also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot
Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

[Solved] Two iexplore.exe process running - rootkit removal

Discussion in 'Virus and Malware Removal' started by Fiv, Jan 3, 2011.

Thread Status:
Not open for further replies.
Page 3 of 3

  1. Broni Malware Annihilator

    Update:

    Broni, Jan 16, 2011
    #41

  2. Fiv Newcomer, in training

    Thanks for re-opening this topic. As I mentioned before, while I was searching for the cause of the two rogue iexpore.exe processes, I noticed a few symptoms that were appearing on my system that may help out anyone else who might come across this.

    I am not sure exactly what caused this issue. This is my gf's computer and while she was using it she started getting a lot of pop ups, fake anit-virus software, saying she needs to defrag her drive and to install some disk defragmenter. I ran malware bytes and I think ESET and they found different issues which were removed. However, I still noticed the two iexplore.exe files. I focused on those and ran process explorer to get more information. I could see that the command line section of the process was pointing to some www.clickleg.org address. Even when I killed the process it restarted. I even went into the internet explorer folder and deleted the executable but it copied itself back there. At that point, came on here searching for some help. As I mentioned in the email above, I went on travel and decided that I was going to reformat the hard drive since it wasn't worth the hassle. However, since I was going to do it anyway I wanted to take the time to learn what I could from the rootkit and the tools to remove it. So I downloaded all that I could find and started running through each one. Eventually I came to rootkit unhooker and it found some hooks and stealth code running. Since I was going to reformat anyway I throught I'd play around and unhook them to see what happened. I noticed the iexplore processes stopped showing up so I decided to try to run tdsskiller.exe since something was always preventing it. The first log I will post was from the first time I ran it. It found a couple forged files but nothing. Then I restarted my comp and ran it again and it found the VolSnap.sys was corrupted. I will also post the logs from two files I know to be associated with the rogue iexplore.exe processes.
    Fiv, Jan 16, 2011
    #42

  3. Fiv Newcomer, in training

    Rootkit Unhooker log

    >SSDT State
    NtCreateKey
    Actual Address 0xF7C99F36
    Hooked by: Unknown module filename

    NtCreateThread
    Actual Address 0xF7C99F2C
    Hooked by: Unknown module filename

    NtDeleteKey
    Actual Address 0xF7C99F3B
    Hooked by: Unknown module filename

    NtDeleteValueKey
    Actual Address 0xF7C99F45
    Hooked by: Unknown module filename

    NtLoadKey
    Actual Address 0xF7C99F4A
    Hooked by: Unknown module filename

    NtOpenProcess
    Actual Address 0xF7C99F18
    Hooked by: Unknown module filename

    NtOpenThread
    Actual Address 0xF7C99F1D
    Hooked by: Unknown module filename

    NtReplaceKey
    Actual Address 0xF7C99F54
    Hooked by: Unknown module filename

    NtRestoreKey
    Actual Address 0xF7C99F4F
    Hooked by: Unknown module filename

    NtSetValueKey
    Actual Address 0xF7C99F40
    Hooked by: Unknown module filename

    >Shadow
    >Processes
    >Drivers
    >Stealth
    Unknown page with executable code
    Address: 0x86CE9BF5
    Size: 1035
    Unknown page with executable code
    Address: 0x86CE9A95
    Size: 1387
    Unknown page with executable code
    Address: 0x86CE7F5A
    Size: 166
    Unknown page with executable code
    Address: 0x86CE53CC
    Size: 3124
    Unknown page with executable code
    Address: 0x86CE830A
    Size: 3318
    Unknown page with executable code
    Address: 0x86CE428A
    Size: 3446
    Unknown page with executable code
    Address: 0x86CEA143
    Size: 3773
    Unknown page with executable code
    Address: 0x86CE7E7B
    Size: 389
    >Files
    Suspect File: C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\2d563da2-0740-41f3-b687-e507895aea27\acb0fbe8-6b53-4cdd-9a9a-25c79bf172bc::$DATA Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0B538624-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{10650524-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{15800D8C-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1A9B15F4-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{40FE3358-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4614770C-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6290313A-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{677B8A9A-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6C8D099A-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7197618C-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8DECF61A-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{92EB624A-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{980FF41A-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9D17E9B2-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B96B1BE6-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BE77D632-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C39540F4-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C89AD432-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DFE14C1A-2147-11E0-8A78-0015C54F29BF}.dat::$DATA Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E4DFB84A-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E9FAC0B2-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EF09DD58-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F42E6F28-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0B538625-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{10650525-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{15800D8D-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1A9B15F5-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40FE3359-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4614770D-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6290313B-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{677B8A9B-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C8D099B-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7197618D-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8DECF61B-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{92EB624B-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{980FF41B-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9D17E9B3-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B96B1BE7-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BE77D633-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C39540F5-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C89AD433-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DFE14C1B-2147-11E0-8A78-0015C54F29BF}.dat::$DATA Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E4DFB84B-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E9FAC0B3-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EF09DD59-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F42E6F29-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\1MGMFDZA\dnserror[1] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\1MGMFDZA\errorPageStrings[2] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\1MGMFDZA\httpErrorPagesScripts[1] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\54DA0FO0\ErrorPageTemplate[1] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\54DA0FO0\tools[2] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\6850T0V7\background_gradient[1] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\6850T0V7\down[2] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\6850T0V7\favcenter[1] Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DF6D58.tmp Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DF7BFB.tmp Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD332.tmp Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD345.tmp Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD3A5.tmp Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD3B8.tmp Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD3F2.tmp Status: Hidden
    Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD405.tmp Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden
    Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden
    >Hooks
    ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump at address 0x80545CBE hook handler located in [ntkrnlpa.exe]
    [3064]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
    Fiv, Jan 16, 2011
    #43

