Hacked Hotmail Account & PC slows

r0adrunner · October 11, 2010

Steps 1, 2 and 3 completed.

Step 1 report

All processes killed

========== OTL ==========

Error: No service named 0181921283611021mcinstcleanup) McAfee Application Installer Cleanup (0181921283611021 was found to stop!

Service\Driver key 0181921283611021mcinstcleanup) McAfee Application Installer Cleanup (0181921283611021 not found.

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\018192~1.EXE File not found not found.

Error: No service named McAfeeFramework was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeFramework deleted successfully.

C:\Program Files\McAfee\Common Framework\FrameworkService.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI deleted successfully.

C:\Program Files\McAfee\Common Framework\UdaterUI.exe moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 52364906 bytes

->Temporary Internet Files folder emptied: 240030714 bytes

->Java cache emptied: 605201 bytes

->FireFox cache emptied: 56315453 bytes

->Google Chrome cache emptied: 34085531 bytes

->Flash cache emptied: 222742 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 194079 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3660601 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13733942 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes

RecycleBin emptied: 54252 bytes

Total Files Cleaned = 385.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10112010_091616

Files\Folders moved on Reboot...

C:\Documents and Settings\Administrator\Local Settings\Temp\IadHide5.dll moved successfully.

Registry entries deleted on Reboot...

Starbuck · October 11, 2010

Hi r0adrunner,

How's the system running now?

r0adrunner · October 13, 2010

I am afraid that it is the same as before. Today the fans started to be audible and the PC ground to a halt. I pressed CTRL+ALT+DEL and the CPU was working at 100% with firefox.exe at about 130,000k and plugin-container.exe at 100,000k.

I forgot to mention before that I always have to cancel a Windows Installer dialogue box several times when I switch on the PC. I don't know whether that is of any relevance.

Thanks.

Starbuck · October 14, 2010

Hi r0adrunner,

I'm not really convinced that this is malware, but let's look a little deeper to be on the safe side.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista, you may not see this screen
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks

r0adrunner · October 25, 2010

I had ComboxFix already installed.

Here is the log it produced as requested. Thanks for any further advice.

ComboFix 10-10-23.02 - Administrator 25/10/2010 9:22.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.571 [GMT 1:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Local Settings\Application Data\Temp

c:\documents and settings\Administrator\Local Settings\Application Data\Temp\BITDA.tmp

.

((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))

.

2010-10-25 08:12 . 2010-10-25 08:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira

2010-10-23 11:13 . 2010-10-23 11:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-10-21 08:05 . 2010-10-21 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-10-21 08:05 . 2010-10-23 11:12 -------- d-----w- c:\program files\McAfee Security Scan

2010-10-14 10:23 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 10:23 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 10:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-11 08:52 . 2010-10-11 08:52 -------- d-----w- c:\program files\Common Files\Java

2010-10-11 08:52 . 2010-10-11 08:51 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2010-10-11 08:52 . 2010-10-11 08:51 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-11 08:52 . 2010-10-11 08:51 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-11 08:16 . 2010-10-11 08:16 -------- d-----w- C:\_OTL

2010-10-07 08:25 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-07 08:25 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-07 08:25 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-10-07 08:25 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-10-07 08:25 . 2010-10-07 08:25 -------- d-----w- c:\program files\Avira

2010-10-07 08:25 . 2010-10-07 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38 . 2009-05-07 07:34 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-05-06 10:46 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-04_15.04.24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2010-10-25 08:05 . 2010-10-25 08:05 16384 c:\windows\temp\Perflib_Perfdata_c4.dat

+ 2009-05-06 11:22 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe

- 2009-05-06 11:22 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

- 2004-08-04 12:00 . 2010-06-24 12:15 44544 c:\windows\system32\pngfilt.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll

+ 2004-08-04 12:00 . 2010-10-06 14:19 67762 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2010-08-11 22:24 67762 c:\windows\system32\perfc009.dat

- 2007-08-13 17:54 . 2010-06-24 12:15 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 27648 c:\windows\system32\jsproxy.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 44544 c:\windows\system32\iernonce.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll

