Application Data\DAEMON Tools Pro
    2009-10-05 01:07 . 2009-10-05 01:07 -------- d-----w- c:\documents and settings\DonDon\Application Data\Leadertech
    2009-10-05 01:05 . 2009-10-05 01:05 -------- d-----w- c:\documents and settings\DonDon\Application Data\Atari
    2009-10-05 01:01 . 2009-10-05 01:01 -------- d-----w- c:\program files\MagicISO
    2009-09-27 23:10 . 2009-09-27 23:10 -------- d-----w- c:\program files\Redbana
    2009-09-19 04:41 . 2009-09-19 04:41 -------- d-----w- c:\program files\Audacity
    2009-09-18 02:05 . 2009-09-18 02:05 -------- d-----w- c:\program files\Asiasoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-10-13 01:53 . 2005-03-30 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2009-10-12 22:09 . 2009-06-07 05:21 -------- d-----w- c:\documents and settings\DonDon\Application Data\Move Networks
    2009-10-10 04:15 . 2009-05-06 04:50 -------- d-----w- c:\documents and settings\DonDon\Application Data\LimeWire
    2009-10-08 03:00 . 2009-09-08 22:51 120 ----a-w- c:\windows\Jrimaci.dat
    2009-10-05 01:16 . 2005-03-30 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-05 01:07 . 2008-12-02 03:06 -------- d-----w- c:\documents and settings\DonDon\Application Data\Sonic
    2009-09-27 23:22 . 2009-07-14 21:12 -------- d-----w- c:\program files\Scream Machines
    2009-09-26 19:28 . 2009-04-19 21:24 -------- d-----w- c:\documents and settings\DonDon\Application Data\Hamachi
    2009-09-13 04:55 . 2009-06-01 03:24 -------- d-----w- c:\documents and settings\DonDon\Application Data\gtk-2.0
    2009-09-07 23:29 . 2009-08-30 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-09-06 23:58 . 2008-12-04 00:01 59792 ----a-w- c:\documents and settings\DonDon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-29 19:27 . 2009-08-29 19:27 -------- d-----w- c:\documents and settings\DonDon\Application Data\Octoshape
    2009-07-31 18:58 . 2009-04-11 01:07 235824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-07-07 20:24 . 2009-07-07 20:24 37888 --sha-w- c:\windows\SYSTEM32\biyekupu.dll
    2009-07-08 20:24 . 2009-07-08 20:24 37888 --sha-w- c:\windows\SYSTEM32\dagimewo.dll
    2009-07-10 17:53 . 2009-07-10 17:53 50688 --sha-w- c:\windows\SYSTEM32\dajufiwe.dll.tmp
    2009-07-13 01:48 . 2009-07-13 01:48 38400 --sha-w- c:\windows\SYSTEM32\hidumule.dll
    2009-07-06 16:57 . 2009-07-06 16:57 88576 --sha-w- c:\windows\SYSTEM32\jemonuro.dll
    2009-07-12 13:48 . 2009-07-12 13:48 88064 --sha-w- c:\windows\SYSTEM32\jipezayi.dll
    2009-07-13 01:49 . 2009-07-13 01:49 51712 --sha-w- c:\windows\SYSTEM32\jumidani.dll
    2009-07-13 22:36 . 2009-07-13 22:36 37888 --sha-w- c:\windows\SYSTEM32\kahufeto.dll
    2009-07-13 01:48 . 2009-07-13 01:48 51712 --sha-w- c:\windows\SYSTEM32\kapekabo.dll
    2009-07-13 22:36 . 2009-07-13 22:36 1050659 --sha-w- c:\windows\SYSTEM32\kelesopu.exe
    2009-07-10 17:52 . 2009-07-10 17:52 50688 --sha-w- c:\windows\SYSTEM32\kidodize.dll
    2009-07-11 19:47 . 2009-07-11 19:47 38400 --sha-w- c:\windows\SYSTEM32\kiganopo.dll
    2009-07-06 16:57 . 2009-07-06 16:57 37888 --sha-w- c:\windows\SYSTEM32\lagiweba.dll
    2009-07-06 16:52 . 2009-07-06 16:52 50688 --sha-w- c:\windows\SYSTEM32\ludusaku.dll.tmp
    2009-07-06 16:57 . 2009-07-06 16:57 26624 --sha-w- c:\windows\SYSTEM32\mivikaju.dll
    2009-07-07 04:57 . 2009-07-07 04:57 51200 --sha-w- c:\windows\SYSTEM32\molizedo.dll
    2009-07-10 17:53 . 2009-07-10 17:53 50688 --sha-w- c:\windows\SYSTEM32\navujoko.dll.tmp
    2009-07-10 17:53 . 2009-07-10 17:53 50688 --sha-w- c:\windows\SYSTEM32\puzihajo.dll.tmp
    2009-07-08 08:24 . 2009-07-08 08:24 1051171 --sha-w- c:\windows\SYSTEM32\rejutigo.exe
    2009-07-11 19:47 . 2009-07-11 19:47 1011449 --sha-w- c:\windows\SYSTEM32\rerazaki.exe
    2009-07-07 20:24 . 2009-07-07 20:24 1049635 --sha-w- c:\windows\SYSTEM32\soditika.exe
    2009-07-10 17:52 . 2009-07-10 17:52 38400 --sha-w- c:\windows\SYSTEM32\suvatepe.dll
    2009-07-10 17:52 . 2009-07-10 17:52 26624 --sha-w- c:\windows\SYSTEM32\tavajaba.dll
    2009-07-10 17:52 . 2009-07-10 17:52 1011349 --sha-w- c:\windows\SYSTEM32\tozoneba.exe
    2009-07-12 13:48 . 2009-07-12 13:48 38400 --sha-w- c:\windows\SYSTEM32\vojameku.dll
    2009-07-09 08:24 . 2009-07-09 08:24 1011003 --sha-w- c:\windows\SYSTEM32\vuvimuwe.exe
    2009-07-06 16:52 . 2009-07-06 16:52 50688 --sha-w- c:\windows\SYSTEM32\wipomowe.dll.tmp
    2009-07-06 16:52 . 2009-07-06 16:52 50688 --sha-w- c:\windows\SYSTEM32\womodefo.dll.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e2878c1-bb87-471b-be7d-7cd18fdc3ccb}]
    2009-07-13 01:49 51712 --sha-w- c:\windows\SYSTEM32\jumidani.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
    "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-18 180224]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
    "MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpda te.exe" [2006-01-11 212992]
    "MCAgentExe"="c:\progra~1\mcafee.com\agent\McAgent .exe" [2005-09-23 303104]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\sadasdgfd.exe" [2009-09-10 1312080]
    "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-30 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-1-17 450560]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

    [HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\c:^documents and settings^dondon^start menu^programs^startup^hamachi.lnk]
    path=c:\documents and settings\DonDon\Start Menu\Programs\Startup\hamachi.lnk
    backup=c:\windows\pss\hamachi.lnkStartup

    [HKLM\~\startupfolder\c:^documents and settings^dondon^start menu^programs^startup^ikowin32.exe]
    path=c:\documents and settings\DonDon\Start Menu\Programs\Startup\ikowin32.exe
    backup=c:\windows\pss\ikowin32.exeStartup

    [HKLM\~\startupfolder\c:^documents and settings^dondon^start menu^programs^startup^limewire on startup.lnk]
    path=c:\documents and settings\DonDon\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\p ol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "c:\\Program Files\\Atari\\RollerCoaster Tycoon 3 Platinum\\RCT3plus.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Dell Support\\DSAgnt.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
    "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dla\\tfswctrl.exe"=
    "c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LVCOMSX.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "56920:TCP"= 56920:TCP:Pando Media Booster
    "56920:UDP"= 56920:UDP:Pando Media Booster

    S2 antippolice_;AntiPol;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
    S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiF iltr.sys [3/29/2005 10:21 PM 23296]
    S3 tap0901;TAP-Win32 Adapter V9;c:\windows\SYSTEM32\DRIVERS\tap0901.sys [11/19/2008 11:22 AM 25216]
    S3 xdva281;XDva281;\??\c:\windows\system32\XDva281.sy s --> c:\windows\system32\XDva281.sys [?]
    S4 gupdate1c9fc589d42eba0;Google Update Service (gupdate1c9fc589d42eba0);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 8:36 PM 133104]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 03:36]

    2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 03:36]