  4. Fiv Newcomer, in training

    TDSSKIller - First Run

    2011/01/16 07:16:55.0796 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
    2011/01/16 07:16:55.0796 ================================================================================
    2011/01/16 07:16:55.0796 SystemInfo:
    2011/01/16 07:16:55.0796
    2011/01/16 07:16:55.0796 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/16 07:16:55.0796 Product type: Workstation
    2011/01/16 07:16:55.0796 ComputerName: HEG
    2011/01/16 07:16:55.0796 UserName: Heg
    2011/01/16 07:16:55.0796 Windows directory: C:\WINDOWS
    2011/01/16 07:16:55.0796 System windows directory: C:\WINDOWS
    2011/01/16 07:16:55.0796 Processor architecture: Intel x86
    2011/01/16 07:16:55.0796 Number of processors: 2
    2011/01/16 07:16:55.0796 Page size: 0x1000
    2011/01/16 07:16:55.0796 Boot type: Normal boot
    2011/01/16 07:16:55.0796 ================================================================================
    2011/01/16 07:16:56.0671 Initialize success
    2011/01/16 07:17:03.0046 ================================================================================
    2011/01/16 07:17:03.0046 Scan started
    2011/01/16 07:17:03.0046 Mode: Manual;
    2011/01/16 07:17:03.0046 ================================================================================
    2011/01/16 07:17:06.0187 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/01/16 07:17:11.0750 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/01/16 07:17:13.0234 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/16 07:17:13.0437 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/01/16 07:17:14.0687 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/01/16 07:17:22.0140 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/01/16 07:17:27.0421 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
    2011/01/16 07:17:34.0750 ialm (b9b916b56903cddd5d6a615079cab5a7) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/01/16 07:17:35.0609 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ialmnt5.sys. Real md5: b9b916b56903cddd5d6a615079cab5a7, Fake md5: cc449157474d5e43daea7e20f52c635a
    2011/01/16 07:17:35.0625 ialm - detected Forged file (1)
    2011/01/16 07:17:43.0078 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/16 07:17:45.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/16 07:17:45.0640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/16 07:17:50.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/16 07:17:52.0312 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
    2011/01/16 07:17:56.0750 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/01/16 07:18:04.0187 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/16 07:18:05.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/16 07:18:08.0328 Srv (e0e796692108468dbb60d03b7b1bb0d0) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/16 07:18:08.0578 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\srv.sys. Real md5: e0e796692108468dbb60d03b7b1bb0d0, Fake md5: 0f6aefad3641a657e18081f52d0c15af
    2011/01/16 07:18:08.0578 Srv - detected Forged file (1)
    2011/01/16 07:18:20.0859 w39n51 (1bb3bd3f6419cf148507bfb8006053ef) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    2011/01/16 07:18:21.0781 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\w39n51.sys. Real md5: 1bb3bd3f6419cf148507bfb8006053ef, Fake md5: b1f126e7e28877106d60e6ff3998d033
    2011/01/16 07:18:21.0796 w39n51 - detected Forged file (1)
    2011/01/16 07:18:22.0937 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2011/01/16 07:18:25.0468 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
    2011/01/16 07:18:27.0156 ================================================================================
    2011/01/16 07:18:27.0156 Scan finished
    2011/01/16 07:18:27.0156 ================================================================================
    2011/01/16 07:18:27.0171 Detected object count: 3
    2011/01/16 07:26:35.0156 Forged file(ialm) - User select action: Skip
    2011/01/16 07:26:35.0156 Forged file(Srv) - User select action: Skip
    2011/01/16 07:26:35.0171 Forged file(w39n51) - User select action: Skip
    2011/01/16 07:27:20.0203 Deinitialize success