- 2004-08-04 12:00 . 2010-06-23 12:06 70656 c:\windows\system32\ie4uinit.exe

+ 2004-08-04 12:00 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe

- 2007-08-13 17:36 . 2010-06-24 12:15 63488 c:\windows\system32\icardie.dll

+ 2007-08-13 17:36 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll

+ 2010-10-07 08:25 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll

+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

+ 2007-08-13 17:36 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2007-08-13 17:36 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2009-05-07 07:21 . 2010-06-24 12:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-05-07 07:21 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2007-08-13 17:54 . 2010-06-24 12:15 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2009-05-07 07:21 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2009-05-07 07:21 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2007-08-13 17:39 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll

- 2007-08-13 17:39 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2009-05-07 07:34 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll

- 2009-05-07 07:34 . 2010-06-24 12:15 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2007-08-13 17:39 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2007-08-13 17:39 . 2010-06-23 12:06 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-05-07 07:21 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll

- 2009-05-07 07:21 . 2010-06-24 12:15 63488 c:\windows\system32\dllcache\icardie.dll

+ 2007-08-13 17:42 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll

- 2007-08-13 17:42 . 2010-06-24 12:15 17408 c:\windows\system32\dllcache\corpol.dll

- 2010-03-23 04:31 . 2010-03-23 04:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2010-09-22 08:43 . 2010-09-22 08:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2010-10-18 16:14 . 2010-10-18 16:14 21504 c:\windows\Installer\2de930.msi

+ 2010-06-04 09:11 . 2010-09-29 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-06-04 09:11 . 2010-06-04 09:11 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll

+ 2010-10-14 12:46 . 2010-06-23 12:06 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe

+ 2010-10-14 12:46 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll

+ 2010-10-14 12:46 . 2010-06-23 12:06 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe

+ 2010-10-14 12:46 . 2010-06-24 12:15 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-09-15 12:42 . 2008-04-14 04:42 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe

+ 2010-09-15 12:41 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll

+ 2010-09-15 12:41 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll

+ 2010-09-15 12:41 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll

+ 2010-09-15 12:41 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll

+ 2010-09-15 12:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll

+ 2010-09-15 12:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll

+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

+ 2010-09-15 12:42 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll

+ 2010-09-15 12:42 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll

+ 2010-09-15 12:40 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll

+ 2010-09-15 12:40 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll

+ 2010-09-15 12:42 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll

+ 2010-09-15 12:42 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-08-11 22:23 . 2010-08-11 22:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-09-15 12:41 . 2008-05-03 11:55 2560 c:\windows\$NtUninstallKB982802$\xpsp4res.dll

+ 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

- 2004-08-04 12:00 . 2008-04-14 04:42 293376 c:\windows\system32\winsrv.dll

+ 2004-08-04 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 233472 c:\windows\system32\webcheck.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll

- 2004-08-04 12:00 . 2008-04-14 04:42 406016 c:\windows\system32\usp10.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2010-08-11 22:24 432806 c:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2010-10-06 14:19 432806 c:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 102912 c:\windows\system32\occache.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 671232 c:\windows\system32\mstime.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 193024 c:\windows\system32\msrating.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll

+ 2006-10-18 20:47 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll

- 2006-10-18 20:47 . 2006-10-18 20:47 317440 c:\windows\system32\MP4SDECD.dll

+ 2010-09-29 07:23 . 2010-09-29 07:23 232912 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

+ 2010-09-29 07:23 . 2010-09-29 07:23 311760 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.dll

+ 2010-09-05 19:12 . 2010-09-05 19:12 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe

+ 2010-10-11 08:52 . 2010-10-11 08:51 153376 c:\windows\system32\javaws.exe

+ 2010-10-11 08:52 . 2010-10-11 08:51 145184 c:\windows\system32\javaw.exe

+ 2010-10-11 08:52 . 2010-10-11 08:51 145184 c:\windows\system32\java.exe

+ 2008-01-16 05:51 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll

+ 2007-08-13 17:34 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll

- 2007-08-13 17:34 . 2010-06-24 12:15 268288 c:\windows\system32\iertutil.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 192512 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll

- 2007-07-11 11:27 . 2010-06-24 12:15 380928 c:\windows\system32\ieapfltr.dll

+ 2007-07-11 11:27 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll

- 2004-08-04 12:00 . 2010-06-17 15:11 161792 c:\windows\system32\ieakui.dll

+ 2004-08-04 12:00 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 230400 c:\windows\system32\ieaksie.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 153088 c:\windows\system32\ieakeng.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll

- 1980-01-11 06:28 . 2010-08-12 09:08 260640 c:\windows\system32\FNTCACHE.DAT

+ 1980-01-11 06:28 . 2010-10-14 15:01 260640 c:\windows\system32\FNTCACHE.DAT

- 2004-08-04 12:00 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 347136 c:\windows\system32\dxtmsft.dll

+ 2009-05-06 10:46 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe

+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

- 2009-02-20 08:10 . 2010-06-24 12:15 832512 c:\windows\system32\dllcache\wininet.dll

+ 2009-02-20 08:10 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll

- 2007-08-13 17:54 . 2010-06-24 12:15 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll

- 2007-08-13 17:44 . 2010-06-24 12:15 105984 c:\windows\system32\dllcache\url.dll

+ 2007-08-13 17:44 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll

+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll

- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2009-05-06 10:48 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys

+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll

- 2007-08-13 17:44 . 2010-06-24 12:15 102912 c:\windows\system32\dllcache\occache.dll

+ 2007-08-13 17:44 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll

- 2007-08-13 17:54 . 2010-06-24 12:15 671232 c:\windows\system32\dllcache\mstime.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll

- 2007-08-13 17:44 . 2010-06-24 12:15 193024 c:\windows\system32\dllcache\msrating.dll

+ 2007-08-13 17:44 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-05-07 07:21 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

+ 2010-09-18 11:23 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2004-08-04 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll

+ 2009-05-06 10:47 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2007-08-13 17:43 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe

- 2009-05-07 07:21 . 2010-06-24 12:15 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2009-05-07 07:21 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll

- 2007-08-13 17:54 . 2010-06-24 12:15 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2007-08-13 17:39 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-05-07 07:21 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2009-05-07 07:21 . 2010-06-24 12:15 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2004-08-04 12:00 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll

- 2004-08-04 12:00 . 2010-06-17 15:11 161792 c:\windows\system32\dllcache\ieakui.dll

- 2007-08-13 17:39 . 2010-06-24 12:15 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2007-08-13 17:39 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2007-08-13 17:39 . 2010-06-24 12:15 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 17:39 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll

- 2007-08-13 17:54 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll

- 2007-08-13 17:35 . 2010-06-24 12:15 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2007-08-13 17:35 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2007-08-13 17:35 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2007-08-13 17:35 . 2010-06-24 12:15 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll

- 2007-08-13 17:39 . 2010-06-24 12:15 124928 c:\windows\system32\dllcache\advpack.dll

+ 2007-08-13 17:39 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 124928 c:\windows\system32\advpack.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll

+ 2010-09-22 08:43 . 2010-09-22 08:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2010-03-23 04:31 . 2010-03-23 04:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-10-07 08:24 . 2010-10-07 08:24 219648 c:\windows\Installer\376f4c.msi

+ 2010-10-11 08:52 . 2010-10-11 08:52 180224 c:\windows\Installer\1a2ec.msi

+ 2010-10-11 08:51 . 2010-10-11 08:51 677376 c:\windows\Installer\1a2e7.msi

+ 2010-09-23 20:02 . 2010-09-23 20:02 798208 c:\windows\Installer\16fc45f.msp

- 2010-06-20 17:39 . 2010-06-20 17:39 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

+ 2010-10-01 21:50 . 2010-10-01 21:50 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

+ 2010-10-14 12:46 . 2010-06-24 12:15 832512 c:\windows\ie7updates\KB2360131-IE7\wininet.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll

+ 2010-10-14 12:47 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll

+ 2010-10-14 12:47 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe

+ 2010-10-14 12:46 . 2010-06-24 12:15 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll

+ 2010-10-14 12:46 . 2010-06-17 15:12 634656 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe

+ 2010-10-14 12:46 . 2010-06-24 12:15 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 192512 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll

+ 2010-10-14 12:46 . 2010-06-17 15:11 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f39d526b39e8928e719d9ce8a971383e\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0916f4cf87dafdf941b66056dd0e005\WindowsLive.Writer.BlogClient.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa7ddbdf38e8a7129fb0befd951897f5\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7619247d1c0a0779042423940f5f93de\WindowsLive.Writer.HtmlParser.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe

+ 2010-10-06 17:33 . 2010-10-06 17:33 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-09-15 12:41 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll

+ 2010-09-15 12:41 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe

+ 2010-09-15 12:41 . 2009-04-15 14:51 585216 c:\windows\$NtUninstallKB982802$\rpcrt4.dll

+ 2010-09-15 12:41 . 2008-04-14 04:42 406016 c:\windows\$NtUninstallKB981322$\usp10.dll

+ 2010-09-15 12:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll

+ 2010-09-15 12:41 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe

+ 2010-09-15 12:42 . 2007-07-27 22:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll

+ 2010-09-15 12:42 . 2007-07-27 22:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe

+ 2010-09-15 12:42 . 2006-10-18 20:47 317440 c:\windows\$NtUninstallKB975558_WM8$\mp4sdecd.dll

+ 2010-09-15 12:42 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll

+ 2010-09-15 12:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe

+ 2010-09-15 12:42 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll

+ 2010-09-15 12:42 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe

+ 2010-09-15 12:40 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll

+ 2010-09-15 12:40 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe

+ 2010-09-15 12:40 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll

+ 2010-09-15 12:42 . 2008-04-14 04:42 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll

+ 2010-09-15 12:42 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll

+ 2010-09-15 12:42 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe

+ 2010-09-15 12:41 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982802\update\updspapi.dll

+ 2010-09-15 12:41 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982802\update\update.exe

+ 2010-09-15 12:41 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982802\spuninst.exe

+ 2010-07-23 06:13 . 2010-07-23 06:13 590848 c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll

+ 2010-09-15 12:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll

+ 2010-09-15 12:41 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe

+ 2010-09-15 12:41 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe

+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

+ 2010-09-15 12:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll

+ 2010-09-15 12:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe

+ 2010-09-15 12:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe

+ 2010-09-15 12:42 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll

+ 2010-09-15 12:42 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe

+ 2010-09-15 12:42 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe

+ 2010-09-15 12:40 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll

+ 2010-09-15 12:40 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe

+ 2010-09-15 12:40 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe

+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll

+ 2010-09-15 12:42 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll

+ 2010-09-15 12:42 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe

+ 2010-09-15 12:42 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe

+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll

+ 2010-10-14 10:23 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll

- 2004-08-04 12:00 . 2010-06-24 12:15 1168384 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll

+ 2004-08-04 12:00 . 2010-09-09 13:38 3601920 c:\windows\system32\mshtml.dll

+ 2010-09-05 19:12 . 2010-09-05 19:12 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2007-08-13 17:54 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll

+ 2009-02-09 11:13 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys

- 2009-02-20 08:10 . 2010-06-24 12:15 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2009-02-20 08:10 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll

+ 2009-02-20 08:11 . 2010-09-09 13:38 3601920 c:\windows\system32\dllcache\mshtml.dll

+ 2009-05-07 07:21 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll

- 2010-03-23 04:32 . 2010-03-23 04:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-09-22 08:44 . 2010-09-22 08:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-10-01 21:50 . 2010-10-01 21:50 1575936 c:\windows\Installer\d5ea.msi

+ 2010-09-23 06:39 . 2010-09-23 06:39 4265472 c:\windows\Installer\16fc458.msp

+ 2010-10-14 12:46 . 2010-06-24 12:15 1168384 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 3600896 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll

+ 2010-10-14 12:46 . 2010-06-24 12:15 6067200 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d13674449b3ae21327820bddbd7e445f\WindowsLive.Writer.PostEditor.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c266f56473a94ee07c092381c2ff9522\WindowsLive.Writer.CoreServices.ni.dll

+ 2010-10-06 17:37 . 2010-10-06 17:37 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll

+ 2010-10-06 17:37 . 2010-10-06 17:37 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll

+ 2010-10-06 17:37 . 2010-10-06 17:37 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll

+ 2010-10-06 17:33 . 2010-10-06 17:33 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll

+ 2010-10-06 17:36 . 2010-10-06 17:36 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll

+ 2010-10-06 17:35 . 2010-10-06 17:35 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-10-06 14:20 . 2010-10-06 14:20 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2009-08-06 09:57 . 2009-08-06 09:57 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-08-11 22:22 . 2010-08-11 22:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-10-06 14:19 . 2010-10-06 14:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-08-11 22:23 . 2010-08-11 22:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-10-06 14:18 . 2010-10-06 14:18 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2004-08-04 12:00 . 2010-08-25 22:36 10841088 c:\windows\system32\wmp.dll

- 2004-08-04 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll

+ 2009-05-06 13:00 . 2010-10-14 12:44 35385288 c:\windows\system32\MRT.exe

- 2004-08-04 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll

+ 2004-08-04 12:00 . 2010-08-25 22:36 10841088 c:\windows\system32\dllcache\wmp.dll

+ 2010-09-29 10:00 . 2010-09-29 10:00 20303872 c:\windows\Installer\91ecf8.msp

+ 2010-09-07 22:33 . 2010-09-07 22:33 20303872 c:\windows\Installer\174e815.msp

+ 2010-10-06 17:35 . 2010-10-06 17:35 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll

+ 2010-10-06 17:34 . 2010-10-06 17:34 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll

+ 2010-10-06 17:07 . 2010-10-06 17:07 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-16 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]

"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-07-26 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-07-26 114688]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"EMCKEYBOARD"="c:\program files\EMC\Keyboard Application\1.2\EMCKBAPP.exe" [2005-12-09 376320]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-17 202256]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]

KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 08:56 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 08:56 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/10/2010 09:25 135336]

S0 jcozyjmg;jcozyjmg; [x]

S2 0181921283611021mcinstcleanup;McAfee Application Installer Cleanup (0181921283611021);c:\docume~1\ADMINI~1\LOCALS~1\Temp\018192~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\018192~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate1ca108c77a411ec;Google Update Service (gupdate1ca108c77a411ec);c:\program files\Google\Update\GoogleUpdate.exe [29/07/2009 21:38 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 08:56 12872]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [15/05/2009 17:09 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [15/05/2009 17:09 12672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 20:37]

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 20:37]

2010-10-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-329068152-682003330-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-329068152-682003330-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tiscali.co.uk/

uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {20B383DE-5205-4113-8C5A-AC4AC2CD08B3} = 212.139.132.11 212.139.132.10

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\77ot5j1l.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.co.uk/

FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-10-25 09:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-329068152-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,1f,f3,df,b9,4c,6e,4e,a4,10,85,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,1f,f3,df,b9,4c,6e,4e,a4,10,85,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\cscui.dll

.

Completion time: 2010-10-25 09:35:20

ComboFix-quarantined-files.txt 2010-10-25 08:35

ComboFix2.txt 2010-09-04 15:07

Pre-Run: 26,783,920,128 bytes free

Post-Run: 27,058,659,328 bytes free

- - End Of File - - 6EF088D95615CDAC125533A9A9B16313

Starbuck · October 26, 2010

Hi r0adrunner,

Nothing to worry about there.

We can clean one small thing though....

Close any open browsers.

Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.

Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

Driver::
jcozyjmg

Go to the Notepad window and click Edit >> Paste

Then click File >> Save

Name the file "CFScript.txt" (including the quotes)

Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop

Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon

as below.

http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Please post the new combofix.txt in your next reply.

Thanks

r0adrunner · October 29, 2010

As instructed, below is the log that ComboFix produced.

Problems remaining are that I get a Windows Installer box appear when I first open the Mozilla Firefox program (but not if I open further Mozilla windows) and a SmartWeb Printing box appear every time I open IE. I have to click on Cancel a few times to close both types of boxes. Also, the fans are still audible occasionally.

Thanks for your help.

ComboFix 10-10-28.03 - Administrator 29/10/2010 8:59.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.665 [GMT 1:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_JCOZYJMG

-------\Service_jcozyjmg

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))