    2009-10-10 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (KOMODO-Daryll).job
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-03-30 23:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dell4me.com/myway
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    FF - ProfilePath - c:\documents and settings\DonDon\Application Data\Mozilla\Firefox\Profiles\3z4u6lch.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - plugin: c:\documents and settings\DonDon\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\DonDon\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - HiddenExtension: XUL Cache: {CD5F93F5-4EEF-4949-82C3-AAA6F6F14995} - c:\documents and settings\DonDon\Local Settings\Application Data\{CD5F93F5-4EEF-4949-82C3-AAA6F6F14995}
    FF - HiddenExtension: XUL Cache: {2B769074-89E3-4769-A231-00175C5B40BB} - c:\documents and settings\Administrator\Local Settings\Application Data\{2B769074-89E3-4769-A231-00175C5B40BB}\
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{528EA803-D096-4B92-B669-C0DA7A9AE6DD} - (no file)
    BHO-{618C7065-CA25-4891-A9EF-0527474254AA} - (no file)
    BHO-{8550754f-58b9-c524-0c18-e73cc8cfe729} - c:\windows\ukopoxubacepexo.dll
    BHO-{92229a5e-c42b-4605-9275-a151afe26df0} - (no file)
    BHO-{d442792b-48c0-43d1-a6db-494589ecbc3b} - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-vibuyujes - c:\windows\system32\ripeyoji.dll
    HKLM-Run-85475938 - c:\documents and settings\All Users\Application Data\85475938\85475938.exe
    HKLM-Run-kazakajezu - yanukoka.dll
    SharedTaskScheduler-{81af624f-3316-4144-bb19-67241da69071} - c:\windows\system32\bolakuzu.dll
    SharedTaskScheduler-{95e49359-bd4f-44f1-98e3-99a56ea2f467} - c:\windows\system32\ripeyoji.dll
    SSODL-roluvuhoy-{81af624f-3316-4144-bb19-67241da69071} - c:\windows\system32\bolakuzu.dll
    SSODL-wosajusul-{95e49359-bd4f-44f1-98e3-99a56ea2f467} - c:\windows\system32\ripeyoji.dll
    AddRemove-Dolphin - c:\documents and settings\DonDon\Desktop\Emulator\Dolphin\uninst.ex e
    AddRemove-Pcsx2_is1 - c:\documents and settings\DonDon\Desktop\Emulator\PS2\Pcsx2\unins00 0.exe
    AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe
    AddRemove-SystemRequirementsLab - c:\program files\SystemRequirementsLab\Uninstall.exe



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-10-13 18:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2952)
    c:\progra~1\mcafee.com\vso\McVSSkt.dll
    c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SYSTEM32\ati2evxx.exe
    c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\SYSTEM32\wdfmgr.exe
    c:\windows\SYSTEM32\wscntfy.exe
    c:\progra~1\McAfee.com\VSO\McVSEscn.exe
    c:\program files\Logitech\Video\FxSvr2.exe
    .
    ************************************************** ************************
    .
    Completion time: 2009-10-14 18:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-10-14 01:27

    Pre-Run: 12,789,108,736 bytes free
    Post-Run: 16,028,921,856 bytes free

    270 --- E O F --- 2008-12-18 06:42
  5. 15-10-2009  #4
    Neal
    Neal is offline Dedicated Member
    Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE


    File::
    c:\windows\SYSTEM32\biyekupu.dll
    c:\windows\SYSTEM32\dagimewo.dll
    c:\windows\SYSTEM32\dajufiwe.dll.tmp
    c:\windows\SYSTEM32\hidumule.dll
    c:\windows\SYSTEM32\jemonuro.dll
    c:\windows\SYSTEM32\jipezayi.dll
    c:\windows\SYSTEM32\jumidani.dll
    c:\windows\SYSTEM32\kahufeto.dll
    c:\windows\SYSTEM32\kapekabo.dll
    c:\windows\SYSTEM32\kelesopu.exe
    c:\windows\SYSTEM32\kidodize.dll
    c:\windows\SYSTEM32\kiganopo.dll
    c:\windows\SYSTEM32\lagiweba.dll
    c:\windows\SYSTEM32\ludusaku.dll.tmp
    c:\windows\SYSTEM32\mivikaju.dll
    c:\windows\SYSTEM32\molizedo.dll
    c:\windows\SYSTEM32\navujoko.dll.tmp
    c:\windows\SYSTEM32\puzihajo.dll.tmp
    c:\windows\SYSTEM32\rejutigo.exe
    c:\windows\SYSTEM32\rerazaki.exe
    c:\windows\SYSTEM32\soditika.exe
    c:\windows\SYSTEM32\suvatepe.dll
    c:\windows\SYSTEM32\tavajaba.dll
    c:\windows\SYSTEM32\tozoneba.exe
    c:\windows\SYSTEM32\vojameku.dll
    c:\windows\SYSTEM32\vuvimuwe.exe
    c:\windows\SYSTEM32\wipomowe.dll.tmp
    c:\windows\SYSTEM32\womodefo.dll.tmp

    Reg::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e2878c1-bb87-471b-be7d-7cd18fdc3ccb}]
    Save this as CFScript

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.


    [IMG][/IMG]



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
  6. 20-10-2009  #5
    italianpnoy112
    italianpnoy112 is offline Newbie
    ComboFix 09-10-13.01 - DonDon 10/19/2009 17:38.2.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.261 [GMT -7:00]
    Running from: c:\documents and settings\DonDon\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\DonDon\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\windows\SYSTEM32\biyekupu.dll"
    "c:\windows\SYSTEM32\dagimewo.dll"
    "c:\windows\SYSTEM32\dajufiwe.dll.tmp"
    "c:\windows\SYSTEM32\hidumule.dll"
    "c:\windows\SYSTEM32\jemonuro.dll"
    "c:\windows\SYSTEM32\jipezayi.dll"
    "c:\windows\SYSTEM32\jumidani.dll"
    "c:\windows\SYSTEM32\kahufeto.dll"
    "c:\windows\SYSTEM32\kapekabo.dll"
    "c:\windows\SYSTEM32\kelesopu.exe"
    "c:\windows\SYSTEM32\kidodize.dll"
    "c:\windows\SYSTEM32\kiganopo.dll"
    "c:\windows\SYSTEM32\lagiweba.dll"
    "c:\windows\SYSTEM32\ludusaku.dll.tmp"
    "c:\windows\SYSTEM32\mivikaju.dll"
    "c:\windows\SYSTEM32\molizedo.dll"
    "c:\windows\SYSTEM32\navujoko.dll.tmp"
    "c:\windows\SYSTEM32\puzihajo.dll.tmp"
    "c:\windows\SYSTEM32\rejutigo.exe"
    "c:\windows\SYSTEM32\rerazaki.exe"
    "c:\windows\SYSTEM32\soditika.exe"
    "c:\windows\SYSTEM32\suvatepe.dll"
    "c:\windows\SYSTEM32\tavajaba.dll"
    "c:\windows\SYSTEM32\tozoneba.exe"
    "c:\windows\SYSTEM32\vojameku.dll"
    "c:\windows\SYSTEM32\vuvimuwe.exe"
    "c:\windows\SYSTEM32\wipomowe.dll.tmp"
    "c:\windows\SYSTEM32\womodefo.dll.tmp"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\10736421
    c:\documents and settings\All Users\Application Data\10736421\10736421.exe
    c:\documents and settings\All Users\Application Data\28417224
    c:\documents and settings\All Users\Application Data\28417224\28417224.exe
    c:\documents and settings\All Users\Application Data\83597436
    c:\documents and settings\All Users\Application Data\83597436\83597436.exe
    c:\documents and settings\DonDon\Desktop\Security Tool.lnk
    c:\documents and settings\DonDon\Start Menu\Programs\Security Tool.lnk
    c:\windows\SYSTEM32\biyekupu.dll
    c:\windows\SYSTEM32\dagimewo.dll
    c:\windows\SYSTEM32\dajufiwe.dll.tmp
    c:\windows\SYSTEM32\hidumule.dll
    c:\windows\SYSTEM32\jemonuro.dll
    c:\windows\SYSTEM32\jipezayi.dll
    c:\windows\SYSTEM32\kahufeto.dll
    c:\windows\SYSTEM32\kapekabo.dll
    c:\windows\SYSTEM32\kelesopu.exe
    c:\windows\SYSTEM32\kidodize.dll
    c:\windows\SYSTEM32\kiganopo.dll
    c:\windows\system32\ladobenu.dll
    c:\windows\SYSTEM32\lagiweba.dll
    c:\windows\SYSTEM32\ludusaku.dll.tmp
    c:\windows\SYSTEM32\mivikaju.dll
    c:\windows\SYSTEM32\molizedo.dll
    c:\windows\SYSTEM32\navujoko.dll.tmp
    c:\windows\SYSTEM32\puzihajo.dll.tmp
    c:\windows\SYSTEM32\rejutigo.exe
    c:\windows\SYSTEM32\rerazaki.exe
    c:\windows\system32\rokesoza.dll
    c:\windows\SYSTEM32\soditika.exe
    c:\windows\SYSTEM32\suvatepe.dll
    c:\windows\SYSTEM32\tavajaba.dll
    c:\windows\system32\tozoneba.exe
    c:\windows\system32\vadurota.dll
    c:\windows\SYSTEM32\vojameku.dll
    c:\windows\SYSTEM32\vuvimuwe.exe
    c:\windows\system32\wayokuzo.dll
    c:\windows\SYSTEM32\wipomowe.dll.tmp
    c:\windows\SYSTEM32\womodefo.dll.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
    .