    TDSSKiller.exe - Second Run

    2011/01/16 07:54:11.0078 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
    2011/01/16 07:54:11.0078 ================================================================================
    2011/01/16 07:54:11.0078 SystemInfo:
    2011/01/16 07:54:11.0078
    2011/01/16 07:54:11.0078 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/16 07:54:11.0078 Product type: Workstation
    2011/01/16 07:54:11.0078 ComputerName: HEG
    2011/01/16 07:54:11.0078 UserName: Heg
    2011/01/16 07:54:11.0078 Windows directory: C:\WINDOWS
    2011/01/16 07:54:11.0078 System windows directory: C:\WINDOWS
    2011/01/16 07:54:11.0078 Processor architecture: Intel x86
    2011/01/16 07:54:11.0078 Number of processors: 2
    2011/01/16 07:54:11.0078 Page size: 0x1000
    2011/01/16 07:54:11.0078 Boot type: Normal boot
    2011/01/16 07:54:11.0078 ================================================================================
    2011/01/16 07:54:12.0687 Initialize success
    2011/01/16 07:54:17.0562 ================================================================================
    2011/01/16 07:54:17.0562 Scan started
    2011/01/16 07:54:17.0562 Mode: Manual;
    2011/01/16 07:54:17.0562 ================================================================================
    2011/01/16 07:54:21.0265 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/01/16 07:54:21.0921 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/16 07:54:22.0562 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/16 07:54:23.0171 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/01/16 07:54:23.0921 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/16 07:54:24.0656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/16 07:54:25.0312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/16 07:54:25.0953 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/01/16 07:54:26.0812 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/01/16 07:54:27.0500 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/01/16 07:54:28.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/01/16 07:54:28.0703 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/01/16 07:54:29.0531 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/01/16 07:54:30.0515 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/01/16 07:54:31.0375 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/01/16 07:54:32.0000 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2011/01/16 07:54:32.0578 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    2011/01/16 07:54:33.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/16 07:54:33.0859 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/01/16 07:54:34.0937 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/01/16 07:54:35.0906 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/01/16 07:54:36.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/16 07:54:37.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/16 07:54:38.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/16 07:54:38.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/16 07:54:38.0953 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/01/16 07:54:39.0578 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/01/16 07:54:40.0218 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/01/16 07:54:41.0234 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/01/16 07:54:42.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/16 07:54:44.0671 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/01/16 07:54:45.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/16 07:54:46.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/01/16 07:54:47.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/16 07:54:48.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/16 07:54:49.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/16 07:54:51.0000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/01/16 07:54:52.0156 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/01/16 07:54:53.0140 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/01/16 07:54:54.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/01/16 07:54:55.0296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/01/16 07:54:56.0453 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/01/16 07:54:57.0406 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
    2011/01/16 07:54:58.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/16 07:54:59.0171 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/01/16 07:55:00.0109 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/01/16 07:55:01.0171 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/01/16 07:55:02.0109 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/01/16 07:55:02.0984 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/01/16 07:55:04.0000 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/01/16 07:55:04.0843 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/01/16 07:55:05.0843 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/01/16 07:55:07.0046 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/01/16 07:55:08.0937 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/16 07:55:10.0953 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/16 07:55:11.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/16 07:55:13.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/16 07:55:13.0921 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/01/16 07:55:14.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/16 07:55:16.0046 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/01/16 07:55:17.0203 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/01/16 07:55:17.0843 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
    2011/01/16 07:55:18.0765 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/01/16 07:55:20.0218 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/16 07:55:21.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/16 07:55:22.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/16 07:55:23.0828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/16 07:55:25.0218 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/16 07:55:26.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/16 07:55:28.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/16 07:55:30.0000 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/01/16 07:55:31.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/16 07:55:32.0890 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/16 07:55:34.0234 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/16 07:55:35.0375 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/01/16 07:55:37.0546 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    2011/01/16 07:55:38.0671 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    2011/01/16 07:55:39.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/16 07:55:41.0343 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/01/16 07:55:44.0000 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/01/16 07:55:45.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/16 07:55:47.0406 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/01/16 07:55:49.0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/16 07:55:51.0406 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/01/16 07:55:52.0468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/16 07:55:53.0578 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/16 07:55:55.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/16 07:55:56.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/16 07:55:57.0515 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/16 07:55:58.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/16 07:56:00.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/16 07:56:02.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/16 07:56:05.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/16 07:56:07.0421 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/16 07:56:08.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/01/16 07:56:10.0343 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/16 07:56:12.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/16 07:56:14.0406 kwkpcusb (42ede2adb97bff408115c7ef1df965f3) C:\WINDOWS\system32\DRIVERS\kwusbnt.sys
    2011/01/16 07:56:17.0984 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/01/16 07:56:19.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/16 07:56:20.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/16 07:56:21.0890 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/16 07:56:23.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/16 07:56:24.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/16 07:56:25.0906 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/01/16 07:56:27.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/16 07:56:28.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/16 07:56:30.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/16 07:56:31.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/16 07:56:32.0359 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/16 07:56:33.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/16 07:56:34.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/16 07:56:35.0343 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/16 07:56:37.0140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/16 07:56:41.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/16 07:56:41.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/16 07:56:42.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/16 07:56:43.0640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/16 07:56:44.0843 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/16 07:56:45.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/16 07:56:50.0734 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    2011/01/16 07:57:02.0312 NETwLx32 (cbd6918929b5edacff9c782536019bbb) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
    2011/01/16 07:57:07.0375 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/16 07:57:07.0937 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2011/01/16 07:57:08.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/16 07:57:09.0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/16 07:57:10.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/16 07:57:12.0890 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/01/16 07:57:14.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/16 07:57:15.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/16 07:57:16.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/16 07:57:16.0593 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
    2011/01/16 07:57:17.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/16 07:57:17.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/16 07:57:18.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/16 07:57:18.0859 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys
    2011/01/16 07:57:19.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/16 07:57:20.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/16 07:57:21.0109 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/01/16 07:57:23.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/01/16 07:57:24.0203 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/01/16 07:57:24.0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/16 07:57:25.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/16 07:57:25.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/16 07:57:26.0515 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/16 07:57:27.0093 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/01/16 07:57:27.0640 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/01/16 07:57:28.0218 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/01/16 07:57:28.0828 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/01/16 07:57:29.0421 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/01/16 07:57:29.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/16 07:57:30.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/16 07:57:31.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/16 07:57:31.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/16 07:57:32.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/16 07:57:33.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/16 07:57:33.0656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/16 07:57:34.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/16 07:57:35.0109 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/16 07:57:36.0218 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2011/01/16 07:57:36.0875 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/01/16 07:57:37.0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/16 07:57:38.0031 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/16 07:57:38.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/16 07:57:39.0218 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    2011/01/16 07:57:39.0859 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    2011/01/16 07:57:40.0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/16 07:57:41.0578 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/01/16 07:57:42.0718 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/01/16 07:57:43.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/16 07:57:44.0812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/16 07:57:45.0718 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/16 07:57:46.0453 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/01/16 07:57:48.0328 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
    2011/01/16 07:57:48.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/16 07:57:49.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/16 07:57:50.0140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/01/16 07:57:50.0890 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/01/16 07:57:51.0781 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/01/16 07:57:52.0703 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/01/16 07:57:53.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/16 07:57:55.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/16 07:57:55.0875 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/16 07:57:56.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/16 07:57:57.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/16 07:57:57.0625 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/01/16 07:57:58.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/16 07:57:59.0328 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/01/16 07:58:00.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/16 07:58:01.0562 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/01/16 07:58:02.0187 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/16 07:58:02.0765 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
    2011/01/16 07:58:03.0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/16 07:58:03.0937 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/16 07:58:04.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/16 07:58:05.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/16 07:58:05.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/16 07:58:06.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/16 07:58:06.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/16 07:58:07.0390 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/01/16 07:58:08.0031 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/01/16 07:58:08.0656 VmbInfce (9e03ad10f36672f4f8e83587712ac0a9) C:\WINDOWS\system32\drivers\vmbinfce.sys
    2011/01/16 07:58:09.0328 VolSnap (0fd6d2221c85dafe1a1a149972463458) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/16 07:58:09.0375 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
    2011/01/16 07:58:09.0375 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
    2011/01/16 07:58:10.0906 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    2011/01/16 07:58:12.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/16 07:58:13.0234 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2011/01/16 07:58:14.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/16 07:58:15.0531 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    2011/01/16 07:58:16.0171 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
    2011/01/16 07:58:16.0734 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
    2011/01/16 07:58:17.0281 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
    2011/01/16 07:58:17.0859 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
    2011/01/16 07:58:19.0640 ================================================================================
    2011/01/16 07:58:19.0640 Scan finished
    2011/01/16 07:58:19.0640 ================================================================================
    2011/01/16 07:58:19.0656 Detected object count: 1
    2011/01/16 07:58:33.0531 VolSnap (0fd6d2221c85dafe1a1a149972463458) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/16 07:58:33.0546 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
    2011/01/16 07:58:41.0828 Backup copy found, using it..
    2011/01/16 07:58:41.0937 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
    2011/01/16 07:58:41.0937 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
    2011/01/16 07:58:49.0375 Deinitialize success
    Fiv, Jan 16, 2011
    #44

  5. Broni Malware Annihilator

    Good job there :)

    What about those iexplore.exe now?

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Jan 16, 2011
    #45

  6. Fiv Newcomer, in training

    Finally here are the two files that I know were associated with the rogue iexplore.exe. They were continually being created and updated throughout the past few weeks so they may be slightly different. Please not the urls changes. Clickleg.org seems to be the main one, however there were many others. Also, my temporary internet files folder was constantly filled with junk from these places even though I never browsed to them.

    serf_conf.log

    [PANEL_SIGN_CHECK]
    [runs_count_begin]
    60
    [runs_count_end]
    [urls_to_serf_begin]
    http://www.searchtasteless.org/ac.php?aid=461&sid=direct2
    http://www.clickleg.org/ac.php?aid=461&sid=direct2
    http://www.clickleg.org/ac.php?aid=461&sid=direct2
    http://www.clickleg.org/ac.php?aid=461&sid=direct2
    http://www.clickleg.org/ac.php?aid=461&sid=direct2
    [urls_to_serf_end]
    [refs_to_change_begin]
    www.searchtasteless.org/ac.php=|www.searchtasteless.org/search.php
    www.clickleg.org/ac.php=|www.clickleg.org/search.php
    [refs_to_change_end]
    [panels_begin]
    viewthanks.org
    searchsession.org
    searchdistribution.org
    searchsuccessful.org
    searchgateway.org
    onlineprostats.com
    [panels_end]
    [popupcount_begin]
    3
    [popupcount_end]
    [popupurl_begin]
    [popupurl_end]
    [popupurl2_begin]
    [popupurl2_end]
    [date_begin]
    16:1:2011
    [date_end]






    test.reg -- File used to update the registry, which is why no matter how many times I set firefox to my default, iexpore became my default.


