Solved Two iexplore.exe process running - rootkit removal

Status
Not open for further replies.
I'm not sure what is the issue with TDSSKiller, but I wouldn't worry much about it, because if you're infected with TDL rootkit, some scans, like DDS, or GMER would definitely show it being present.

Tell me little bit more about your computer running slow.

I also want you to run couple more tools....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
My computer is running slow as soon as I power on. The boot process, login process and startup process all takes a considerable amount of time longer than a week ago. Even when the system is idle, opening folders or trying to run software takes a long time. I also noticed it while doing system scans. An example would be DDS, which says it normally takes about 3 minutes. I understand that is an estimate but even that took about 15 minutes to complete. Unfortunately I don't have a baseline of any other scans to see exactly what kind of performance impact has occurred but. What is strange is that my CPU usage never tops out at 100%. It is like something is running on the computer but it isn't registering in the processes. I don't even know if that is possible, maybe I am just being overly cautious.

A little bit more information about the iexplore.exe process that are running. I have been using process explorer to monitor the iexplore.exe processes, and it appears that every 60 to 90 seconds, then iexplore.exe processes stop then restart. Each time, the command line shows a different url. sometimes it is clickleg.org, sometimes it is clickfind.org, sometimes it is clickmultimedia.org and it seems to cycle through a list of about 5 or so.

I also ran a packet capture and killed the iexplore.exe processes. Sure enough, a few seconds later they started up and started sending TCP packets to one of those sites.

I ran the Security Check and here is the log:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Heg Desktop Anti-Virus ProcessExplorer\procexp.exe
``````````End of Log````````````


I also ran TFC and after it rebooted the iexplore.exe processes were back. I am running ESET now so I will post the logs once it is complete.
 
I ran ESET and it didn't find anything. I thought it would print out a log but didn't. I checked in the install folder for one also but didn't see anything either. I have run ESET before and it did find something and created a log, so I am wondering if it doesn't find anything if it doesn't log it.
 
Actually I take that back. It looks like they combined log files from the last time I ran it. so below you should see the results of 3 scans. One on 1/3, then one yesterday and one today. I ran one last night but when I woke up I saw the BSOD. It appears that the scan did in fact complete though.

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=1ef360c0da9275458686fa33af94f958
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-03 02:15:52
# local_time=2011-01-02 08:15:52 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 95 0 36356352 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134637
# found=12
# cleaned=12
# scan_time=8194
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\buttercup.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\i want to do bad things you MTV.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\king of wishful thinking (hot new track).au a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\lpga (unreleased live record).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\lpga - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\lpga unreleased version.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\lpga.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\lpga.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\shes so california (256k 44800).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Heg\My Documents\LimeWire\Saved\shes so california 256k 44800[high quality].snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-442178430-1081731245-2867892574-1005\Dc17.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-442178430-1081731245-2867892574-1005\Dc18.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=1ef360c0da9275458686fa33af94f958
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-07 08:15:30
# local_time=2011-01-07 02:15:30 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 93 0 29961495 191240 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 277290 277290 0 0
# scanned=139586
# found=0
# cleaned=0
# scan_time=16390
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=1ef360c0da9275458686fa33af94f958
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-07 02:59:22
# local_time=2011-01-07 08:59:22 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775145 100 93 0 30001448 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 317243 317243 0 0
# scanned=2293
# found=0
# cleaned=0
# scan_time=673
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=1ef360c0da9275458686fa33af94f958
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-07 08:51:31
# local_time=2011-01-07 02:51:31 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775145 100 93 0 30002219 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 314414 314414 0 0
# scanned=140023
# found=0
# cleaned=0
# scan_time=21022
 
Also, I just realized that I ran ESET as one of the first programs when I found out something was on this computer. I ran the scan before my computer started really getting slow. But you can see the first scan took around 2.5 hrs and this recent one took nearly 6. I know I have added some additional programs but I don't think it is enough to more than double it. Also, I didn't monitor the processes the whole time but I don't think my CPU usage ever hit 100%. It is like my computer is dragging even though there aren't a lot of processes running.
 
Please download SystemScan and save it to your desktop.

  • Be aware that the file name will be randomly generated (i.e. sys95769.exe) to deceive malware which may attempt to disabled it.
  • If any installed security tools (anti-virus) detects the file as malware or suspicious while downloading or attempting to run, ignore the alert and allow the download.
  • Double-click on sys*****.exe to start the tool.
  • A read before proceeding disclaimer will appear.
  • Uncheck <- Unflag the checkbox to disable updates! next to the version number at the top.
  • After reading, check the box I have read and agree. Please let me...proceed!, then click the Proceed button.
  • When SystemScan opens, click the "Unselect all" button.
  • Important: Under "Make your choice and than click...", check the boxes next to:
    • PC accounts
  • Everything else should be unchecked.
  • Click "Scan Now".
  • Another warning box will appear. Please follow the instructions and click OK.
  • Please be patient while the scan is in progress.
  • Systemscan will scan your computer and create a folder named Suspectfile on the Desktop to save its report.
  • When the scan is complete, Notepad will automatically open a log file named report.txt with the results.
  • Copy and paste the contents of report.txt in your next reply.
 
SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Heg\Desktop\sys11484.exe
Running in: User mode
Date: 1/7/2011
Time: 4:36:04 PM

Output limited to:
-PC accounts

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest
Yes | Heg
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)

### users folders

27/09/2006 17:37:17 (DIR) 0 byte 1563 days old -- All Users
25/06/2010 19:12:41 (DIR) 0 byte 196 days old -- Default User
02/01/2011 09:19:46 (DIR) 0 byte 5 days old -- NetworkService
04/01/2011 13:31:07 (DIR) 0 byte 3 days old -- LocalService
06/01/2011 21:20:18 (DIR) 0 byte 1 days old -- Heg
07/01/2011 16:11:38 (DIR) 0 byte 0 days old -- Administrator

### startup files in users folders

C:\documents and settings\Administrator\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\documents and settings\Default User\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\Heg\Start Menu\Programs\Startup\desktop.ini

==========================================
Scan completed in 0.1 minutes
End of report
 
Nothing there....

Restart computer in Safe Mode with Networking and see, if you have same issue.
 
At this point, the system started fine and is actually pretty responsive. The iexplore.exe process are not started. I was actually in safe mode earlier today and noticed they were not there. However, when this issue first started they were even showing up in safe mode. I will continue to cycle back and forth between safe mode to see if they run under safe mode again.

Is there a way to trace a process and find out what program or process kicked it off? Or possible some way to debug or flag a certain process to see if it will dump and data associated with it.
 
I have another similar topic and sometimes I'm getting mixed up between those two.