    2009-10-19 05:22 . 2009-10-19 05:29 -------- d-----w- c:\program files\PhotoScape
    2009-10-14 23:57 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
    2009-10-14 23:57 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2009-10-14 23:57 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2009-10-14 23:57 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
    2009-10-14 23:57 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
    2009-10-14 23:57 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2009-10-14 23:57 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
    2009-10-14 23:57 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
    2009-10-14 23:57 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2009-10-14 23:57 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2009-10-14 23:56 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
    2009-10-14 23:56 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2009-10-14 23:56 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2009-10-13 02:01 . 2009-10-13 02:01 -------- d-----w- c:\program files\Trend Micro
    2009-10-09 20:31 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-09 20:31 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-09 20:29 . 2009-10-09 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-09 20:19 . 2009-10-09 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-10-08 08:36 . 2009-10-08 08:36 -------- d-----w- c:\program files\AVG
    2009-10-05 01:21 . 2009-10-05 01:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-10-05 01:16 . 2009-10-05 01:16 -------- d-----w- c:\program files\Atari
    2009-10-05 01:10 . 2009-10-05 01:10 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-10-05 01:10 . 2009-10-05 01:10 -------- d-----w- c:\documents and settings\DonDon\Application Data\DAEMON Tools Pro
    2009-10-05 01:07 . 2009-10-05 01:07 -------- d-----w- c:\documents and settings\DonDon\Application Data\Leadertech
    2009-10-05 01:05 . 2009-10-05 01:05 -------- d-----w- c:\documents and settings\DonDon\Application Data\Atari
    2009-10-05 01:01 . 2009-10-05 01:01 -------- d-----w- c:\program files\MagicISO
    2009-09-27 23:10 . 2009-09-27 23:10 -------- d-----w- c:\program files\Redbana