    Windows Registry Editor Version 5.00

    ;Ramesh Srinivasan - http://windowsxp.mvps.org
    ;Sets IE as default (For use with Windows XP systems)
    ;Use this only if IE is installed in its default location
    ;c:\Program Files\Internet Explorer
    ;Revised April 1, 2005 - Changed IExplore.exe path to LFN format

    [HKEY_CLASSES_ROOT\ftp]
    @="URL:File Transfer Protocol"
    "EditFlags"=dword:00000002
    "ShellFolder"="{63da6ec0-2e98-11cf-8d82-444553540000}"
    "Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
    "URL Protocol"=""

    [HKEY_CLASSES_ROOT\ftp\DefaultIcon]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
    6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

    [HKEY_CLASSES_ROOT\ftp\Extensions]
    ".IVF"="{C69E8F40-D5C8-11D0-A520-145405C10000}"

    [HKEY_CLASSES_ROOT\ftp\shell]
    @="open"

    [HKEY_CLASSES_ROOT\ftp\shell\open]

    [HKEY_CLASSES_ROOT\ftp\shell\open\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

    [HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec]
    @="\"%1\",,-1,0,,,,"
    "NoActivateHandler"=""

    [HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\ifExec]
    @="*"

    [HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Topic]
    @="WWW_OpenURL"

    [HKEY_CLASSES_ROOT\htmlfile]
    @="HTML Document"
    "EditFlags"=dword:00010000
    "BrowserFlags"=dword:00000008

    [HKEY_CLASSES_ROOT\htmlfile\BrowseInPlace]
    @=""

    [HKEY_CLASSES_ROOT\htmlfile\CLSID]
    @="{25336920-03F9-11CF-8FD0-00AA00686F13}"

    [HKEY_CLASSES_ROOT\htmlfile\DefaultIcon]
    @="C:\\Program Files\\Internet Explorer\\iexplore.exe,1"

    [HKEY_CLASSES_ROOT\htmlfile\ScriptHostEncode]
    @="{0CF774D0-F077-11D1-B1BC-00C04F86C324}"

    [HKEY_CLASSES_ROOT\htmlfile\shell]
    @="opennew"

    [HKEY_CLASSES_ROOT\htmlfile\shell\open]
    @="Open in S&ame Window"

    [HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

    [HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec]
    @="\"file://%1\",,-1,,,,,"
    "NoActivateHandler"=""

    [HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Topic]
    @="WWW_OpenURL"

    [HKEY_CLASSES_ROOT\htmlfile\shell\opennew]
    @="&Open"

    [HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

    [HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec]
    @="\"%1\",,-1,0,,,,"
    "NoActivateHandler"=""

    [HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\IfExec]
    @="*"

    [HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Topic]
    @="WWW_OpenURLNewWindow"

    [HKEY_CLASSES_ROOT\htmlfile\shell\printto]

    [HKEY_CLASSES_ROOT\htmlfile\shell\printto\command]
    @=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
    00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
    25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,\
    00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
    6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,20,00,22,\
    00,25,00,32,00,22,00,20,00,22,00,25,00,33,00,22,00,20,00,22,00,25,00,34,00,\
    22,00,00,00

    [HKEY_CLASSES_ROOT\HTTP]
    @="URL:HyperText Transfer Protocol"
    "EditFlags"=dword:00000002
    "Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
    "URL Protocol"=""

    [HKEY_CLASSES_ROOT\HTTP\AnimExtensions]
    "."="dxmasf.dll,150"
    ".asf"="dxmasf.dll,150"
    ".asp"="dxmasf.dll,150"
    ".asx"="dxmasf.dll,150"
    ".nsc"="dxmasf.dll,150"
    ".wax"="dxmasf.dll,150"
    ".wm"="dxmasf.dll,150"
    ".wma"="dxmasf.dll,150"
    ".wmv"="dxmasf.dll,150"
    ".wmx"="dxmasf.dll,150"
    ".wvx"="dxmasf.dll,150"

    [HKEY_CLASSES_ROOT\HTTP\DefaultIcon]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
    6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

    [HKEY_CLASSES_ROOT\HTTP\Extensions]
    ".ASF"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
    ".ASX"="{4B428940-263C-11d1-A520-000000000000}"
    ".ASP"="{4B428940-263C-11d1-A520-000000000000}"
    ".WAX"="{4B428940-263C-11d1-A520-000000000000}"
    ".WM"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
    ".WMA"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
    ".NSC"="{4B428940-263C-11d1-A520-000000000000}"
    ".BECK"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
    ".WVX"="{4B428940-263C-11d1-A520-000000000000}"
    ".WMV"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
    ".WMX"="{4B428940-263C-11d1-A520-000000000000}"
    ".IVF"="{C69E8F40-D5C8-11D0-A520-145405C10000}"

    [HKEY_CLASSES_ROOT\HTTP\shell]
    @="open"

    [HKEY_CLASSES_ROOT\HTTP\shell\open]

    [HKEY_CLASSES_ROOT\HTTP\shell\open\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

    [HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec]
    @="\"%1\",,-1,0,,,,"
    "NoActivateHandler"=""

    [HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Topic]
    @="WWW_OpenURL"

    [HKEY_CLASSES_ROOT\https]
    @="URL:HyperText Transfer Protocol with Privacy"
    "EditFlags"=dword:00000002
    "Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
    "BrowserFlags"=dword:00000008
    "URL Protocol"=""

    [HKEY_CLASSES_ROOT\https\DefaultIcon]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
    6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

    [HKEY_CLASSES_ROOT\https\shell]
    @="open"

    [HKEY_CLASSES_ROOT\https\shell\open]

    [HKEY_CLASSES_ROOT\https\shell\open\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

    [HKEY_CLASSES_ROOT\https\shell\open\ddeexec]
    @="\"%1\",,-1,0,,,,"
    "NoActivateHandler"=""

    [HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Topic]
    @="WWW_OpenURL"

    [HKEY_CLASSES_ROOT\InternetShortcut]
    "EditFlags"=dword:00000002
    @="Internet Shortcut"
    "IsShortcut"=""
    "NeverShowExt"=""

    [HKEY_CLASSES_ROOT\InternetShortcut\CLSID]
    @="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"

    [HKEY_CLASSES_ROOT\InternetShortcut\DefaultIcon]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
    6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