I can see, we didn't try one more trick.....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
Was the last post intended for my issue? I am not sure how my router configs or ipconfigs would effect the two iexplore.exe process running on my system?
 
What happens, sometimes a router is getting infected, so we have to eliminate that possibility.
 
I actually have a separate router that I no longer use, can I reset that one, then replace them? I am hesitant to make any router config changes because it will be a pain to restore my current router configs manually.

Also, I have 4 other computers on my network, if this is a router issue, wouldn't the same behavior be present on my other computers? Also, the majority of this troubleshooting process I haven't had the computer connected to the network, with exception to downloading new software and running a network trace. The rest of the time during the cleaning process I have had it offline.

Also, if I switch out the routers, or even reset this one, what will I be looking for once complete?
 
You can try something else.
Connect your computer straight to the modem and see if those two iexplore.exe are running.
 
Update:

I was working with your regarding two iexplore.exe processes that were running on my system. I apologize for not getting back to this resolution sooner however I was traveling for work. I did attempt to connect directly to the modem and that didn't help.

A few days ago I was to the point where I was just going to reformat the drive and start over since I backed up all the critical data anyway. Prior to doing so I decided to take the time to find out as much about the processes as I could and learn some more about the tools so I threw caution to the wind. I ran a bunch of different rootkit programs, rootkit detector, rootkitbuster, rootkit revealer, IAT Hook Analyzer, etc. It was a pretty fun learning experience. While I was using rootkit unhooker, if found a few hooks and hidden code running. I unhooked everything to see what woudl happen and after doing so, I was finally able to run tdsskiller.exe. TDSSKiller.exe found the rootkit and removed it. I have been running scans all day and everything has come up clean. I don't recall the exact name but I'd like to post the logs in the forum. It had to do with the VolSnap.sys. I am on a different computer at the moment but can find out exactly what it was later.

Would it be possible to open the topic so I can post the tdsskiller logs and possibly the rootkit unhooker logs? Also, I found out that rootkit was creating to files, a serf_conf.log and test.reg file in one fo the temp folders. The test.reg shows all the registry edits that the rootkit made to make iexlore.exe my default browser. serf_conf.log shows all the sites iexplore reached out to and how it iterated between them. I figure if it is posted someone will be able to look for those two files as possible symptoms if they experience the same issue.
Click to expand...
 
Thanks for re-opening this topic. As I mentioned before, while I was searching for the cause of the two rogue iexpore.exe processes, I noticed a few symptoms that were appearing on my system that may help out anyone else who might come across this.

I am not sure exactly what caused this issue. This is my gf's computer and while she was using it she started getting a lot of pop ups, fake anit-virus software, saying she needs to defrag her drive and to install some disk defragmenter. I ran malware bytes and I think ESET and they found different issues which were removed. However, I still noticed the two iexplore.exe files. I focused on those and ran process explorer to get more information. I could see that the command line section of the process was pointing to some www.clickleg.org address. Even when I killed the process it restarted. I even went into the internet explorer folder and deleted the executable but it copied itself back there. At that point, came on here searching for some help. As I mentioned in the email above, I went on travel and decided that I was going to reformat the hard drive since it wasn't worth the hassle. However, since I was going to do it anyway I wanted to take the time to learn what I could from the rootkit and the tools to remove it. So I downloaded all that I could find and started running through each one. Eventually I came to rootkit unhooker and it found some hooks and stealth code running. Since I was going to reformat anyway I throught I'd play around and unhook them to see what happened. I noticed the iexplore processes stopped showing up so I decided to try to run tdsskiller.exe since something was always preventing it. The first log I will post was from the first time I ran it. It found a couple forged files but nothing. Then I restarted my comp and ran it again and it found the VolSnap.sys was corrupted. I will also post the logs from two files I know to be associated with the rogue iexplore.exe processes.
 
Rootkit Unhooker log

>SSDT State
NtCreateKey
Actual Address 0xF7C99F36
Hooked by: Unknown module filename

NtCreateThread
Actual Address 0xF7C99F2C
Hooked by: Unknown module filename

NtDeleteKey
Actual Address 0xF7C99F3B
Hooked by: Unknown module filename

NtDeleteValueKey
Actual Address 0xF7C99F45
Hooked by: Unknown module filename

NtLoadKey
Actual Address 0xF7C99F4A
Hooked by: Unknown module filename

NtOpenProcess
Actual Address 0xF7C99F18
Hooked by: Unknown module filename

NtOpenThread
Actual Address 0xF7C99F1D
Hooked by: Unknown module filename

NtReplaceKey
Actual Address 0xF7C99F54
Hooked by: Unknown module filename

NtRestoreKey
Actual Address 0xF7C99F4F
Hooked by: Unknown module filename

NtSetValueKey
Actual Address 0xF7C99F40
Hooked by: Unknown module filename

>Shadow
>Processes
>Drivers
>Stealth
Unknown page with executable code
Address: 0x86CE9BF5
Size: 1035
Unknown page with executable code
Address: 0x86CE9A95
Size: 1387
Unknown page with executable code
Address: 0x86CE7F5A
Size: 166
Unknown page with executable code
Address: 0x86CE53CC
Size: 3124
Unknown page with executable code
Address: 0x86CE830A
Size: 3318
Unknown page with executable code
Address: 0x86CE428A
Size: 3446
Unknown page with executable code
Address: 0x86CEA143
Size: 3773
Unknown page with executable code
Address: 0x86CE7E7B
Size: 389
>Files
Suspect File: C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\2d563da2-0740-41f3-b687-e507895aea27\acb0fbe8-6b53-4cdd-9a9a-25c79bf172bc::$DATA Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0B538624-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{10650524-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{15800D8C-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1A9B15F4-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{40FE3358-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4614770C-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6290313A-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{677B8A9A-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6C8D099A-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7197618C-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8DECF61A-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{92EB624A-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{980FF41A-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9D17E9B2-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B96B1BE6-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BE77D632-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C39540F4-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C89AD432-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DFE14C1A-2147-11E0-8A78-0015C54F29BF}.dat::$DATA Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E4DFB84A-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E9FAC0B2-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EF09DD58-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F42E6F28-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0B538625-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{10650525-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{15800D8D-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1A9B15F5-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40FE3359-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4614770D-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6290313B-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{677B8A9B-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C8D099B-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7197618D-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8DECF61B-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{92EB624B-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{980FF41B-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9D17E9B3-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B96B1BE7-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BE77D633-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C39540F5-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C89AD433-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DFE14C1B-2147-11E0-8A78-0015C54F29BF}.dat::$DATA Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E4DFB84B-2148-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E9FAC0B3-2149-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EF09DD59-214A-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F42E6F29-214B-11E0-8A78-0015C54F29BF}.dat Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\1MGMFDZA\dnserror[1] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\1MGMFDZA\errorPageStrings[2] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\1MGMFDZA\httpErrorPagesScripts[1] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\54DA0FO0\ErrorPageTemplate[1] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\54DA0FO0\tools[2] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\6850T0V7\background_gradient[1] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\6850T0V7\down[2] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\Temporary Internet Files\Content.IE5\6850T0V7\favcenter[1] Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DF6D58.tmp Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DF7BFB.tmp Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD332.tmp Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD345.tmp Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD3A5.tmp Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD3B8.tmp Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD3F2.tmp Status: Hidden
Suspect File: C:\Documents and Settings\Heg\Local Settings\temp\~DFD405.tmp Status: Hidden
Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden
>Hooks
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump at address 0x80545CBE hook handler located in [ntkrnlpa.exe]