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-10-19 06:01 . 2009-06-01 03:24 -------- d-----w- c:\documents and settings\DonDon\Application Data\gtk-2.0
    2009-10-19 05:22 . 2008-12-04 00:01 63320 ----a-w- c:\documents and settings\DonDon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-15 05:25 . 2005-03-30 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
    2009-10-13 01:53 . 2005-03-30 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2009-10-12 22:09 . 2009-06-07 05:21 -------- d-----w- c:\documents and settings\DonDon\Application Data\Move Networks
    2009-10-10 04:15 . 2009-05-06 04:50 -------- d-----w- c:\documents and settings\DonDon\Application Data\LimeWire
    2009-10-08 03:00 . 2009-09-08 22:51 120 ----a-w- c:\windows\Jrimaci.dat
    2009-10-05 01:16 . 2005-03-30 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-05 01:07 . 2008-12-02 03:06 -------- d-----w- c:\documents and settings\DonDon\Application Data\Sonic
    2009-09-27 23:22 . 2009-07-14 21:12 -------- d-----w- c:\program files\Scream Machines
    2009-09-26 19:28 . 2009-04-19 21:24 -------- d-----w- c:\documents and settings\DonDon\Application Data\Hamachi
    2009-09-19 04:41 . 2009-09-19 04:41 -------- d-----w- c:\program files\Audacity
    2009-09-18 02:05 . 2009-09-18 02:05 -------- d-----w- c:\program files\Asiasoft
    2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-07 23:29 . 2009-08-30 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 19:27 . 2009-08-29 19:27 -------- d-----w- c:\documents and settings\DonDon\Application Data\Octoshape
    2009-08-29 07:36 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2009-08-29 07:36 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-08-29 07:36 . 2004-08-04 11:00 17408 ------w- c:\windows\system32\corpol.dll
    2009-08-26 08:00 . 2004-08-04 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-04 15:13 . 1980-01-01 06:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
    2009-08-04 14:20 . 1980-01-01 06:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-07-31 18:58 . 2009-04-11 01:07 235824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-07-29 04:37 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-29 04:37 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-07-19 05:11 . 2009-07-19 05:11 89088 --sha-w- c:\windows\SYSTEM32\buhedina.dll
    2009-07-16 21:47 . 2009-07-16 21:47 37888 --sha-w- c:\windows\SYSTEM32\kowatapi.dll
    2009-07-19 05:11 . 2009-07-19 05:11 38400 --sha-w- c:\windows\SYSTEM32\mifolole.dll
    2009-07-19 21:48 . 2009-07-19 21:48 39424 --sha-w- c:\windows\SYSTEM32\ranuvozo.dll
    2009-07-16 21:48 . 2009-07-16 21:48 52224 --sha-w- c:\windows\SYSTEM32\sewupedi.dll
    2009-07-19 05:11 . 2009-07-19 05:11 1011256 --sha-w- c:\windows\SYSTEM32\tagetega.exe
    2009-07-16 21:47 . 2009-07-16 21:47 1111915 --sha-w- c:\windows\SYSTEM32\viwafinu.exe
    2009-07-17 17:00 . 2009-07-17 17:00 38400 --sha-w- c:\windows\SYSTEM32\wifanana.dll
    2009-07-19 21:48 . 2009-07-19 21:48 1011607 --sha-w- c:\windows\SYSTEM32\zabodowo.exe
    2009-07-17 17:00 . 2009-07-17 17:00 1115785 --sha-w- c:\windows\SYSTEM32\zujobato.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-14_01.23.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-10-20 00:48 . 2009-10-20 00:48 16384 c:\windows\temp\Perflib_Perfdata_490.dat
    + 2004-08-04 11:00 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\wdigest.dll
    + 2008-07-14 11:09 . 2009-07-14 11:03 46080 c:\windows\SYSTEM32\tzchange.exe
    + 2004-08-04 11:00 . 2009-06-12 12:31 76288 c:\windows\SYSTEM32\telnet.exe
    - 2008-12-02 11:00 . 2007-08-11 04:46 26488 c:\windows\SYSTEM32\spupdsvc.exe
    + 2008-12-02 11:00 . 2008-07-09 07:38 26488 c:\windows\SYSTEM32\spupdsvc.exe
    + 2004-08-04 11:00 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\secur32.dll
    + 2004-08-04 11:00 . 2009-02-06 10:39 35328 c:\windows\SYSTEM32\sc.exe
    + 2004-08-04 11:00 . 2009-08-29 07:36 44544 c:\windows\SYSTEM32\pngfilt.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 44544 c:\windows\SYSTEM32\pngfilt.dll
    + 2005-03-30 05:05 . 2009-10-15 20:00 69748 c:\windows\SYSTEM32\PERFC009.DAT
    - 2005-03-30 05:05 . 2009-05-25 21:52 69748 c:\windows\SYSTEM32\PERFC009.DAT
    - 2004-08-04 11:00 . 2008-04-14 00:12 91648 c:\windows\SYSTEM32\mtxoci.dll
    + 2004-08-04 11:00 . 2008-06-12 14:23 91648 c:\windows\SYSTEM32\mtxoci.dll
    - 2004-08-04 11:00 . 2008-04-14 00:12 66560 c:\windows\SYSTEM32\mtxclu.dll
    + 2004-08-04 11:00 . 2008-06-12 14:23 66560 c:\windows\SYSTEM32\mtxclu.dll
    - 2007-08-14 02:54 . 2008-10-16 20:38 52224 c:\windows\SYSTEM32\msfeedsbs.dll
    + 2007-08-14 02:54 . 2009-08-29 07:36 52224 c:\windows\SYSTEM32\msfeedsbs.dll
    + 2004-08-04 11:00 . 2008-06-12 14:23 58880 c:\windows\SYSTEM32\msdtclog.dll
    - 2004-08-04 11:00 . 2008-04-14 00:11 58880 c:\windows\SYSTEM32\msdtclog.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 27648 c:\windows\SYSTEM32\jsproxy.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 27648 c:\windows\SYSTEM32\jsproxy.dll
    - 2007-08-14 02:39 . 2008-10-16 13:11 13824 c:\windows\SYSTEM32\ieudinit.exe
    + 2007-08-14 02:39 . 2009-08-28 10:28 13824 c:\windows\SYSTEM32\ieudinit.exe
    + 2004-08-04 11:00 . 2009-08-29 07:36 44544 c:\windows\SYSTEM32\iernonce.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 44544 c:\windows\SYSTEM32\iernonce.dll
    + 2004-08-04 11:00 . 2009-08-28 10:28 70656 c:\windows\SYSTEM32\ie4uinit.exe
    - 2004-08-04 11:00 . 2008-10-16 13:11 70656 c:\windows\SYSTEM32\ie4uinit.exe
    + 2007-08-14 02:36 . 2009-08-29 07:36 63488 c:\windows\SYSTEM32\icardie.dll
    - 2007-08-14 02:36 . 2008-10-16 20:38 63488 c:\windows\SYSTEM32\icardie.dll
    + 2004-08-04 11:00 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DRIVERS\ksecdd.sys
    + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
    + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\SYSTEM32\DLLCACHE\telnet.exe
    + 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
    - 2008-12-02 03:17 . 2008-10-16 20:38 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\SYSTEM32\DLLCACHE\mtxoci.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\SYSTEM32\DLLCACHE\mtxclu.dll
    + 2008-12-04 00:11 . 2009-08-29 07:36 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
    - 2008-12-04 00:11 . 2008-10-16 20:38 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\SYSTEM32\DLLCACHE\msdtclog.dll
    + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\SYSTEM32\DLLCACHE\msasn1.dll
    + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
    - 2008-12-02 03:17 . 2008-10-16 20:38 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
    + 2008-12-04 00:11 . 2009-08-28 10:28 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
    - 2008-12-04 00:11 . 2008-10-16 13:11 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
    + 2007-08-14 02:39 . 2009-08-29 07:36 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
    - 2007-08-14 02:39 . 2008-10-16 20:38 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
    + 2009-08-29 07:36 . 2009-08-29 07:36 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
    + 2007-08-14 02:39 . 2009-08-28 10:28 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
    - 2007-08-14 02:39 . 2008-10-16 13:11 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
    - 2008-12-04 00:11 . 2008-10-16 20:38 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
    + 2008-12-04 00:11 . 2009-08-29 07:36 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
    + 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\SYSTEM32\DLLCACHE\fontsub.dll
    + 2009-08-29 07:36 . 2009-08-29 07:36 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
    + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\SYSTEM32\DLLCACHE\avifil32.dll
    + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll
    + 2004-08-04 11:00 . 2009-06-10 14:13 84992 c:\windows\SYSTEM32\avifil32.dll
    - 2004-08-04 11:00 . 2008-04-14 00:11 84992 c:\windows\SYSTEM32\avifil32.dll
    - 2004-08-04 11:00 . 2008-04-14 00:11 58880 c:\windows\SYSTEM32\atl.dll
    + 2004-08-04 11:00 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\atl.dll
    + 2009-06-25 02:56 . 2009-06-25 02:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\hotfix.exe
    - 2007-04-14 04:58 . 2007-04-14 04:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor sn.dll
    + 2008-05-28 07:49 . 2008-05-28 07:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor sn.dll
    + 2008-05-28 07:49 . 2008-05-28 07:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ie.dll
    - 2007-04-14 04:57 . 2007-04-14 04:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ie.dll
    - 2007-04-14 04:57 . 2007-04-14 04:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPe rfMonExt.dll
    + 2008-05-28 07:49 . 2008-05-28 07:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPe rfMonExt.dll
    + 2008-05-28 08:30 . 2008-05-28 08:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_wp.exe
    - 2007-04-14 05:30 . 2007-04-14 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_wp.exe
    + 2009-10-15 18:48 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
    + 2009-10-15 18:48 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
    + 2009-10-15 18:48 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
    + 2009-10-15 18:48 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
    + 2009-10-15 18:48 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
    + 2009-10-15 18:48 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
    + 2009-10-15 18:48 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB974455-IE7\corpol.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 90112 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_99a1e 28c\System.Drawing.Design.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 61440 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\Custom Marshalers\1.0.5000.0__b03f5f7f11d50a3a_5244975c\C ustomMarshalers.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 50688 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIA utomationProvider\b9a622531616dcfbb005e0215d658848 \UIAutomationProvider.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 77824 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Windows.Pres#\6cdfcd83e12350178deba2d26d68d96e \System.Windows.Presentation.ni.dll
    + 2009-10-15 18:48 . 2009-10-15 18:48 48640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationFontCac#\ff3401f9aac1f01e1d15457d602811d3 \PresentationFontCache.ni.exe
    + 2009-10-15 22:27 . 2009-10-15 22:27 40960 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationCFFRast#\7f9d06eb470a85d80b676c9c8f0fd20d \PresentationCFFRasterizer.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 77824 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Vsa\d94fc25d39800cb137d0639137e0e9c5\Micros oft.Vsa.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 81920 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Fra#\e299fd71b4c71854673c47f85b4cf180 \Microsoft.Build.Framework.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 94208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Fra#\24e88fe2e103eac93e52fb6e2959085c \Microsoft.Build.Framework.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 15360 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\dfs vc\662febc2f309e92a880682f527f4e426\dfsvc.ni.exe
    + 2009-10-15 19:10 . 2009-10-15 19:10 27136 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Acc essibility\1a67452bf4558b2574698b6008e7af74\Access ibility.ni.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 90112 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 90112 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
    + 2009-10-15 13:52 . 2009-10-15 13:52 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
    + 2009-10-15 13:52 . 2009-10-15 13:52 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
    - 2009-04-11 01:05 . 2009-04-11 01:05 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2004-08-04 11:00 . 2009-04-10 08:01 530280 c:\windows\SYSTEM32\wmspdmod.dll
    + 2004-08-04 11:00 . 2009-07-13 17:08 286720 c:\windows\SYSTEM32\wmpdxm.dll
    - 2004-08-04 11:00 . 2008-04-14 00:12 132096 c:\windows\SYSTEM32\wkssvc.dll
    + 2004-08-04 11:00 . 2009-06-10 06:14 132096 c:\windows\SYSTEM32\wkssvc.dll