    [HKEY_CLASSES_ROOT\InternetShortcut\shell]

    [HKEY_CLASSES_ROOT\InternetShortcut\shell\open]
    "CLSID"="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"
    "LegacyDisable"=""

    [HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command]
    @="rundll32.exe shdocvw.dll,OpenURL %l"

    [HKEY_CLASSES_ROOT\InternetShortcut\shell\print]

    [HKEY_CLASSES_ROOT\InternetShortcut\shell\print\command]
    @=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
    00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
    25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,73,\
    00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
    6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,00,00

    [HKEY_CLASSES_ROOT\InternetShortcut\shell\printto]

    [HKEY_CLASSES_ROOT\InternetShortcut\shell\printto\command]
    @=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
    00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
    25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,73,\
    00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
    6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,20,00,22,\
    00,25,00,32,00,22,00,20,00,22,00,25,00,33,00,22,00,20,00,22,00,25,00,34,00,\
    22,00,00,00

    [HKEY_CLASSES_ROOT\InternetShortcut\shellex]

    [HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers]

    [HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
    @=""

    [HKEY_CLASSES_ROOT\InternetShortcut\shellex\IconHandler]
    @="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"

    [HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertyHandler]
    @="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"

    [HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertySheetHandlers]

    [HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertySheetHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
    @="Internet Shortcut"

    [HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32]
    @="shdocvw.dll"
    "ThreadingModel"="Apartment"
    "LoadWithoutCOM"=""

    [HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\PersistentHandler]
    @="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

    [HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\ProgID]
    @="InternetShortcut"

    [HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex]

    [HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex\MayChangeDefaultMenu]
    @=""

    [HKEY_CLASSES_ROOT\gopher]
    @="URL:Gopher Protocol"
    "EditFlags"=dword:00000002
    "Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
    "URL Protocol"=""

    [HKEY_CLASSES_ROOT\gopher\DefaultIcon]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
    6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

    [HKEY_CLASSES_ROOT\gopher\shell]

    [HKEY_CLASSES_ROOT\gopher\shell\open]

    [HKEY_CLASSES_ROOT\gopher\shell\open\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

    [HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec]
    @="\"%1\",,-1,0,,,,"
    "NoActivateHandler"=""

    [HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Topic]
    @="WWW_OpenURL"

    [HKEY_CLASSES_ROOT\mhtmlfile]
    @="MHTML Document"

    [HKEY_CLASSES_ROOT\mhtmlfile\BrowseInPlace]
    @=""

    [HKEY_CLASSES_ROOT\mhtmlfile\CLSID]
    @="{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}"

    [HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon]
    @="C:\\Program Files\\Internet Explorer\\iexplore.exe,22"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell]
    @="opennew"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\open]
    @="Open in S&ame Window"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\open\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec]
    @="\"file://%1\",,-1,,,,,"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Topic]
    @="WWW_OpenURL"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew]
    @="&Open"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\command]
    @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec]
    @="\"file://%1\",,-1,,,,,"
    "NoActivateHandler"=""

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Application]
    @="IExplore"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\IfExec]
    @="*"

    [HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Topic]
    @="WWW_OpenURLNewWindow"

    [HKEY_CLASSES_ROOT\.htm]
    @="htmlfile"

    [HKEY_CLASSES_ROOT\.html]
    @="htmlfile"

    [HKEY_CLASSES_ROOT\.mht]
    @="mhtmlfile"

    [HKEY_CLASSES_ROOT\.mhtml]
    @="mhtmlfile"
    Fiv, Jan 16, 2011
    #46

  7. Broni Malware Annihilator

    OK.
    Please, re-read my previous reply.
    I may be out for a bit.
    Broni, Jan 16, 2011
    #47

  8. Fiv Newcomer, in training

    Sorry I got carried away with posting the logs :) I did see your reply on running combofix and I will do that shortly.

    As for the iexplore.exe process. I have no seen them come up. There was a day or so back when I first started troubleshooting this that they didn't appear but I also wasn't connected to the internet. I think once I got a connection it downloaded itself. However, as of now I don't see anything in the processes.

    I will post the logs from combofix shortly. However, I need to run to lunch.
    Fiv, Jan 16, 2011
    #48

  9. Fiv Newcomer, in training

    ComboFix 11-01-16.02 - Heg 01/16/2011 16:13:53.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.654 [GMT -6:00]
    Running from: c:\documents and settings\Heg\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\spool\prtprocs\w32x86\ps3200pc.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
    .