[3064]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
 
TDSSKIller - First Run

2011/01/16 07:16:55.0796 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/16 07:16:55.0796 ================================================================================
2011/01/16 07:16:55.0796 SystemInfo:
2011/01/16 07:16:55.0796
2011/01/16 07:16:55.0796 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/16 07:16:55.0796 Product type: Workstation
2011/01/16 07:16:55.0796 ComputerName: HEG
2011/01/16 07:16:55.0796 UserName: Heg
2011/01/16 07:16:55.0796 Windows directory: C:\WINDOWS
2011/01/16 07:16:55.0796 System windows directory: C:\WINDOWS
2011/01/16 07:16:55.0796 Processor architecture: Intel x86
2011/01/16 07:16:55.0796 Number of processors: 2
2011/01/16 07:16:55.0796 Page size: 0x1000
2011/01/16 07:16:55.0796 Boot type: Normal boot
2011/01/16 07:16:55.0796 ================================================================================
2011/01/16 07:16:56.0671 Initialize success
2011/01/16 07:17:03.0046 ================================================================================
2011/01/16 07:17:03.0046 Scan started
2011/01/16 07:17:03.0046 Mode: Manual;
2011/01/16 07:17:03.0046 ================================================================================
2011/01/16 07:17:06.0187 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/16 07:17:11.0750 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/16 07:17:13.0234 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/16 07:17:13.0437 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/16 07:17:14.0687 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/16 07:17:22.0140 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/01/16 07:17:27.0421 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/01/16 07:17:34.0750 ialm (b9b916b56903cddd5d6a615079cab5a7) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/16 07:17:35.0609 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ialmnt5.sys. Real md5: b9b916b56903cddd5d6a615079cab5a7, Fake md5: cc449157474d5e43daea7e20f52c635a
2011/01/16 07:17:35.0625 ialm - detected Forged file (1)
2011/01/16 07:17:43.0078 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/16 07:17:45.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/16 07:17:45.0640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/16 07:17:50.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/16 07:17:52.0312 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/01/16 07:17:56.0750 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/16 07:18:04.0187 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/16 07:18:05.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/16 07:18:08.0328 Srv (e0e796692108468dbb60d03b7b1bb0d0) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/16 07:18:08.0578 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\srv.sys. Real md5: e0e796692108468dbb60d03b7b1bb0d0, Fake md5: 0f6aefad3641a657e18081f52d0c15af
2011/01/16 07:18:08.0578 Srv - detected Forged file (1)
2011/01/16 07:18:20.0859 w39n51 (1bb3bd3f6419cf148507bfb8006053ef) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/01/16 07:18:21.0781 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\w39n51.sys. Real md5: 1bb3bd3f6419cf148507bfb8006053ef, Fake md5: b1f126e7e28877106d60e6ff3998d033
2011/01/16 07:18:21.0796 w39n51 - detected Forged file (1)
2011/01/16 07:18:22.0937 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/01/16 07:18:25.0468 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/01/16 07:18:27.0156 ================================================================================
2011/01/16 07:18:27.0156 Scan finished
2011/01/16 07:18:27.0156 ================================================================================
2011/01/16 07:18:27.0171 Detected object count: 3
2011/01/16 07:26:35.0156 Forged file(ialm) - User select action: Skip
2011/01/16 07:26:35.0156 Forged file(Srv) - User select action: Skip
2011/01/16 07:26:35.0171 Forged file(w39n51) - User select action: Skip
2011/01/16 07:27:20.0203 Deinitialize success



TDSSKiller.exe - Second Run

2011/01/16 07:54:11.0078 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/16 07:54:11.0078 ================================================================================
2011/01/16 07:54:11.0078 SystemInfo:
2011/01/16 07:54:11.0078
2011/01/16 07:54:11.0078 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/16 07:54:11.0078 Product type: Workstation
2011/01/16 07:54:11.0078 ComputerName: HEG
2011/01/16 07:54:11.0078 UserName: Heg
2011/01/16 07:54:11.0078 Windows directory: C:\WINDOWS
2011/01/16 07:54:11.0078 System windows directory: C:\WINDOWS
2011/01/16 07:54:11.0078 Processor architecture: Intel x86
2011/01/16 07:54:11.0078 Number of processors: 2
2011/01/16 07:54:11.0078 Page size: 0x1000
2011/01/16 07:54:11.0078 Boot type: Normal boot
2011/01/16 07:54:11.0078 ================================================================================
2011/01/16 07:54:12.0687 Initialize success
2011/01/16 07:54:17.0562 ================================================================================
2011/01/16 07:54:17.0562 Scan started
2011/01/16 07:54:17.0562 Mode: Manual;
2011/01/16 07:54:17.0562 ================================================================================
2011/01/16 07:54:21.0265 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/16 07:54:21.0921 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/16 07:54:22.0562 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/16 07:54:23.0171 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/16 07:54:23.0921 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/16 07:54:24.0656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/16 07:54:25.0312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/16 07:54:25.0953 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/16 07:54:26.0812 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/16 07:54:27.0500 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/16 07:54:28.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/16 07:54:28.0703 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/16 07:54:29.0531 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/16 07:54:30.0515 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/16 07:54:31.0375 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/16 07:54:32.0000 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/01/16 07:54:32.0578 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/01/16 07:54:33.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/16 07:54:33.0859 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/16 07:54:34.0937 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/16 07:54:35.0906 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/16 07:54:36.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/16 07:54:37.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/16 07:54:38.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/16 07:54:38.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/16 07:54:38.0953 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/16 07:54:39.0578 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/01/16 07:54:40.0218 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/01/16 07:54:41.0234 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/16 07:54:42.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/16 07:54:44.0671 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/16 07:54:45.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/16 07:54:46.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/16 07:54:47.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/16 07:54:48.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/16 07:54:49.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/16 07:54:51.0000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/16 07:54:52.0156 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/16 07:54:53.0140 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/16 07:54:54.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/16 07:54:55.0296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/16 07:54:56.0453 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/16 07:54:57.0406 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2011/01/16 07:54:58.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/16 07:54:59.0171 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/16 07:55:00.0109 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/16 07:55:01.0171 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/01/16 07:55:02.0109 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/16 07:55:02.0984 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/16 07:55:04.0000 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/16 07:55:04.0843 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/01/16 07:55:05.0843 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/16 07:55:07.0046 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/16 07:55:08.0937 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/16 07:55:10.0953 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/16 07:55:11.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/16 07:55:13.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/16 07:55:13.0921 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/16 07:55:14.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/16 07:55:16.0046 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/16 07:55:17.0203 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/16 07:55:17.0843 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/01/16 07:55:18.0765 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/16 07:55:20.0218 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/16 07:55:21.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/16 07:55:22.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/16 07:55:23.0828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/16 07:55:25.0218 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/16 07:55:26.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/16 07:55:28.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/16 07:55:30.0000 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/16 07:55:31.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/16 07:55:32.0890 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/16 07:55:34.0234 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/16 07:55:35.0375 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/16 07:55:37.0546 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/01/16 07:55:38.0671 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/01/16 07:55:39.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/16 07:55:41.0343 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/16 07:55:44.0000 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/16 07:55:45.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/16 07:55:47.0406 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/16 07:55:49.0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/16 07:55:51.0406 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/16 07:55:52.0468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/16 07:55:53.0578 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/16 07:55:55.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/16 07:55:56.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/16 07:55:57.0515 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/16 07:55:58.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/16 07:56:00.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/16 07:56:02.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/16 07:56:05.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/16 07:56:07.0421 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/16 07:56:08.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/16 07:56:10.0343 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/16 07:56:12.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/16 07:56:14.0406 kwkpcusb (42ede2adb97bff408115c7ef1df965f3) C:\WINDOWS\system32\DRIVERS\kwusbnt.sys