    + 2004-08-04 11:00 . 2008-12-16 12:30 354304 c:\windows\SYSTEM32\winhttp.dll
    - 2004-08-04 11:00 . 2008-04-14 00:12 354304 c:\windows\SYSTEM32\winhttp.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 233472 c:\windows\SYSTEM32\webcheck.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 233472 c:\windows\SYSTEM32\webcheck.dll
    + 2004-08-04 11:00 . 2009-02-06 10:10 227840 c:\windows\SYSTEM32\WBEM\wmiprvse.exe
    + 2004-08-04 11:00 . 2009-02-09 12:10 453120 c:\windows\SYSTEM32\WBEM\wmiprvsd.dll
    + 2004-08-04 11:00 . 2009-02-09 12:10 473600 c:\windows\SYSTEM32\WBEM\fastprox.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 105984 c:\windows\SYSTEM32\url.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 105984 c:\windows\SYSTEM32\url.dll
    + 2004-08-04 11:00 . 2009-02-06 11:11 110592 c:\windows\SYSTEM32\services.exe
    + 2004-08-04 11:00 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\schannel.dll
    + 2004-08-04 11:00 . 2009-02-09 12:10 401408 c:\windows\SYSTEM32\rpcss.dll
    + 2004-08-04 11:00 . 2009-04-15 14:51 585216 c:\windows\SYSTEM32\rpcrt4.dll
    - 2005-03-30 05:05 . 2009-05-25 21:52 436680 c:\windows\SYSTEM32\PERFH009.DAT
    + 2005-03-30 05:05 . 2009-10-15 20:00 436680 c:\windows\SYSTEM32\PERFH009.DAT
    + 2004-08-04 11:00 . 2009-03-06 14:22 284160 c:\windows\SYSTEM32\pdh.dll
    - 2004-08-04 11:00 . 2008-04-14 00:12 284160 c:\windows\SYSTEM32\pdh.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 102912 c:\windows\SYSTEM32\occache.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 102912 c:\windows\SYSTEM32\occache.dll
    + 2004-08-04 11:00 . 2009-02-09 12:10 714752 c:\windows\SYSTEM32\ntdll.dll
    + 2004-08-04 11:00 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\mswsock.dll
    - 2004-08-04 11:00 . 2008-04-14 00:12 245248 c:\windows\SYSTEM32\mswsock.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 671232 c:\windows\SYSTEM32\mstime.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 671232 c:\windows\SYSTEM32\mstime.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 193024 c:\windows\SYSTEM32\msrating.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 193024 c:\windows\SYSTEM32\msrating.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 477696 c:\windows\SYSTEM32\mshtmled.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 477696 c:\windows\SYSTEM32\mshtmled.dll
    - 2007-08-14 02:54 . 2008-10-16 20:38 459264 c:\windows\SYSTEM32\msfeeds.dll
    + 2007-08-14 02:54 . 2009-08-29 07:36 459264 c:\windows\SYSTEM32\msfeeds.dll
    + 2004-08-04 11:00 . 2008-06-12 14:23 161792 c:\windows\SYSTEM32\msdtcuiu.dll
    - 2004-08-04 11:00 . 2008-04-14 00:11 161792 c:\windows\SYSTEM32\msdtcuiu.dll
    + 2004-08-04 11:00 . 2008-06-12 14:23 956928 c:\windows\SYSTEM32\msdtctm.dll
    - 2004-08-04 11:00 . 2008-04-14 00:11 956928 c:\windows\SYSTEM32\msdtctm.dll
    + 2004-08-04 11:00 . 2008-06-12 14:23 428032 c:\windows\SYSTEM32\msdtcprx.dll
    + 2004-08-04 11:00 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\lsasrv.dll
    + 2004-08-04 11:00 . 2009-05-07 15:32 345600 c:\windows\SYSTEM32\localspl.dll
    - 2004-08-04 11:00 . 2008-04-14 00:11 989696 c:\windows\SYSTEM32\kernel32.dll
    + 2004-08-04 11:00 . 2009-03-21 14:06 989696 c:\windows\SYSTEM32\kernel32.dll
    + 2004-08-04 11:00 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\kerberos.dll
    - 2004-08-04 11:00 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\jscript.dll
    + 2004-08-04 11:00 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\jscript.dll
    + 2007-08-14 02:34 . 2009-08-29 07:36 268288 c:\windows\SYSTEM32\iertutil.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 385024 c:\windows\SYSTEM32\iedkcs32.dll
    + 2007-07-11 20:27 . 2009-08-29 07:36 380928 c:\windows\SYSTEM32\ieapfltr.dll
    - 2004-08-04 11:00 . 2008-10-15 07:04 161792 c:\windows\SYSTEM32\ieakui.dll
    + 2004-08-04 11:00 . 2009-08-27 05:18 161792 c:\windows\SYSTEM32\ieakui.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 230400 c:\windows\SYSTEM32\ieaksie.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 230400 c:\windows\SYSTEM32\ieaksie.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 153088 c:\windows\SYSTEM32\ieakeng.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 153088 c:\windows\SYSTEM32\ieakeng.dll
    + 2004-08-10 19:08 . 2009-10-19 05:10 243128 c:\windows\SYSTEM32\FNTCACHE.DAT
    - 2004-08-04 11:00 . 2008-10-16 20:38 133120 c:\windows\SYSTEM32\extmgr.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 133120 c:\windows\SYSTEM32\extmgr.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 214528 c:\windows\SYSTEM32\dxtrans.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 214528 c:\windows\SYSTEM32\dxtrans.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 347136 c:\windows\SYSTEM32\dxtmsft.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 347136 c:\windows\SYSTEM32\dxtmsft.dll
    + 2004-08-04 11:00 . 2008-06-20 11:08 225856 c:\windows\SYSTEM32\DRIVERS\tcpip6.sys
    + 2004-08-04 11:00 . 2008-06-20 11:51 361600 c:\windows\SYSTEM32\DRIVERS\tcpip.sys
    + 2004-08-04 11:00 . 2008-12-11 10:57 333952 c:\windows\SYSTEM32\DRIVERS\srv.sys
    - 2004-08-04 11:00 . 2008-04-14 00:11 147968 c:\windows\SYSTEM32\dnsapi.dll
    + 2004-08-04 11:00 . 2008-06-20 17:46 147968 c:\windows\SYSTEM32\dnsapi.dll
    + 2004-08-04 11:00 . 2009-04-10 08:01 530280 c:\windows\SYSTEM32\DLLCACHE\wmspdmod.dll
    + 2004-08-04 11:00 . 2009-07-13 17:08 286720 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
    + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
    + 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\SYSTEM32\DLLCACHE\winhttp.dll
    + 2007-08-14 02:54 . 2009-08-29 07:36 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
    - 2007-08-14 02:54 . 2008-10-16 20:38 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
    + 2007-08-14 02:44 . 2009-08-29 07:36 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
    - 2007-08-14 02:44 . 2008-10-16 20:38 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
    + 2008-06-20 11:08 . 2008-06-20 11:08 225856 c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys
    + 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
    + 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\SYSTEM32\DLLCACHE\t2embed.dll
    - 2008-12-10 23:21 . 2008-10-03 10:02 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
    + 2008-12-10 23:21 . 2009-08-26 08:00 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
    + 2008-12-02 11:04 . 2008-12-11 10:57 333952 c:\windows\SYSTEM32\DLLCACHE\srv.sys
    + 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
    + 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll
    - 2007-08-14 02:44 . 2008-10-16 20:38 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
    + 2007-08-14 02:44 . 2009-08-29 07:36 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
    + 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
    + 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\SYSTEM32\DLLCACHE\mswebdvd.dll
    + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
    - 2008-12-02 03:17 . 2008-10-16 20:38 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
    - 2008-12-02 03:17 . 2008-10-16 20:38 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
    - 2008-12-02 03:17 . 2008-10-16 20:38 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
    - 2008-12-04 00:11 . 2008-10-16 20:38 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
    + 2008-12-04 00:11 . 2009-08-29 07:36 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\SYSTEM32\DLLCACHE\msdtcuiu.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\SYSTEM32\DLLCACHE\msdtctm.dll
    + 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\SYSTEM32\DLLCACHE\msdtcprx.dll
    + 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
    + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\SYSTEM32\DLLCACHE\localspl.dll
    + 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
    + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
    - 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
    + 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
    + 2004-08-04 11:00 . 2009-08-27 05:18 634648 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
    + 2008-12-04 00:11 . 2009-08-29 07:36 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
    + 2007-08-14 02:39 . 2009-08-29 07:36 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
    + 2008-12-04 00:11 . 2009-08-29 07:36 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
    - 2007-08-14 01:56 . 2008-10-15 07:04 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
    + 2007-08-14 01:56 . 2009-08-27 05:18 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
    + 2007-08-14 02:39 . 2009-08-29 07:36 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
    - 2007-08-14 02:39 . 2008-10-16 20:38 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
    + 2007-08-14 02:39 . 2009-08-29 07:36 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
    - 2007-08-14 02:39 . 2008-10-16 20:38 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
    - 2008-12-02 03:17 . 2008-10-16 20:38 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
    - 2008-12-02 03:17 . 2008-10-16 20:38 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
    - 2008-12-02 03:17 . 2008-10-16 20:38 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
    + 2008-06-20 17:46 . 2008-06-20 17:46 147968 c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll
    - 2007-08-14 02:39 . 2008-10-16 20:38 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
    + 2007-08-14 02:39 . 2009-08-29 07:36 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 124928 c:\windows\SYSTEM32\advpack.dll
    - 2004-08-04 11:00 . 2008-10-16 20:38 124928 c:\windows\SYSTEM32\advpack.dll
    - 2004-08-04 11:00 . 2008-04-14 00:11 617472 c:\windows\SYSTEM32\advapi32.dll
    + 2004-08-04 11:00 . 2009-02-09 12:10 617472 c:\windows\SYSTEM32\advapi32.dll
    + 2009-08-08 09:35 . 2009-08-08 09:35 819016 c:\windows\Microsoft.NET\Framework\v2.0.50727\msco rdacwks.dll
    + 2008-05-28 07:49 . 2008-05-28 07:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ld.dll
    - 2007-04-14 04:58 . 2007-04-14 04:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ld.dll
    - 2007-04-14 04:56 . 2007-04-14 04:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor jit.dll
    + 2008-05-28 07:48 . 2008-05-28 07:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor jit.dll
    - 2007-04-14 05:30 . 2007-04-14 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll
    + 2008-05-28 08:30 . 2008-05-28 08:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB974455-IE7\wininet.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
    + 2009-10-15 18:48 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
    + 2009-10-15 18:48 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
    + 2009-10-15 18:48 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
    + 2009-10-15 18:48 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
    + 2009-10-15 18:48 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
    + 2009-10-15 18:48 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 835584 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_f06dd2b2\Sys tem.Drawing.dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 192512 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_280a9 dcc\System.Drawing.Design.dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 118784 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\Custom Marshalers\1.0.5000.0__b03f5f7f11d50a3a_eb1789f6\C ustomMarshalers.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 380928 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Wsa tConfig\ee523c18d34c6e11f6096e0bb878e67d\WsatConfi g.ni.exe