    2011-01-16 22:34 . 2011-01-16 22:40 -------- dc-h--w- c:\windows\ie8
    2011-01-15 16:39 . 2011-01-15 22:52 -------- d-----w- C:\bd_logs
    2011-01-09 23:28 . 2011-01-09 23:28 -------- d-----w- c:\documents and settings\Heg\Local Settings\Application Data\Temp
    2011-01-09 20:26 . 2011-01-09 20:26 -------- d-----w- c:\program files\Magical Jelly Bean
    2011-01-07 22:11 . 2011-01-07 22:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-01-06 04:45 . 2011-01-06 04:45 -------- d-----w- C:\_OTL
    2011-01-06 01:51 . 2011-01-06 01:51 -------- d-----w- c:\program files\Microsoft Network Monitor 3
    2011-01-04 02:12 . 2011-01-04 02:12 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-01-04 02:00 . 2011-01-04 02:00 -------- d-----w- c:\program files\Sophos
    2011-01-04 00:15 . 2011-01-04 00:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-01-03 22:07 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
    2011-01-03 15:45 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-03 15:45 . 2011-01-03 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-03 15:45 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-03 03:45 . 2011-01-04 15:22 -------- d-----w- c:\windows\system32\NtmsData
    2011-01-03 00:25 . 2011-01-03 00:25 -------- d--h--w- c:\windows\PIF
    2011-01-02 23:40 . 2011-01-02 23:40 -------- d-----w- c:\program files\ESET
    2011-01-02 22:37 . 2011-01-02 22:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-01-02 17:22 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
    2011-01-02 17:22 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
    2011-01-02 17:14 . 2011-01-02 17:14 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-01-02 17:05 . 2011-01-02 17:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-01-02 16:39 . 2011-01-02 16:39 -------- d-----w- c:\documents and settings\Heg\Application Data\AVG10
    2011-01-02 16:35 . 2011-01-02 16:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-01-02 16:10 . 2011-01-04 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
    2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
    2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
    2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
    2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
    2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
    2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
    2011-01-02 15:51 . 2011-01-02 15:51 -------- d-----w- c:\program files\Common Files\Apple
    2011-01-02 15:50 . 2011-01-02 15:50 -------- d-----w- c:\documents and settings\Heg\Local Settings\Application Data\Apple
    2011-01-02 15:48 . 2011-01-02 15:49 -------- d-----w- c:\program files\Apple Software Update
    2011-01-02 15:48 . 2011-01-02 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2011-01-02 15:32 . 2010-11-13 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-02 15:32 . 2010-11-13 00:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-01-02 15:26 . 2011-01-02 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-01-02 15:19 . 2011-01-02 15:19 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-12-23 17:30 . 2010-12-23 17:24 831488 ------w- c:\program files\xerox\xlibeay.dll
    2010-12-23 17:30 . 2010-12-23 17:24 607232 ------w- c:\program files\xerox\x2utilA0.dll
    2010-12-23 17:30 . 2010-12-23 17:24 400384 ------w- c:\program files\xerox\x2comsA0.dll
    2010-12-23 17:30 . 2010-12-23 17:24 393216 ------w- c:\program files\xerox\x2txt01.dll
    2010-12-23 17:30 . 2010-12-23 17:24 135168 ------w- c:\program files\xerox\EReg.exe
    2010-12-23 17:26 . 2010-12-23 17:24 22723 ----a-w- c:\windows\system32\ps3200l3.dll
    2010-12-23 17:26 . 2010-12-23 17:24 65536 ----a-w- c:\windows\system32\ps3200ci.dll
    2010-12-23 17:26 . 2010-12-23 17:24 151552 ----a-w- c:\windows\system32\ps3200ci.exe
    2010-12-23 17:25 . 2010-12-23 17:24 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-16 13:59 . 2004-08-11 22:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2004-08-11 22:12 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 22:34 . 2007-09-04 19:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-09 14:52 . 2004-08-11 22:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-02 15:17 . 2004-08-11 22:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-11 22:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-01-05_04.02.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-16 18:11 . 2011-01-16 18:11 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat
    + 2004-08-11 22:00 . 2011-01-16 12:14 63418 c:\windows\system32\perfc009.dat
    - 2004-08-11 22:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
    + 2004-08-11 22:00 . 2009-03-08 10:31 66560 c:\windows\system32\mshtmled.dll
    + 2006-11-08 03:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
    - 2006-11-08 03:03 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 74240 c:\windows\system32\mscories.dll
    + 2004-08-11 22:00 . 2009-03-08 10:34 43008 c:\windows\system32\licmgr10.dll
    + 2004-08-11 22:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
    - 2004-08-11 22:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
    + 2006-09-22 12:03 . 2009-03-08 10:31 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2006-09-22 12:03 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2007-06-12 07:36 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-06-12 07:36 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2006-10-17 18:05 . 2009-03-08 10:34 43008 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-09-22 12:03 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2006-09-22 12:03 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 83456 c:\windows\system32\dfshim.dll
    - 2006-09-27 23:30 . 2011-01-05 01:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2006-09-27 23:30 . 2011-01-16 13:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2006-09-27 23:30 . 2011-01-16 13:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2006-09-27 23:30 . 2011-01-05 01:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2011-01-03 15:57 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\update\spcustom.dll
    - 2011-01-03 15:57 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\spmsg.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2005-09-23 13:28 . 2005-09-23 13:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2005-09-23 13:29 . 2005-09-23 13:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2005-09-23 12:36 . 2005-09-23 12:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
    + 2005-09-23 12:29 . 2005-09-23 12:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
    + 2005-09-23 12:47 . 2005-09-23 12:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
    + 2005-09-23 12:30 . 2005-09-23 12:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
    + 2005-09-23 12:47 . 2005-09-23 12:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
    + 2005-09-23 12:47 . 2005-09-23 12:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
    + 2005-09-23 12:47 . 2005-09-23 12:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
    + 2005-09-23 12:47 . 2005-09-23 12:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
    + 2005-09-23 12:46 . 2005-09-23 12:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
    + 2005-09-23 12:46 . 2005-09-23 12:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
    + 2005-09-23 12:46 . 2005-09-23 12:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
    + 2005-09-23 12:44 . 2005-09-23 12:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
    + 2005-09-23 12:42 . 2005-09-23 12:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
    + 2005-09-23 12:40 . 2005-09-23 12:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
    + 2005-09-23 12:40 . 2005-09-23 12:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
    + 2005-09-23 12:40 . 2005-09-23 12:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
    + 2005-09-23 12:38 . 2005-09-23 12:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
    + 2005-09-23 12:38 . 2005-09-23 12:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
    + 2005-09-23 09:46 . 2005-09-23 09:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
    + 2005-09-23 12:36 . 2005-09-23 12:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
    + 2005-09-23 12:34 . 2005-09-23 12:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
    + 2005-09-23 12:34 . 2005-09-23 12:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
    + 2005-09-23 12:34 . 2005-09-23 12:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
    + 2005-09-23 12:32 . 2005-09-23 12:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
    + 2005-09-23 12:29 . 2005-09-23 12:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 55488 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2011-01-03 21:59 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
    + 2011-01-16 18:05 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
    + 2011-01-16 18:06 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
    - 2011-01-03 21:59 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
    + 2011-01-16 18:06 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
    - 2011-01-03 21:59 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
    + 2011-01-16 18:05 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
    - 2011-01-03 21:59 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
    - 2011-01-03 21:59 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