2011/01/16 07:56:17.0984 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/16 07:56:19.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/16 07:56:20.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/16 07:56:21.0890 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/16 07:56:23.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/16 07:56:24.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/16 07:56:25.0906 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/16 07:56:27.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/16 07:56:28.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/16 07:56:30.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/16 07:56:31.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/16 07:56:32.0359 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/16 07:56:33.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/16 07:56:34.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/16 07:56:35.0343 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/16 07:56:37.0140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/16 07:56:41.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/16 07:56:41.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/16 07:56:42.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/16 07:56:43.0640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/16 07:56:44.0843 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/16 07:56:45.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/16 07:56:50.0734 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/01/16 07:57:02.0312 NETwLx32 (cbd6918929b5edacff9c782536019bbb) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
2011/01/16 07:57:07.0375 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/16 07:57:07.0937 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/01/16 07:57:08.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/16 07:57:09.0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/16 07:57:10.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/16 07:57:12.0890 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/16 07:57:14.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/16 07:57:15.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/16 07:57:16.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/16 07:57:16.0593 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/01/16 07:57:17.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/16 07:57:17.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/16 07:57:18.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/16 07:57:18.0859 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys
2011/01/16 07:57:19.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/16 07:57:20.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/16 07:57:21.0109 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/16 07:57:23.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/16 07:57:24.0203 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/16 07:57:24.0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/16 07:57:25.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/16 07:57:25.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/16 07:57:26.0515 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/16 07:57:27.0093 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/16 07:57:27.0640 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/16 07:57:28.0218 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/16 07:57:28.0828 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/16 07:57:29.0421 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/16 07:57:29.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/16 07:57:30.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/16 07:57:31.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/16 07:57:31.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/16 07:57:32.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/16 07:57:33.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/16 07:57:33.0656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/16 07:57:34.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/16 07:57:35.0109 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/16 07:57:36.0218 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/01/16 07:57:36.0875 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/16 07:57:37.0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/16 07:57:38.0031 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/16 07:57:38.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/16 07:57:39.0218 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/01/16 07:57:39.0859 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/01/16 07:57:40.0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/16 07:57:41.0578 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/16 07:57:42.0718 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/16 07:57:43.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/16 07:57:44.0812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/16 07:57:45.0718 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/16 07:57:46.0453 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/01/16 07:57:48.0328 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/16 07:57:48.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/16 07:57:49.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/16 07:57:50.0140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/16 07:57:50.0890 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/16 07:57:51.0781 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/16 07:57:52.0703 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/16 07:57:53.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/16 07:57:55.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/16 07:57:55.0875 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/16 07:57:56.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/16 07:57:57.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/16 07:57:57.0625 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/16 07:57:58.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/16 07:57:59.0328 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/16 07:58:00.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/16 07:58:01.0562 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/16 07:58:02.0187 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/16 07:58:02.0765 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/01/16 07:58:03.0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/16 07:58:03.0937 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/16 07:58:04.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/16 07:58:05.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/16 07:58:05.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/16 07:58:06.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/16 07:58:06.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/16 07:58:07.0390 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/16 07:58:08.0031 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/16 07:58:08.0656 VmbInfce (9e03ad10f36672f4f8e83587712ac0a9) C:\WINDOWS\system32\drivers\vmbinfce.sys
2011/01/16 07:58:09.0328 VolSnap (0fd6d2221c85dafe1a1a149972463458) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/16 07:58:09.0375 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/16 07:58:09.0375 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/16 07:58:10.0906 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/01/16 07:58:12.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/16 07:58:13.0234 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/01/16 07:58:14.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/16 07:58:15.0531 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/01/16 07:58:16.0171 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/01/16 07:58:16.0734 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/01/16 07:58:17.0281 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/01/16 07:58:17.0859 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/01/16 07:58:19.0640 ================================================================================
2011/01/16 07:58:19.0640 Scan finished
2011/01/16 07:58:19.0640 ================================================================================
2011/01/16 07:58:19.0656 Detected object count: 1
2011/01/16 07:58:33.0531 VolSnap (0fd6d2221c85dafe1a1a149972463458) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/16 07:58:33.0546 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/16 07:58:41.0828 Backup copy found, using it..
2011/01/16 07:58:41.0937 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/01/16 07:58:41.0937 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/01/16 07:58:49.0375 Deinitialize success
 
Good job there :)

What about those iexplore.exe now?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Finally here are the two files that I know were associated with the rogue iexplore.exe. They were continually being created and updated throughout the past few weeks so they may be slightly different. Please not the urls changes. Clickleg.org seems to be the main one, however there were many others. Also, my temporary internet files folder was constantly filled with junk from these places even though I never browsed to them.