    + 2009-10-15 22:29 . 2009-10-15 22:29 270336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\a26a28600433ad4907b55e42ceb32a40 \WindowsFormsIntegration.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 196608 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIA utomationTypes\9fca74ebdde012b503cec6ee0d73b596\UI AutomationTypes.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 483328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIA utomationClient\6399149bd528ad5c007371ec893d82d7\U IAutomationClient.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 458752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Xml.Linq\90ecf577500413f4cc612434d59bf565\Syst em.Xml.Linq.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 237568 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Web.RegularE#\6b8f2e778eba3931057217c2512b201c \System.Web.RegularExpressions.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 880640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\243e31744402adbebb6aebe610fb55a5 \System.Web.Extensions.Design.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 684032 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Transactions\4bdd3ce8337c4619dfb09de5ab3f9b62\ System.Transactions.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 233472 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\47d862e0dc37c830cc3397decf6c0590 \System.ServiceProcess.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 733184 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Security\428a3be3d5be01f129e0effdc455d831\Syst em.Security.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 339968 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\ef827bc54e7620e870821803e8507c8b \System.Runtime.Serialization.Formatters.Soap.ni.d ll
    + 2009-10-15 22:28 . 2009-10-15 22:28 729088 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Net\c38e3e2766068205791f9ba92286398f\System.Ne t.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 356352 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Management.I#\b8ea9fdd4d0df7b7f10b2f514954fa18 \System.Management.Instrumentation.ni.dll
    + 2009-10-15 22:26 . 2009-10-15 22:26 417792 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.IO.Log\e81f4580e0c23765c6dde900f392f446\System .IO.Log.ni.dll
    + 2009-10-15 22:26 . 2009-10-15 22:26 241664 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.IdentityMode#\ed8e39453591d30135a5674ca7dbbe95 \System.IdentityModel.Selectors.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 294912 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3 \System.EnterpriseServices.Wrapper.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 659456 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3 \System.EnterpriseServices.ni.dll
    + 2009-10-15 18:51 . 2009-10-15 18:51 229376 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Drawing.Desi#\4593151ab44d4f61e4cafaf9e77a8d25 \System.Drawing.Design.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 937984 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\8f4a6e521fe3c8257e706338152acc8f \System.DirectoryServices.AccountManagement.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 512000 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\135aa2f31c01565700d44313b925a205 \System.DirectoryServices.Protocols.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 184320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Data.DataSet#\63402da5b777bf5021bc3e50c4b42e5d \System.Data.DataSetExtensions.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 163840 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Configuratio#\1105b46975896c9bc6e66d5f9079e716 \System.Configuration.Install.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 696320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.AddIn\4aa38945f8e3c247d1d162ccd705e7a6\System. AddIn.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 102400 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.AddIn.Contra#\cb239156223d1455d025454c762c59e6 \System.AddIn.Contract.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 323584 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMS vcHost\d7b7eeaae96dea8991ba2723c93a2392\SMSvcHost. ni.exe
    + 2009-10-15 22:27 . 2009-10-15 22:27 299008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMD iagnostics\47e0aab602bcd6e6e333ac24d7b8f6aa\SMDiag nostics.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 139264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Ser viceModelReg\8af5d1dac7b4e52f2cf21c6f5c0647c2\Serv iceModelReg.ni.exe
    + 2009-10-15 18:50 . 2009-10-15 18:50 393216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationFramewo#\e132e2525f13601d13efbd22549afbca \PresentationFramework.Aero.ni.dll
    + 2009-10-15 18:50 . 2009-10-15 18:50 274432 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationFramewo#\c49dd0ac011661f5cd81df49fa2390b9 \PresentationFramework.Royale.ni.dll
    + 2009-10-15 18:50 . 2009-10-15 18:50 245760 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationFramewo#\c340248174b3999d838745253310e932 \PresentationFramework.Classic.ni.dll
    + 2009-10-15 18:50 . 2009-10-15 18:50 552960 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationFramewo#\b1f6daefb01fd048efef31dfd3233dff \PresentationFramework.Luna.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 155648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\MSB uild\66b87acc1afeb6d4bf426773f4ea5473\MSBuild.ni.e xe
    + 2009-10-15 22:27 . 2009-10-15 22:27 401408 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Transacti#\7a27ef93b10fe08816dc25709fb33af7 \Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 167936 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Uti#\ab1dd1079764acac4cbe55d6555f4ff7 \Microsoft.Build.Utilities.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 196608 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Uti#\6ff9ba4057f061812db56ccc82db2516 \Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 876544 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Eng#\9e2334dbe9e76dd6fc2bde86c9b515b9 \Microsoft.Build.Engine.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 237568 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Con#\76e2409d2e0f856aaa3b463447149f0f \Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 237568 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Cus tomMarshalers\58ec7ce15fd463d65d3e45db4e0613cf\Cus tomMarshalers.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 503808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Com SvcConfig\c7a907c8b8d42cf645282c32bea13b6d\ComSvcC onfig.ni.exe
    + 2009-10-15 22:26 . 2009-10-15 22:26 884736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Asp NetMMCExt\2a66ea6b955eabdb437c6cfcac78c45e\AspNetM MCExt.ni.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 884736 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 884736 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
    + 2009-10-15 13:52 . 2009-10-15 13:52 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
    - 2009-04-11 01:04 . 2009-04-11 01:04 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 299008 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 299008 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 630784 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 630784 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 933888 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 933888 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 741376 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 741376 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 671744 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
    - 2009-04-11 01:04 . 2009-04-11 01:04 671744 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
    - 2009-04-11 01:04 . 2009-04-11 01:04 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
    - 2009-04-11 01:05 . 2009-04-11 01:05 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
    + 2009-10-15 13:52 . 2009-10-15 13:52 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 261120 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 261120 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 483840 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 483840 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
    + 2009-10-14 23:57 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
    + 2004-08-04 11:00 . 2009-05-20 19:44 2355200 c:\windows\SYSTEM32\WMVCore.dll
    + 2004-08-04 11:00 . 2009-07-13 17:08 5537792 c:\windows\SYSTEM32\wmp.dll
    - 2004-08-04 11:00 . 2007-04-30 16:20 5537792 c:\windows\SYSTEM32\wmp.dll
    + 2004-08-04 11:00 . 2009-04-17 12:26 1847168 c:\windows\SYSTEM32\win32k.sys
    + 2004-08-04 11:00 . 2009-08-29 07:36 1168384 c:\windows\SYSTEM32\urlmon.dll
    - 2004-08-04 11:00 . 2008-04-14 00:12 8461312 c:\windows\SYSTEM32\shell32.dll
    + 2004-08-04 11:00 . 2008-06-17 19:02 8461312 c:\windows\SYSTEM32\shell32.dll
    - 2004-08-04 11:00 . 2008-04-14 00:12 1435648 c:\windows\SYSTEM32\query.dll
    + 2004-08-04 11:00 . 2009-07-17 16:22 1435648 c:\windows\SYSTEM32\query.dll
    + 2004-08-04 11:00 . 2009-06-03 19:09 1291264 c:\windows\SYSTEM32\quartz.dll
    + 2004-08-04 11:00 . 2009-06-10 16:19 2066432 c:\windows\SYSTEM32\mstscax.dll
    + 2004-08-04 11:00 . 2009-08-29 07:36 3598336 c:\windows\SYSTEM32\mshtml.dll
    + 2007-08-14 02:54 . 2009-08-29 07:36 6067200 c:\windows\SYSTEM32\ieframe.dll
    + 2007-02-13 00:10 . 2009-06-29 08:33 2452872 c:\windows\SYSTEM32\ieapfltr.dat
    + 2004-08-04 11:00 . 2009-05-20 19:44 2355200 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
    - 2004-08-04 11:00 . 2007-04-30 16:20 5537792 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
    + 2004-08-04 11:00 . 2009-07-13 17:08 5537792 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
    + 2008-12-02 11:04 . 2009-04-17 12:26 1847168 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
    + 2008-12-02 03:17 . 2009-08-29 07:36 1168384 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
    + 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\SYSTEM32\DLLCACHE\shell32.dll
    + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\SYSTEM32\DLLCACHE\query.dll
    + 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
    - 2008-12-02 03:13 . 2008-08-14 10:11 2189184 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
    + 2008-12-02 03:13 . 2009-08-05 03:44 2189184 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
    - 2008-12-02 03:13 . 2008-08-14 09:33 2023936 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
    + 2008-12-02 03:13 . 2009-08-04 14:20 2023936 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
    + 2008-12-02 03:13 . 2009-08-04 14:20 2066048 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
    - 2008-12-02 03:13 . 2008-08-14 09:33 2066048 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
    - 2008-12-02 03:13 . 2008-08-14 10:09 2145280 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
    + 2008-12-02 03:13 . 2009-08-04 15:13 2145280 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
    + 2009-06-10 16:19 . 2009-06-10 16:19 2066432 c:\windows\SYSTEM32\DLLCACHE\mstscax.dll
    + 2008-12-02 03:17 . 2009-08-29 07:36 3598336 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
    + 2008-12-04 00:11 . 2009-08-29 07:36 6067200 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
    + 2008-12-04 00:11 . 2009-06-29 08:33 2452872 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
    + 2009-08-08 09:35 . 2009-08-08 09:35 5849920 c:\windows\Microsoft.NET\Framework\v2.0.50727\msco rwks.dll
    + 2009-08-08 09:35 . 2009-08-08 09:35 4345856 c:\windows\Microsoft.NET\Framework\v2.0.50727\msco rlib.dll
    + 2008-05-28 08:35 . 2008-05-28 08:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.Web.dll
    - 2007-04-14 05:35 . 2007-04-14 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.Web.dll
    + 2008-05-28 08:35 . 2008-05-28 08:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.dll
    - 2007-04-14 05:35 . 2007-04-14 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.dll
    - 2007-04-14 04:57 . 2007-04-14 04:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor wks.dll
    + 2008-05-28 07:48 . 2008-05-28 07:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor wks.dll
    - 2007-04-14 04:57 . 2007-04-14 04:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor svr.dll
    + 2008-05-28 07:48 . 2008-05-28 07:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor svr.dll
    + 2008-05-28 07:43 . 2008-05-28 07:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor lib.dll
    - 2007-04-14 04:50 . 2007-04-14 04:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor lib.dll
    + 2009-08-10 06:32 . 2009-08-10 06:32 5288960 c:\windows\Installer\7d433fa.msp
    + 2009-10-15 18:48 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