    + 2011-01-16 18:05 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
    + 2011-01-16 22:37 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
    - 2011-01-03 21:50 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
    - 2011-01-03 21:46 . 2006-10-17 17:28 48128 c:\windows\ie8\mshtmler.dll
    + 2011-01-16 22:34 . 2006-10-17 17:28 48128 c:\windows\ie8\mshtmler.dll
    + 2011-01-16 22:34 . 2006-10-17 17:56 45568 c:\windows\ie8\mshta.exe
    - 2011-01-03 21:46 . 2006-10-17 17:56 45568 c:\windows\ie8\mshta.exe
    - 2011-01-03 21:46 . 2006-10-17 17:58 12288 c:\windows\ie8\msfeedssync.exe
    + 2011-01-16 22:34 . 2006-10-17 17:58 12288 c:\windows\ie8\msfeedssync.exe
    + 2011-01-16 22:34 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
    - 2011-01-03 21:46 . 2006-10-17 18:05 40960 c:\windows\ie8\licmgr10.dll
    + 2011-01-16 22:34 . 2006-10-17 18:05 40960 c:\windows\ie8\licmgr10.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
    - 2011-01-03 21:46 . 2006-11-07 09:26 92672 c:\windows\ie8\inseng.dll
    + 2011-01-16 22:34 . 2006-11-07 09:26 92672 c:\windows\ie8\inseng.dll
    - 2011-01-03 21:46 . 2006-10-17 17:57 36352 c:\windows\ie8\imgutil.dll
    + 2011-01-16 22:34 . 2006-10-17 17:57 36352 c:\windows\ie8\imgutil.dll
    - 2011-01-03 21:46 . 2006-11-07 09:26 55296 c:\windows\ie8\iesetup.dll
    + 2011-01-16 22:34 . 2006-11-07 09:26 55296 c:\windows\ie8\iesetup.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
    - 2011-01-03 21:46 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
    + 2011-01-16 22:34 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
    - 2011-01-03 21:46 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
    - 2011-01-03 21:46 . 2006-10-17 17:44 60416 c:\windows\ie8\hmmapi.dll
    + 2011-01-16 22:34 . 2006-10-17 17:44 60416 c:\windows\ie8\hmmapi.dll
    - 2011-01-03 21:46 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
    + 2011-01-16 22:34 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
    + 2011-01-16 22:34 . 2006-11-07 09:26 71680 c:\windows\ie8\admparse.dll
    - 2011-01-03 21:46 . 2006-11-07 09:26 71680 c:\windows\ie8\admparse.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9d3aab7fb86a3d4681e6015739486533\Microsoft.Build.Framework.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f34a562d7823ff4085712627483b561f\dfsvc.ni.exe
    + 2011-01-16 22:14 . 2011-01-16 22:14 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc177345732c2240a691624c28db694a\Accessibility.ni.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2004-08-11 22:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet.dll
    + 2004-08-11 22:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
    + 2004-08-11 22:00 . 2011-01-16 12:14 402974 c:\windows\system32\perfh009.dat
    + 2004-08-11 22:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
    - 2004-08-11 22:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
    + 2004-08-11 22:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
    - 2004-08-11 22:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
    + 2006-11-08 03:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 150016 c:\windows\system32\mscorier.dll
    + 2004-08-11 22:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
    - 2004-08-11 22:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
    - 2004-08-11 22:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
    + 2004-08-11 22:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
    + 2004-08-11 22:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
    + 2004-08-11 22:06 . 2011-01-10 23:30 115768 c:\windows\system32\FNTCACHE.DAT
    + 2006-09-22 12:03 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
    - 2006-09-22 12:03 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
    - 2006-10-17 18:04 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-10-17 18:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
    - 2006-09-22 12:03 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
    + 2006-09-22 12:03 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
    + 2007-06-12 07:36 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
    + 2006-09-22 12:03 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2006-09-22 12:03 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2006-11-07 09:27 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 09:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 09:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
    - 2011-01-03 15:57 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\update\updspapi.dll
    - 2011-01-03 15:57 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\update\update.exe
    - 2011-01-03 15:57 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\spuninst.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2005-09-23 13:57 . 2005-09-23 13:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
    + 2005-09-23 13:01 . 2005-09-23 13:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2011-01-06 01:54 . 2011-01-06 01:54 502272 c:\windows\Installer\117719.msi
    + 2011-01-06 01:51 . 2011-01-06 01:51 542720 c:\windows\Installer\117714.msi
    - 2011-01-03 21:59 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
    + 2011-01-16 18:05 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
    - 2011-01-03 21:59 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
    + 2011-01-16 18:06 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
    + 2011-01-16 18:06 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
    - 2011-01-03 21:59 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
    - 2011-01-03 22:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
    + 2011-01-16 18:06 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
    - 2011-01-03 22:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
    + 2011-01-16 18:06 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
    + 2011-01-16 18:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
    - 2011-01-03 21:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
    - 2011-01-03 21:59 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
    + 2011-01-16 18:05 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
    - 2011-01-03 21:59 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
    + 2011-01-16 18:05 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
    + 2011-01-16 18:05 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
    - 2011-01-03 21:59 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
    - 2011-01-03 21:59 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
    + 2011-01-16 18:05 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
    + 2011-01-16 18:05 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
    - 2011-01-03 21:59 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
    - 2011-01-03 21:59 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
    + 2011-01-16 18:05 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
    + 2011-01-16 18:05 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
    - 2011-01-03 21:59 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
    - 2011-01-03 21:59 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
    + 2011-01-16 18:05 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
    + 2011-01-16 22:34 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
    + 2011-01-16 22:34 . 2006-10-17 18:05 206336 c:\windows\ie8\winfxdocobj.exe
    - 2011-01-03 21:46 . 2006-10-17 18:05 206336 c:\windows\ie8\winfxdocobj.exe
    - 2011-01-03 21:46 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
    - 2011-01-03 21:46 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
    + 2011-01-16 22:34 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
    - 2011-01-03 21:46 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
    + 2011-01-16 22:34 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
    - 2011-01-03 21:50 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
    + 2011-01-16 22:37 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
    - 2011-01-03 21:50 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
    + 2011-01-16 22:37 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
    - 2011-01-03 21:46 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
    + 2011-01-16 22:34 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
    - 2011-01-03 21:46 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
    + 2011-01-16 22:34 . 2006-11-08 03:03 156160 c:\windows\ie8\msls31.dll
    - 2011-01-03 21:46 . 2006-11-08 03:03 156160 c:\windows\ie8\msls31.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
    - 2011-01-03 21:46 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
    + 2011-01-16 22:34 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
    - 2011-01-03 21:46 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
    + 2011-01-16 22:34 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
    - 2011-01-03 21:46 . 2006-11-08 03:03 180736 c:\windows\ie8\ieui.dll
    + 2011-01-16 22:34 . 2006-11-08 03:03 180736 c:\windows\ie8\ieui.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
    - 2011-01-03 21:46 . 2006-11-08 03:03 191488 c:\windows\ie8\iepeers.dll
    + 2011-01-16 22:34 . 2006-11-08 03:03 191488 c:\windows\ie8\iepeers.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
    + 2011-01-16 22:34 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
    - 2011-01-03 21:46 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
    Fiv, Jan 16, 2011
    #49