serf_conf.log

[PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.searchtasteless.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.searchtasteless.org/ac.php=|www.searchtasteless.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
viewthanks.org
searchsession.org
searchdistribution.org
searchsuccessful.org
searchgateway.org
onlineprostats.com
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
16:1:2011
[date_end]






test.reg -- File used to update the registry, which is why no matter how many times I set firefox to my default, iexpore became my default.


Windows Registry Editor Version 5.00

;Ramesh Srinivasan - http://windowsxp.mvps.org
;Sets IE as default (For use with Windows XP systems)
;Use this only if IE is installed in its default location
;c:\Program Files\Internet Explorer
;Revised April 1, 2005 - Changed IExplore.exe path to LFN format

[HKEY_CLASSES_ROOT\ftp]
@="URL:File Transfer Protocol"
"EditFlags"=dword:00000002
"ShellFolder"="{63da6ec0-2e98-11cf-8d82-444553540000}"
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"URL Protocol"=""

[HKEY_CLASSES_ROOT\ftp\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

[HKEY_CLASSES_ROOT\ftp\Extensions]
".IVF"="{C69E8F40-D5C8-11D0-A520-145405C10000}"

[HKEY_CLASSES_ROOT\ftp\shell]
@="open"

[HKEY_CLASSES_ROOT\ftp\shell\open]

[HKEY_CLASSES_ROOT\ftp\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\ifExec]
@="*"

[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\htmlfile]
@="HTML Document"
"EditFlags"=dword:00010000
"BrowserFlags"=dword:00000008

[HKEY_CLASSES_ROOT\htmlfile\BrowseInPlace]
@=""

[HKEY_CLASSES_ROOT\htmlfile\CLSID]
@="{25336920-03F9-11CF-8FD0-00AA00686F13}"

[HKEY_CLASSES_ROOT\htmlfile\DefaultIcon]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe,1"

[HKEY_CLASSES_ROOT\htmlfile\ScriptHostEncode]
@="{0CF774D0-F077-11D1-B1BC-00C04F86C324}"

[HKEY_CLASSES_ROOT\htmlfile\shell]
@="opennew"

[HKEY_CLASSES_ROOT\htmlfile\shell\open]
@="Open in S&ame Window"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec]
@="\"file://%1\",,-1,,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew]
@="&Open"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\IfExec]
@="*"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Topic]
@="WWW_OpenURLNewWindow"

[HKEY_CLASSES_ROOT\htmlfile\shell\printto]

[HKEY_CLASSES_ROOT\htmlfile\shell\printto\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,20,00,22,\
00,25,00,32,00,22,00,20,00,22,00,25,00,33,00,22,00,20,00,22,00,25,00,34,00,\
22,00,00,00

[HKEY_CLASSES_ROOT\HTTP]
@="URL:HyperText Transfer Protocol"
"EditFlags"=dword:00000002
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"URL Protocol"=""

[HKEY_CLASSES_ROOT\HTTP\AnimExtensions]
"."="dxmasf.dll,150"
".asf"="dxmasf.dll,150"
".asp"="dxmasf.dll,150"
".asx"="dxmasf.dll,150"
".nsc"="dxmasf.dll,150"
".wax"="dxmasf.dll,150"
".wm"="dxmasf.dll,150"
".wma"="dxmasf.dll,150"
".wmv"="dxmasf.dll,150"
".wmx"="dxmasf.dll,150"
".wvx"="dxmasf.dll,150"

[HKEY_CLASSES_ROOT\HTTP\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

[HKEY_CLASSES_ROOT\HTTP\Extensions]
".ASF"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".ASX"="{4B428940-263C-11d1-A520-000000000000}"
".ASP"="{4B428940-263C-11d1-A520-000000000000}"
".WAX"="{4B428940-263C-11d1-A520-000000000000}"
".WM"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".WMA"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".NSC"="{4B428940-263C-11d1-A520-000000000000}"
".BECK"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".WVX"="{4B428940-263C-11d1-A520-000000000000}"
".WMV"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".WMX"="{4B428940-263C-11d1-A520-000000000000}"
".IVF"="{C69E8F40-D5C8-11D0-A520-145405C10000}"

[HKEY_CLASSES_ROOT\HTTP\shell]
@="open"

[HKEY_CLASSES_ROOT\HTTP\shell\open]

[HKEY_CLASSES_ROOT\HTTP\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\https]
@="URL:HyperText Transfer Protocol with Privacy"
"EditFlags"=dword:00000002
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"BrowserFlags"=dword:00000008
"URL Protocol"=""

[HKEY_CLASSES_ROOT\https\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

[HKEY_CLASSES_ROOT\https\shell]
@="open"

[HKEY_CLASSES_ROOT\https\shell\open]

[HKEY_CLASSES_ROOT\https\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\https\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\InternetShortcut]
"EditFlags"=dword:00000002
@="Internet Shortcut"
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_CLASSES_ROOT\InternetShortcut\CLSID]
@="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"

[HKEY_CLASSES_ROOT\InternetShortcut\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

[HKEY_CLASSES_ROOT\InternetShortcut\shell]

[HKEY_CLASSES_ROOT\InternetShortcut\shell\open]
"CLSID"="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command]
@="rundll32.exe shdocvw.dll,OpenURL %l"

[HKEY_CLASSES_ROOT\InternetShortcut\shell\print]

[HKEY_CLASSES_ROOT\InternetShortcut\shell\print\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,00,00

[HKEY_CLASSES_ROOT\InternetShortcut\shell\printto]

[HKEY_CLASSES_ROOT\InternetShortcut\shell\printto\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,20,00,22,\
00,25,00,32,00,22,00,20,00,22,00,25,00,33,00,22,00,20,00,22,00,25,00,34,00,\
22,00,00,00

[HKEY_CLASSES_ROOT\InternetShortcut\shellex]

[HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
@=""

[HKEY_CLASSES_ROOT\InternetShortcut\shellex\IconHandler]
@="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"

[HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertyHandler]
@="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"

[HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertySheetHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
@="Internet Shortcut"

[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32]
@="shdocvw.dll"
"ThreadingModel"="Apartment"
"LoadWithoutCOM"=""

[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\PersistentHandler]
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\ProgID]
@="InternetShortcut"

[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex\MayChangeDefaultMenu]
@=""

[HKEY_CLASSES_ROOT\gopher]
@="URL:Gopher Protocol"
"EditFlags"=dword:00000002
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"URL Protocol"=""

[HKEY_CLASSES_ROOT\gopher\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

[HKEY_CLASSES_ROOT\gopher\shell]

[HKEY_CLASSES_ROOT\gopher\shell\open]

[HKEY_CLASSES_ROOT\gopher\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\mhtmlfile]
@="MHTML Document"

[HKEY_CLASSES_ROOT\mhtmlfile\BrowseInPlace]
@=""

[HKEY_CLASSES_ROOT\mhtmlfile\CLSID]
@="{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}"

[HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe,22"

[HKEY_CLASSES_ROOT\mhtmlfile\shell]
@="opennew"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\open]
@="Open in S&ame Window"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec]
@="\"file://%1\",,-1,,,,,"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew]
@="&Open"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec]
@="\"file://%1\",,-1,,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\IfExec]
@="*"

[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Topic]
@="WWW_OpenURLNewWindow"

[HKEY_CLASSES_ROOT\.htm]
@="htmlfile"

[HKEY_CLASSES_ROOT\.html]
@="htmlfile"

[HKEY_CLASSES_ROOT\.mht]
@="mhtmlfile"

[HKEY_CLASSES_ROOT\.mhtml]
@="mhtmlfile"
 
Sorry I got carried away with posting the logs :) I did see your reply on running combofix and I will do that shortly.