    + 2009-10-15 18:48 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
    + 2009-10-15 18:48 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
    + 2009-10-15 18:48 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dat
    + 2008-12-02 03:13 . 2009-08-05 03:44 2189184 c:\windows\Driver Cache\I386\ntoskrnl.exe
    - 2008-12-02 03:13 . 2008-08-14 10:11 2189184 c:\windows\Driver Cache\I386\ntoskrnl.exe
    - 2008-12-02 03:13 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\I386\ntkrpamp.exe
    + 2008-12-02 03:13 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\I386\ntkrpamp.exe
    + 2008-12-02 03:13 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\I386\ntkrnlpa.exe
    - 2008-12-02 03:13 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\I386\ntkrnlpa.exe
    + 2008-12-02 03:13 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\I386\ntkrnlmp.exe
    - 2008-12-02 03:13 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\I386\ntkrnlmp.exe
    + 2009-10-15 13:51 . 2009-10-15 13:51 4792320 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System \1.0.5000.0__b77a5c561934e089_ef00d4c6\System.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 1966080 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System \1.0.5000.0__b77a5c561934e089_cc30d6f4\System.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 2088960 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Xml\1.0.5000.0__b77a5c561934e089_7c313c02\System. Xml.dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 5513216 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Xml\1.0.5000.0__b77a5c561934e089_14febbec\System. Xml.dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 7884800 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_53dd72 98\System.Windows.Forms.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 3018752 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_52b54f 64\System.Windows.Forms.dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 2244608 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_14b8bb54\Sys tem.Drawing.dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 3395584 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_aa4b2f75\Syst em.Design.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 1470464 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_a9dcab4d\Syst em.Design.dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 8908800 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\MSCORL IB\1.0.5000.0__b77a5c561934e089_c8fd1c07\mscorlib. dll
    + 2009-10-15 13:51 . 2009-10-15 13:51 3391488 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\MSCORL IB\1.0.5000.0__b77a5c561934e089_1a452510\mscorlib. dll
    + 2009-10-15 18:48 . 2009-10-15 18:48 3403776 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Win dowsBase\dfd60c318a7316f9a7b7b3d997ee4ebd\WindowsB ase.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 1118208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIA utomationClients#\8c2536730a74819833e8d1eb69a9a646 \UIAutomationClientsideProviders.ni.dll
    + 2009-10-15 18:48 . 2009-10-15 18:48 8310784 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll
    + 2009-10-15 18:52 . 2009-10-15 18:52 5771264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Xml\717cce3690d643df19d6a4117283048e\System.Xm l.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 1585152 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.WorkflowServ#\32af08b16f34e5661bfde3f96c3b3c59 \System.WorkflowServices.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 2105344 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Workflow.Run#\423638994e98efd90ec1dfde0649cc91 \System.Workflow.Runtime.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 4583424 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Workflow.Com#\227149a442681e36715bb88e3589e039 \System.Workflow.ComponentModel.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 3088384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Workflow.Act#\379eb1ae2d1ad4f4e6da6c5865322c55 \System.Workflow.Activities.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 1986560 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Web.Services\aa319d767042e97c692041f76f123f2f\ System.Web.Services.ni.dll
    + 2009-10-15 22:29 . 2009-10-15 22:29 2342912 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Web.Mobile\b7092e8403b56e3913488855e45a35ff\Sy stem.Web.Mobile.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 2420736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\475081a0245b53d4fca01abfd2d33b9d \System.Web.Extensions.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 2039808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Speech\736d8a2291d7173935e6e0945e5c17cd\System .Speech.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 1601536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.ServiceModel#\edc9b39f342c1f7b81c92c105bed4d63 \System.ServiceModel.Web.ni.dll
    + 2009-10-15 22:26 . 2009-10-15 22:26 2445312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\44fce5ee5d99270d4b6edc34256d6b21 \System.Runtime.Serialization.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 1134592 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Printing\b2f88468f0bef357e846afa982a2499a\Syst em.Printing.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 1064960 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Management\0b655ffd2d01e5740f46e1c78f0833a1\Sy stem.Management.ni.dll
    + 2009-10-15 22:26 . 2009-10-15 22:26 1122304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.IdentityModel\7781d1b2914db9b9792ba20230f52bf5 \System.IdentityModel.ni.dll
    + 2009-10-15 18:51 . 2009-10-15 18:51 1667072 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Drawing\e58e83951091f2616344c5d2a6787660\Syste m.Drawing.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 1224704 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\e96695c65a4104ee4687f3e5f0581d34 \System.DirectoryServices.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 1798144 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Deployment\f0a1895c7d475f156ed4cdd9f0bd2797\Sy stem.Deployment.ni.dll
    + 2009-10-15 18:50 . 2009-10-15 18:50 7102464 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Data\b39a611d2b2fc659d5472dd76b24d3b2\System.D ata.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 2756608 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Data.SqlXml\a40074cafd6ba635e32950af0e099c7d\S ystem.Data.SqlXml.ni.dll
    + 2009-10-15 18:50 . 2009-10-15 18:50 2592768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Data.Linq\bcc1921fa645d1983efb4006c1b1f4bd\Sys tem.Data.Linq.ni.dll
    + 2009-10-15 18:50 . 2009-10-15 18:50 2347008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Core\aab7dbce5c61725f815d4a446ecc0ef2\System.C ore.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 1011712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Configuration\e2de26078a8c3d29dbfcf408e23aa2b1 \System.Configuration.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 2416640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Rea chFramework\50372bb0a6034564ae23694c9f7f072c\Reach Framework.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 2035712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationUI\c052ed4c2cafacbde96dd4984611269f\Prese ntationUI.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 1581056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationBuildTa#\5b363159779eca8315a5d4bcf07823f2 \PresentationBuildTasks.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 1740800 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\ed0cdc51d89bb41a9ab760ca3cf52bf9 \Microsoft.VisualBasic.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 1232896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Transacti#\a1bbeca12b0ba2e80de08ebe6b13a862 \Microsoft.Transactions.Bridge.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 2441216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.JScript\1822d4d26d06cc01b65408493ac1a2b4\Mi crosoft.JScript.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 1695744 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\b846f5c1b90e4222e79a420d92062f79 \Microsoft.Build.Tasks.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 1966080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\97e0f012f5892553aa1be1f456f51a94 \Microsoft.Build.Tasks.v3.5.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 1892352 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Mic rosoft.Build.Eng#\f995aa0150ee7b6ae2e85a1acee09f16 \Microsoft.Build.Engine.ni.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 3076096 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 3076096 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 2068480 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 2068480 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 5013504 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 5013504 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2009-04-11 01:05 . 2009-04-11 01:05 5070848 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 5070848 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 5431296 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 5431296 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
    - 2009-04-11 01:04 . 2009-04-11 01:04 3036160 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 3036160 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
    + 2009-10-15 13:52 . 2009-10-15 13:52 4345856 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 1232896 c:\windows\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c5 61934e089\System.dll
    - 2008-12-02 14:40 . 2008-12-02 14:40 1232896 c:\windows\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c5 61934e089\System.dll
    - 2008-12-02 14:40 . 2008-12-02 14:40 1265664 c:\windows\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03 f5f7f11d50a3a\System.Web.dll
    + 2009-10-15 13:50 . 2009-10-15 13:50 1265664 c:\windows\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03 f5f7f11d50a3a\System.Web.dll
    + 2009-08-11 04:08 . 2009-08-11 04:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M953297\M953297Uninstall.msp
    + 2009-08-10 21:09 . 2009-08-10 21:09 17254912 c:\windows\Installer\7d433f2.msp
    + 2009-10-15 18:51 . 2009-10-15 18:51 13193216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\9d25b8eabd8203e4d0490363140c4526 \System.Windows.Forms.ni.dll
    + 2009-10-15 22:28 . 2009-10-15 22:28 12517376 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Web\16a34a274ee877b4cf03d1a1bb57eb82\System.We b.ni.dll
    + 2009-10-15 22:27 . 2009-10-15 22:27 18153472 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.ServiceModel\299c38b70a596904e4274c9450221e6a\ System.ServiceModel.ni.dll
    + 2009-10-15 18:51 . 2009-10-15 18:51 10936320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Sys tem.Design\2aab58cae4d998cf867f483302e94c27\System .Design.ni.dll
    + 2009-10-15 18:50 . 2009-10-15 18:50 15044608 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationFramewo#\620c65049de60114ae182c70ebbb3305 \PresentationFramework.ni.dll
    + 2009-10-15 18:49 . 2009-10-15 18:49 12595200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Pre sentationCore\dbfa432eec6dd6c069fc11ce09a967e6\Pre sentationCore.ni.dll
    + 2009-10-15 13:53 . 2009-10-15 13:53 11436032 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\msc orlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni .dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e2878c1-bb87-471b-be7d-7cd18fdc3ccb}]
    2009-07-16 21:48 52224 --sha-w- c:\windows\SYSTEM32\sewupedi.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
    "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-18 180224]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
    "MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpda te.exe" [2006-01-11 212992]
    "MCAgentExe"="c:\progra~1\mcafee.com\agent\McAgent .exe" [2005-09-23 303104]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\sadasdgfd.exe" [2009-09-10 1312080]
    "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-30 98304]
    "vibuyujes"="c:\windows\system32\vadurota.dll" [BU]
    "kazakajezu"="rokesoza.dll" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-1-17 450560]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