  10. Fiv Newcomer, in training

    + 2011-01-16 22:17 . 2011-01-16 22:17 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b06e855e108d7f4ca4d714d96c39efff\System.Web.RegularExpressions.ni.dll
    + 2011-01-16 22:16 . 2011-01-16 22:16 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\776d34096a1d784da11bdc964f9d4685\System.Transactions.ni.dll
    + 2011-01-16 22:16 . 2011-01-16 22:16 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e2146c31fa1d8c4d9119307cbce2d5cd\System.Security.ni.dll
    + 2011-01-16 22:16 . 2011-01-16 22:16 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\93aef158a558434da5878196ac1fe2d5\System.EnterpriseServices.Wrapper.dll
    + 2011-01-16 22:16 . 2011-01-16 22:16 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\93aef158a558434da5878196ac1fe2d5\System.EnterpriseServices.ni.dll
    + 2011-01-16 12:12 . 2011-01-16 12:12 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b3494c231ff3854da899064aa44ac95d\System.Drawing.Design.ni.dll
    + 2011-01-16 22:16 . 2011-01-16 22:16 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3f565cd58727bf4d8e6d31b2f8e6f121\System.DirectoryServices.Protocols.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d416a781eb9f314db93166c4a814abff\System.Configuration.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\8cc8f5aa18f40d4d94256a3a5704578a\Microsoft.Build.Utilities.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3ef3161255176b49bb33b1977099fd5c\Microsoft.Build.Engine.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\6f8b25f1c0934f49b8f65f51ab104abf\CustomMarshalers.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\45c0b29d5904274da4b750159d977b0b\AspNetMMCExt.ni.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-01-16 12:07 . 2011-01-16 12:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2004-08-11 22:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
    + 2004-08-11 22:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
    + 2006-10-17 17:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
    + 2006-09-22 12:03 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
    + 2006-05-19 13:08 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
    + 2007-06-12 07:36 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2005-09-23 13:29 . 2005-09-23 13:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2005-09-23 13:28 . 2005-09-23 13:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2005-09-23 13:28 . 2005-09-23 13:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2011-01-16 12:10 . 2011-01-16 12:10 2109440 c:\windows\Installer\12ca67.msi
    - 2011-01-03 21:59 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
    + 2011-01-16 18:05 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
    + 2011-01-16 18:05 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    - 2011-01-03 21:59 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    + 2011-01-16 18:05 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
    - 2011-01-03 21:59 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
    + 2011-01-16 22:34 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
    - 2011-01-03 21:46 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
    - 2011-01-03 21:46 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
    + 2011-01-16 22:34 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
    - 2011-01-03 21:46 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
    + 2011-01-16 22:34 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
    + 2011-01-16 12:12 . 2011-01-16 12:12 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\a36ec900587268408849739624ffbbc1\System.ni.dll
    + 2011-01-16 12:13 . 2011-01-16 12:13 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d26c76980431604d837b7888fcb5fe85\System.Xml.ni.dll
    + 2011-01-16 22:17 . 2011-01-16 22:17 1945600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\976864be43072b4b96bf4c05ecd2776a\System.Web.Services.ni.dll
    + 2011-01-16 22:17 . 2011-01-16 22:17 2310144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\260b56fdc5ec8e45b3e20270d2ddee6e\System.Web.Mobile.ni.dll
    + 2011-01-16 12:12 . 2011-01-16 12:12 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2f299210496fc441ae660f6c37f4ecc5\System.Drawing.ni.dll
    + 2011-01-16 22:16 . 2011-01-16 22:16 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e9adab86e5cce14da5049446741a618f\System.DirectoryServices.ni.dll
    + 2011-01-16 22:16 . 2011-01-16 22:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2f32684e7534614686ab030258bd96d9\System.Deployment.ni.dll
    + 2011-01-16 12:13 . 2011-01-16 12:13 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0e5e97c8362cc64dbba5d22cda28e521\System.Data.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f036369954822242b74588ce7d4d4d7c\Microsoft.VisualBasic.ni.dll
    + 2011-01-16 22:15 . 2011-01-16 22:15 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\94c39c91de7f3d47a80849c42e6b8988\Microsoft.Build.Tasks.ni.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-01-16 12:08 . 2011-01-16 12:08 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-01-16 12:09 . 2011-01-16 12:09 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-10-16 22:49 . 2011-01-16 06:14 37403080 c:\windows\system32\MRT.exe
    + 2006-11-08 03:03 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
    + 2007-06-12 07:36 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
    + 2005-09-23 13:48 . 2005-09-23 13:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
    + 2011-01-16 18:05 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
    - 2011-01-03 21:59 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
    + 2011-01-16 12:13 . 2011-01-16 12:13 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\df797d351f662e41a458ed1c4b06b36b\System.Windows.Forms.ni.dll
    + 2011-01-16 22:16 . 2011-01-16 22:17 11808768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\bebe78d76706744b84f922b8af22ccfd\System.Web.ni.dll
    + 2011-01-16 12:14 . 2011-01-16 12:14 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\3406e3d63aed0d48837aec09fa10e836\System.Design.ni.dll
    + 2011-01-16 12:11 . 2011-01-16 12:11 11411456 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ff9a1d7393b5ac49a8bf7c08a61d7d57\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-19 1400832]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1206544]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
    backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Heg^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Heg^Start Menu^Programs^Startup^PersonalBrain.lnk]
    backup=c:\windows\pss\PersonalBrain.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2005-10-07 04:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2006-06-29 17:13 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2006-07-17 02:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
    2006-05-16 17:35 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-06-26 22:13 1207080 ----a-w- c:\progra~1\MICROS~3\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 21:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-17 05:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2005-07-23 02:40 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-12-13 07:45 118784 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-12-13 07:44 98304 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2005-09-16 13:43 274432 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2006-11-07 20:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    2009-06-30 16:00 2836376 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
    2008-04-04 18:37 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "IDriverT"=3 (0x3)
    "DataSvr2"=2 (0x2)
    "tcsd_win32.exe"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [9/18/2010 12:32 PM 6607744]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;c:\windows\system32\drivers\kwusbnt.sys [2/8/2007 6:28 PM 101280]
    S3 rkhdrv40;Rootkit Unhooker Driver; [x]
    S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys [1/29/2007 9:32 AM 95104]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - PROCEXP141
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title = Windows Internet Explorer provided by Comcast
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060922
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Heg\Application Data\Mozilla\Firefox\Profiles\ir3f5is0.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-16 16:25
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(*q* ]
    "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
    .
    Completion time: 2011-01-16 16:29:58
    ComboFix-quarantined-files.txt 2011-01-16 22:29
    ComboFix2.txt 2011-01-05 04:19

    Pre-Run: 64,108,527,616 bytes free
    Post-Run: 64,086,048,768 bytes free

    - - End Of File - - 3810F58B7D7DC44234212D7F83E7BB9C
    Fiv, Jan 16, 2011
    #50

  11. Broni Malware Annihilator

    Yeah, Combofix looks good.

    Since you ran already 1001 scans, I think we don't have to do it again.

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    Make sure to reset restore points and you should be good to go.

    Nice job, btw :)

    Good luck :)
    Broni, Jan 16, 2011
    #51

  12. Fiv Newcomer, in training

    Thank you! I will continue to monitor this closely for a while to see if anything unusual occurs but so far it looks good.
    Fiv, Jan 16, 2011
    #52

  13. Broni Malware Annihilator

    I'll keep my fingers crossed :)
    Broni, Jan 16, 2011
    #53
Page 3 of 3
Thread Status:
Not open for further replies.