As for the iexplore.exe process. I have no seen them come up. There was a day or so back when I first started troubleshooting this that they didn't appear but I also wasn't connected to the internet. I think once I got a connection it downloaded itself. However, as of now I don't see anything in the processes.

I will post the logs from combofix shortly. However, I need to run to lunch.
 
ComboFix 11-01-16.02 - Heg 01/16/2011 16:13:53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.654 [GMT -6:00]
Running from: c:\documents and settings\Heg\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\prtprocs\w32x86\ps3200pc.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 22:34 . 2011-01-16 22:40 -------- dc-h--w- c:\windows\ie8
2011-01-15 16:39 . 2011-01-15 22:52 -------- d-----w- C:\bd_logs
2011-01-09 23:28 . 2011-01-09 23:28 -------- d-----w- c:\documents and settings\Heg\Local Settings\Application Data\Temp
2011-01-09 20:26 . 2011-01-09 20:26 -------- d-----w- c:\program files\Magical Jelly Bean
2011-01-07 22:11 . 2011-01-07 22:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-01-06 04:45 . 2011-01-06 04:45 -------- d-----w- C:\_OTL
2011-01-06 01:51 . 2011-01-06 01:51 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2011-01-04 02:12 . 2011-01-04 02:12 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-04 02:00 . 2011-01-04 02:00 -------- d-----w- c:\program files\Sophos
2011-01-04 00:15 . 2011-01-04 00:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-03 22:07 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-01-03 15:45 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-03 15:45 . 2011-01-03 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-03 15:45 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-03 03:45 . 2011-01-04 15:22 -------- d-----w- c:\windows\system32\NtmsData
2011-01-03 00:25 . 2011-01-03 00:25 -------- d--h--w- c:\windows\PIF
2011-01-02 23:40 . 2011-01-02 23:40 -------- d-----w- c:\program files\ESET
2011-01-02 22:37 . 2011-01-02 22:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-02 17:22 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-01-02 17:22 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-01-02 17:14 . 2011-01-02 17:14 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-02 17:05 . 2011-01-02 17:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-02 16:39 . 2011-01-02 16:39 -------- d-----w- c:\documents and settings\Heg\Application Data\AVG10
2011-01-02 16:35 . 2011-01-02 16:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-02 16:10 . 2011-01-04 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-02 16:03 . 2011-01-02 16:03 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-01-02 15:51 . 2011-01-02 15:51 -------- d-----w- c:\program files\Common Files\Apple
2011-01-02 15:50 . 2011-01-02 15:50 -------- d-----w- c:\documents and settings\Heg\Local Settings\Application Data\Apple
2011-01-02 15:48 . 2011-01-02 15:49 -------- d-----w- c:\program files\Apple Software Update
2011-01-02 15:48 . 2011-01-02 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-01-02 15:32 . 2010-11-13 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-02 15:32 . 2010-11-13 00:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-02 15:26 . 2011-01-02 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-02 15:19 . 2011-01-02 15:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-23 17:30 . 2010-12-23 17:24 831488 ------w- c:\program files\xerox\xlibeay.dll
2010-12-23 17:30 . 2010-12-23 17:24 607232 ------w- c:\program files\xerox\x2utilA0.dll
2010-12-23 17:30 . 2010-12-23 17:24 400384 ------w- c:\program files\xerox\x2comsA0.dll
2010-12-23 17:30 . 2010-12-23 17:24 393216 ------w- c:\program files\xerox\x2txt01.dll
2010-12-23 17:30 . 2010-12-23 17:24 135168 ------w- c:\program files\xerox\EReg.exe
2010-12-23 17:26 . 2010-12-23 17:24 22723 ----a-w- c:\windows\system32\ps3200l3.dll
2010-12-23 17:26 . 2010-12-23 17:24 65536 ----a-w- c:\windows\system32\ps3200ci.dll
2010-12-23 17:26 . 2010-12-23 17:24 151552 ----a-w- c:\windows\system32\ps3200ci.exe
2010-12-23 17:25 . 2010-12-23 17:24 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-16 13:59 . 2004-08-11 22:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-11 22:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 22:34 . 2007-09-04 19:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-11 22:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17 . 2004-08-11 22:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-11 22:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-05_04.02.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-16 18:11 . 2011-01-16 18:11 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat
+ 2004-08-11 22:00 . 2011-01-16 12:14 63418 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-11 22:00 . 2009-03-08 10:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 03:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 03:03 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 74240 c:\windows\system32\mscories.dll
+ 2004-08-11 22:00 . 2009-03-08 10:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2004-08-11 22:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2006-09-22 12:03 . 2009-03-08 10:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-09-22 12:03 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-06-12 07:36 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-06-12 07:36 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 18:05 . 2009-03-08 10:34 43008 c:\windows\system32\dllcache\licmgr10.dll
- 2006-09-22 12:03 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-09-22 12:03 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 83456 c:\windows\system32\dfshim.dll
- 2006-09-27 23:30 . 2011-01-05 01:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-27 23:30 . 2011-01-16 13:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-27 23:30 . 2011-01-16 13:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-27 23:30 . 2011-01-05 01:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-01-03 15:57 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\update\spcustom.dll
- 2011-01-03 15:57 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\spmsg.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 13:28 . 2005-09-23 13:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 13:29 . 2005-09-23 13:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 12:36 . 2005-09-23 12:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 12:47 . 2005-09-23 12:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 12:30 . 2005-09-23 12:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 12:47 . 2005-09-23 12:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 12:47 . 2005-09-23 12:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 12:47 . 2005-09-23 12:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 12:47 . 2005-09-23 12:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 12:46 . 2005-09-23 12:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 12:46 . 2005-09-23 12:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 12:46 . 2005-09-23 12:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 12:44 . 2005-09-23 12:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 12:42 . 2005-09-23 12:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 12:40 . 2005-09-23 12:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 12:40 . 2005-09-23 12:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 12:40 . 2005-09-23 12:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 12:38 . 2005-09-23 12:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 12:38 . 2005-09-23 12:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 09:46 . 2005-09-23 09:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 12:36 . 2005-09-23 12:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 12:34 . 2005-09-23 12:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 12:34 . 2005-09-23 12:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 12:34 . 2005-09-23 12:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 12:32 . 2005-09-23 12:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 55488 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2011-01-03 21:59 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-01-16 18:05 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-01-16 18:06 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
- 2011-01-03 21:59 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