    [HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\c:^documents and settings^dondon^start menu^programs^startup^hamachi.lnk]
    path=c:\documents and settings\DonDon\Start Menu\Programs\Startup\hamachi.lnk
    backup=c:\windows\pss\hamachi.lnkStartup

    [HKLM\~\startupfolder\c:^documents and settings^dondon^start menu^programs^startup^ikowin32.exe]
    path=c:\documents and settings\DonDon\Start Menu\Programs\Startup\ikowin32.exe
    backup=c:\windows\pss\ikowin32.exeStartup

    [HKLM\~\startupfolder\c:^documents and settings^dondon^start menu^programs^startup^limewire on startup.lnk]
    path=c:\documents and settings\DonDon\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\p ol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "c:\\Program Files\\Atari\\RollerCoaster Tycoon 3 Platinum\\RCT3plus.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Dell Support\\DSAgnt.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
    "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dla\\tfswctrl.exe"=
    "c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LVCOMSX.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
    "c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "56920:TCP"= 56920:TCP:Pando Media Booster
    "56920:UDP"= 56920:UDP:Pando Media Booster

    S2 antippolice_;AntiPol;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
    S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiF iltr.sys [3/29/2005 10:21 PM 23296]
    S3 tap0901;TAP-Win32 Adapter V9;c:\windows\SYSTEM32\DRIVERS\tap0901.sys [11/19/2008 11:22 AM 25216]
    S3 xdva281;XDva281;\??\c:\windows\system32\XDva281.sy s --> c:\windows\system32\XDva281.sys [?]
    S4 gupdate1c9fc589d42eba0;Google Update Service (gupdate1c9fc589d42eba0);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 8:36 PM 133104]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 03:36]

    2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 03:36]

    2009-10-10 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (KOMODO-Daryll).job
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-03-30 23:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dell4me.com/myway
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    FF - ProfilePath - c:\documents and settings\DonDon\Application Data\Mozilla\Firefox\Profiles\3z4u6lch.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - plugin: c:\documents and settings\DonDon\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\DonDon\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - HiddenExtension: XUL Cache: {CD5F93F5-4EEF-4949-82C3-AAA6F6F14995} - c:\documents and settings\DonDon\Local Settings\Application Data\{CD5F93F5-4EEF-4949-82C3-AAA6F6F14995}
    FF - HiddenExtension: XUL Cache: {2B769074-89E3-4769-A231-00175C5B40BB} - c:\documents and settings\Administrator\Local Settings\Application Data\{2B769074-89E3-4769-A231-00175C5B40BB}\
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-28417224 - c:\docume~1\ALLUSE~1\APPLIC~1\28417224\28417224.ex e
    HKLM-Run-83597436 - c:\docume~1\ALLUSE~1\APPLIC~1\83597436\83597436.ex e
    HKLM-Run-10736421 - c:\docume~1\ALLUSE~1\APPLIC~1\10736421\10736421.ex e
    SharedTaskScheduler-{0be722f5-19e4-4be3-b56b-c20e9e76c9d7} - c:\windows\system32\vadurota.dll
    SSODL-yumuluhiz-{0be722f5-19e4-4be3-b56b-c20e9e76c9d7} - c:\windows\system32\vadurota.dll



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-10-19 17:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2172)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\progra~1\mcafee.com\vso\McVSSkt.dll
    c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SYSTEM32\ati2evxx.exe
    c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\SYSTEM32\wdfmgr.exe
    c:\windows\SYSTEM32\wscntfy.exe
    c:\progra~1\McAfee.com\VSO\McVSEscn.exe
    c:\program files\Logitech\Video\FxSvr2.exe
    .
    ************************************************** ************************
    .
    Completion time: 2009-10-20 17:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-10-20 00:53
    ComboFix2.txt 2009-10-14 01:27

    Pre-Run: 14,744,539,136 bytes free
    Post-Run: 14,704,615,424 bytes free

    823 --- E O F --- 2009-10-15 18:53


    __________________________________________________ _______

    Hijack Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 546 PM, on 10/19/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2e2878c1-bb87-471b-be7d-7cd18fdc3ccb} - sewupedi.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\sadasdgfd.exe" /runcleanupscript
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vibuyujes] Rundll32.exe "c:\windows\system32\vadurota.dll",a
    O4 - HKLM\..\Run: [kazakajezu] Rundll32.exe "rokesoza.dll",s
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: AntiPol (antippolice_) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 7219 bytes
  7. 20-10-2009  #6
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    OK now I need you to run malwarebytes from safe mode and post the log from that please.

    Safe Mode:


    Now reboot into safe mode( without networking support) by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
+ Reply to Thread
« [Active] top three anti virus software programs | [Active] windbg.exe »