+ 2011-01-16 18:06 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
- 2011-01-03 21:59 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
+ 2011-01-16 18:05 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
- 2011-01-03 21:59 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
- 2011-01-03 21:59 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-01-16 18:05 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-01-16 22:37 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
- 2011-01-03 21:50 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
- 2011-01-03 21:46 . 2006-10-17 17:28 48128 c:\windows\ie8\mshtmler.dll
+ 2011-01-16 22:34 . 2006-10-17 17:28 48128 c:\windows\ie8\mshtmler.dll
+ 2011-01-16 22:34 . 2006-10-17 17:56 45568 c:\windows\ie8\mshta.exe
- 2011-01-03 21:46 . 2006-10-17 17:56 45568 c:\windows\ie8\mshta.exe
- 2011-01-03 21:46 . 2006-10-17 17:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-01-16 22:34 . 2006-10-17 17:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-01-16 22:34 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
- 2011-01-03 21:46 . 2006-10-17 18:05 40960 c:\windows\ie8\licmgr10.dll
+ 2011-01-16 22:34 . 2006-10-17 18:05 40960 c:\windows\ie8\licmgr10.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
- 2011-01-03 21:46 . 2006-11-07 09:26 92672 c:\windows\ie8\inseng.dll
+ 2011-01-16 22:34 . 2006-11-07 09:26 92672 c:\windows\ie8\inseng.dll
- 2011-01-03 21:46 . 2006-10-17 17:57 36352 c:\windows\ie8\imgutil.dll
+ 2011-01-16 22:34 . 2006-10-17 17:57 36352 c:\windows\ie8\imgutil.dll
- 2011-01-03 21:46 . 2006-11-07 09:26 55296 c:\windows\ie8\iesetup.dll
+ 2011-01-16 22:34 . 2006-11-07 09:26 55296 c:\windows\ie8\iesetup.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
- 2011-01-03 21:46 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
+ 2011-01-16 22:34 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
- 2011-01-03 21:46 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
- 2011-01-03 21:46 . 2006-10-17 17:44 60416 c:\windows\ie8\hmmapi.dll
+ 2011-01-16 22:34 . 2006-10-17 17:44 60416 c:\windows\ie8\hmmapi.dll
- 2011-01-03 21:46 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2011-01-16 22:34 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2011-01-16 22:34 . 2006-11-07 09:26 71680 c:\windows\ie8\admparse.dll
- 2011-01-03 21:46 . 2006-11-07 09:26 71680 c:\windows\ie8\admparse.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9d3aab7fb86a3d4681e6015739486533\Microsoft.Build.Framework.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f34a562d7823ff4085712627483b561f\dfsvc.ni.exe
+ 2011-01-16 22:14 . 2011-01-16 22:14 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc177345732c2240a691624c28db694a\Accessibility.ni.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-11 22:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
+ 2004-08-11 22:00 . 2011-01-16 12:14 402974 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2004-08-11 22:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
- 2004-08-11 22:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 03:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 150016 c:\windows\system32\mscorier.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 22:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:06 . 2011-01-10 23:30 115768 c:\windows\system32\FNTCACHE.DAT
+ 2006-09-22 12:03 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-09-22 12:03 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2006-10-17 18:04 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 18:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2006-09-22 12:03 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-09-22 12:03 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2007-06-12 07:36 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2006-09-22 12:03 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-09-22 12:03 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-11-07 09:27 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 09:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 09:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-01-03 15:57 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\update\updspapi.dll
- 2011-01-03 15:57 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\update\update.exe
- 2011-01-03 15:57 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\42360c8fdaf030cd25332428cfba61cd\spuninst.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 13:57 . 2005-09-23 13:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 13:01 . 2005-09-23 13:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2011-01-06 01:54 . 2011-01-06 01:54 502272 c:\windows\Installer\117719.msi
+ 2011-01-06 01:51 . 2011-01-06 01:51 542720 c:\windows\Installer\117714.msi
- 2011-01-03 21:59 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-01-16 18:05 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
- 2011-01-03 21:59 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
+ 2011-01-16 18:06 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
+ 2011-01-16 18:06 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
- 2011-01-03 21:59 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
- 2011-01-03 22:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-01-16 18:06 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
- 2011-01-03 22:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-01-16 18:06 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-01-16 18:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
- 2011-01-03 21:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
- 2011-01-03 21:59 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-01-16 18:05 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
- 2011-01-03 21:59 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-01-16 18:05 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-01-16 18:05 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
- 2011-01-03 21:59 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
- 2011-01-03 21:59 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-01-16 18:05 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-01-16 18:05 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
- 2011-01-03 21:59 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
- 2011-01-03 21:59 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-01-16 18:05 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-01-16 18:05 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
- 2011-01-03 21:59 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
- 2011-01-03 21:59 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-01-16 18:05 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-01-16 22:34 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
+ 2011-01-16 22:34 . 2006-10-17 18:05 206336 c:\windows\ie8\winfxdocobj.exe
- 2011-01-03 21:46 . 2006-10-17 18:05 206336 c:\windows\ie8\winfxdocobj.exe
- 2011-01-03 21:46 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
- 2011-01-03 21:46 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2011-01-16 22:34 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
- 2011-01-03 21:46 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2011-01-16 22:34 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
- 2011-01-03 21:50 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-01-16 22:37 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2011-01-03 21:50 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-01-16 22:37 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2011-01-03 21:46 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
+ 2011-01-16 22:34 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
- 2011-01-03 21:46 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
+ 2011-01-16 22:34 . 2006-11-08 03:03 156160 c:\windows\ie8\msls31.dll
- 2011-01-03 21:46 . 2006-11-08 03:03 156160 c:\windows\ie8\msls31.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
- 2011-01-03 21:46 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2011-01-16 22:34 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
- 2011-01-03 21:46 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
+ 2011-01-16 22:34 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
- 2011-01-03 21:46 . 2006-11-08 03:03 180736 c:\windows\ie8\ieui.dll
+ 2011-01-16 22:34 . 2006-11-08 03:03 180736 c:\windows\ie8\ieui.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
- 2011-01-03 21:46 . 2006-11-08 03:03 191488 c:\windows\ie8\iepeers.dll
+ 2011-01-16 22:34 . 2006-11-08 03:03 191488 c:\windows\ie8\iepeers.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
+ 2011-01-16 22:34 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
- 2011-01-03 21:46 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
 
+ 2011-01-16 22:17 . 2011-01-16 22:17 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b06e855e108d7f4ca4d714d96c39efff\System.Web.RegularExpressions.ni.dll
+ 2011-01-16 22:16 . 2011-01-16 22:16 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\776d34096a1d784da11bdc964f9d4685\System.Transactions.ni.dll
+ 2011-01-16 22:16 . 2011-01-16 22:16 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e2146c31fa1d8c4d9119307cbce2d5cd\System.Security.ni.dll
+ 2011-01-16 22:16 . 2011-01-16 22:16 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\93aef158a558434da5878196ac1fe2d5\System.EnterpriseServices.Wrapper.dll
+ 2011-01-16 22:16 . 2011-01-16 22:16 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\93aef158a558434da5878196ac1fe2d5\System.EnterpriseServices.ni.dll
+ 2011-01-16 12:12 . 2011-01-16 12:12 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b3494c231ff3854da899064aa44ac95d\System.Drawing.Design.ni.dll
+ 2011-01-16 22:16 . 2011-01-16 22:16 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3f565cd58727bf4d8e6d31b2f8e6f121\System.DirectoryServices.Protocols.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d416a781eb9f314db93166c4a814abff\System.Configuration.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\8cc8f5aa18f40d4d94256a3a5704578a\Microsoft.Build.Utilities.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3ef3161255176b49bb33b1977099fd5c\Microsoft.Build.Engine.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\6f8b25f1c0934f49b8f65f51ab104abf\CustomMarshalers.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\45c0b29d5904274da4b750159d977b0b\AspNetMMCExt.ni.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-01-16 12:07 . 2011-01-16 12:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2006-10-17 17:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-22 12:03 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 13:08 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2007-06-12 07:36 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 13:29 . 2005-09-23 13:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 13:28 . 2005-09-23 13:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 13:28 . 2005-09-23 13:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2011-01-16 12:10 . 2011-01-16 12:10 2109440 c:\windows\Installer\12ca67.msi
- 2011-01-03 21:59 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-01-16 18:05 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-01-16 18:05 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
- 2011-01-03 21:59 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-01-16 18:05 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
- 2011-01-03 21:59 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
+ 2011-01-16 22:34 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
- 2011-01-03 21:46 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
- 2011-01-03 21:46 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
+ 2011-01-16 22:34 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
- 2011-01-03 21:46 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2011-01-16 22:34 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2011-01-16 12:12 . 2011-01-16 12:12 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\a36ec900587268408849739624ffbbc1\System.ni.dll
+ 2011-01-16 12:13 . 2011-01-16 12:13 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d26c76980431604d837b7888fcb5fe85\System.Xml.ni.dll
+ 2011-01-16 22:17 . 2011-01-16 22:17 1945600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\976864be43072b4b96bf4c05ecd2776a\System.Web.Services.ni.dll
+ 2011-01-16 22:17 . 2011-01-16 22:17 2310144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\260b56fdc5ec8e45b3e20270d2ddee6e\System.Web.Mobile.ni.dll
+ 2011-01-16 12:12 . 2011-01-16 12:12 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2f299210496fc441ae660f6c37f4ecc5\System.Drawing.ni.dll
+ 2011-01-16 22:16 . 2011-01-16 22:16 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e9adab86e5cce14da5049446741a618f\System.DirectoryServices.ni.dll
+ 2011-01-16 22:16 . 2011-01-16 22:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2f32684e7534614686ab030258bd96d9\System.Deployment.ni.dll
+ 2011-01-16 12:13 . 2011-01-16 12:13 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0e5e97c8362cc64dbba5d22cda28e521\System.Data.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f036369954822242b74588ce7d4d4d7c\Microsoft.VisualBasic.ni.dll
+ 2011-01-16 22:15 . 2011-01-16 22:15 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\94c39c91de7f3d47a80849c42e6b8988\Microsoft.Build.Tasks.ni.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-01-16 12:08 . 2011-01-16 12:08 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-01-16 12:09 . 2011-01-16 12:09 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-16 22:49 . 2011-01-16 06:14 37403080 c:\windows\system32\MRT.exe
+ 2006-11-08 03:03 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2007-06-12 07:36 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2005-09-23 13:48 . 2005-09-23 13:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2011-01-16 18:05 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
- 2011-01-03 21:59 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-01-16 12:13 . 2011-01-16 12:13 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\df797d351f662e41a458ed1c4b06b36b\System.Windows.Forms.ni.dll
+ 2011-01-16 22:16 . 2011-01-16 22:17 11808768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\bebe78d76706744b84f922b8af22ccfd\System.Web.ni.dll
+ 2011-01-16 12:14 . 2011-01-16 12:14 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\3406e3d63aed0d48837aec09fa10e836\System.Design.ni.dll
+ 2011-01-16 12:11 . 2011-01-16 12:11 11411456 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ff9a1d7393b5ac49a8bf7c08a61d7d57\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-19 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1206544]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Heg^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Heg^Start Menu^Programs^Startup^PersonalBrain.lnk]
backup=c:\windows\pss\PersonalBrain.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 04:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-06-29 17:13 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 02:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2006-05-16 17:35 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-26 22:13 1207080 ----a-w- c:\progra~1\MICROS~3\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 05:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-23 02:40 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 07:45 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 07:44 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-16 13:43 274432 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 20:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-06-30 16:00 2836376 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 18:37 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"DataSvr2"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [9/18/2010 12:32 PM 6607744]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;c:\windows\system32\drivers\kwusbnt.sys [2/8/2007 6:28 PM 101280]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys [1/29/2007 9:32 AM 95104]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCEXP141
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060922
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Heg\Application Data\Mozilla\Firefox\Profiles\ir3f5is0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 16:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(*q* ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2011-01-16 16:29:58
ComboFix-quarantined-files.txt 2011-01-16 22:29
ComboFix2.txt 2011-01-05 04:19

Pre-Run: 64,108,527,616 bytes free
Post-Run: 64,086,048,768 bytes free

- - End Of File - - 3810F58B7D7DC44234212D7F83E7BB9C
 
Status
Not open for further replies.

Similar threads

M
Front Page Cache Issues?
Replies
13
Views
509
BbN48
B
E
Intel unveils 14A process node and custom chip-deal with Microsoft worth $15 billion
Replies
5
Views
184
Mr Majestyk
M
Jess_123
My num pad + doesn't work ...
Replies
0
Views
276
Jess_123
Jess_123

Latest posts

Back