combofix log 3/3
+ 2010-01-04 16:12 . 2009-10-29 07:45 124928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\advpack.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2010-01-11 01:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2010-01-11 01:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2010-01-11 01:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2010-01-04 16:11 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2010-01-11 01:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-13 02:58 . 2009-10-13 02:58 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2010-01-04 16:15 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2010-01-11 01:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2010-01-04 16:13 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2010-01-11 01:16 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2010-01-11 01:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2010-01-11 01:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2010-01-11 01:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2010-01-11 01:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2010-01-11 01:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2010-01-04 16:05 . 2009-08-13 15:02 512000 c:\windows\$hf_mig$\KB971961\SP3QFE\jscript.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
+ 2010-01-11 01:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
+ 2010-01-11 01:10 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2010-01-11 01:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2010-01-11 01:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2010-01-11 01:17 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2010-01-11 01:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2010-01-11 01:16 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2010-01-11 01:16 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2010-01-04 16:15 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2010-01-11 01:17 . 2009-05-27 01:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-11 01:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-04 16:17 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2010-01-11 01:13 . 2009-06-18 02:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2010-01-11 01:13 . 2009-06-18 02:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2010-01-04 16:18 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2006-04-28 14:38 . 2009-08-07 03:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-10-10 00:23 . 2009-10-10 00:23 1107456 c:\windows\system32\WsmSvc.dll
+ 2004-08-04 12:00 . 2009-05-20 12:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
+ 2008-03-07 21:00 . 2007-06-22 15:37 1414656 c:\windows\system32\spool\drivers\w32x86\3\xwpuiv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:36 3701760 c:\windows\system32\spool\drivers\w32x86\3\xwprv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:39 1058816 c:\windows\system32\spool\drivers\w32x86\3\PCL5ERES.DLL
+ 2004-08-04 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2004-08-04 12:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-30 03:06 . 2009-07-31 18:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 08:05 . 2009-07-21 08:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 2689024 c:\windows\system32\mstscax.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 1033728 c:\windows\system32\mstsc.exe
+ 2004-08-04 12:00 . 2010-01-05 22:30 3599360 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 22:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 20:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2009-08-18 07:33 . 2009-08-18 07:33 1193832 c:\windows\system32\FM20.DLL
+ 2006-04-28 14:38 . 2009-08-07 03:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 12:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-02-09 11:13 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2010-01-04 16:16 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-06-08 18:40 . 2009-08-05 04:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-06-08 18:40 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-06-08 18:40 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-06-08 18:40 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-06-08 18:40 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-12 16:17 . 2009-07-31 18:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 2689024 c:\windows\system32\dllcache\mstscax.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 1033728 c:\windows\system32\dllcache\mstsc.exe
+ 2004-08-04 12:00 . 2010-01-05 22:30 3599360 c:\windows\system32\dllcache\mshtml.dll
+ 2008-09-12 16:44 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-09-12 16:44 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2010-02-11 05:10 . 2007-12-27 01:30 1970176 c:\windows\system32\d3dx9.dll
- 2009-10-13 04:05 . 2007-12-27 00:30 1970176 c:\windows\system32\d3dx9.dll
+ 2009-08-08 07:51 . 2009-08-08 07:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 07:51 . 2009-08-08 07:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 11:59 . 2008-11-25 11:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 08:43 . 2008-05-28 08:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 03:50 . 2007-04-14 03:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-18 20:58 . 2009-08-18 20:58 8301056 c:\windows\Installer\198dd0e8.msp
+ 2009-07-27 12:31 . 2009-07-27 12:31 3738624 c:\windows\Installer\198dd0d4.msp
+ 2009-08-18 20:57 . 2009-08-18 20:57 9122304 c:\windows\Installer\198dd0c0.msp
+ 2009-10-16 15:09 . 2009-10-16 15:09 2518016 c:\windows\Installer\198dd0ac.msp
+ 2009-08-18 21:08 . 2009-08-18 21:08 1373696 c:\windows\Installer\198dd082.msp
- 2009-08-06 15:29 . 2009-08-06 16:21 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-08-06 15:29 . 2009-08-06 16:21 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-10-06 00:31 . 2007-10-06 00:31 5287984 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2010-03-20 23:44 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-03-20 23:44 . 2009-10-29 21:16 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2010-01-11 01:15 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dat
+ 2009-06-08 18:40 . 2009-08-05 04:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-06-08 18:40 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-06-08 18:40 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-06-08 18:40 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-06-08 18:40 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-01-11 01:14 . 2010-01-11 01:14 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_304fb07b\System.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2f351576\System.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_82419471\System.Xml.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_32b6d1ab\System.Xml.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f13c4a50\System.Windows.Forms.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_295f27d0\System.Windows.Forms.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7b444564\System.Drawing.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_205d5166\System.Design.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_06532aa8\System.Design.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4de1ec1\mscorlib.dll
+ 2010-01-11 01:15 . 2010-01-11 01:15 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_46156929\mscorlib.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-01-11 01:24 . 2010-01-11 01:24 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-01-11 01:24 . 2010-01-11 01:24 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4fddbe9c2ff96b543a624459cad647b6\System.Management.Automation.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 3722240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d7580a8595db77e165a51e2c1add4720\Microsoft.PowerShell.Editor.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d38b060a0a380c671c5e45c31905d2f0\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\74362bea6bc8a906a45d74c393969423\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Jscript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.Jscript.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-06-19 00:51 . 2009-06-19 00:51 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-06-19 00:51 . 2009-06-19 00:51 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-11 01:16 . 2008-08-30 03:06 1350664 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2010-01-11 01:16 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2010-01-11 01:12 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2010-01-11 01:12 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2010-01-11 01:12 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2010-01-11 01:12 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2010-01-11 01:10 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2010-01-11 01:17 . 2009-06-10 13:19 2066432 c:\windows\$NtUninstallKB969084$\mstscax.dll
+ 2010-01-11 01:17 . 2008-04-14 00:12 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2010-01-11 01:17 . 2008-06-18 10:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2010-01-04 16:12 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2010-01-04 16:14 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2010-01-04 16:14 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2010-01-04 16:08 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2010-01-04 16:08 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-05 02:47 . 2009-08-05 02:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2010-01-04 16:08 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-15 01:49 . 2009-08-15 01:49 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2010-01-04 16:16 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2010-01-09 08:28 . 2010-01-09 08:28 12337752 c:\windows\system32\rktools.exe
+ 2010-01-11 01:11 . 2010-02-01 18:26 30364104 c:\windows\system32\MRT.exe
+ 2009-08-11 05:08 . 2009-08-11 05:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-18 19:50 . 2009-08-18 19:50 12022272 c:\windows\Installer\47a8891.msp
+ 2009-08-15 04:32 . 2009-08-15 04:32 11110912 c:\windows\Installer\198dd106.msp
+ 2009-08-18 21:19 . 2009-08-18 21:19 10098688 c:\windows\Installer\198dd0fd.msp
+ 2009-08-10 22:09 . 2009-08-10 22:09 17254912 c:\windows\Installer\198dd099.msp
+ 2010-01-13 06:54 . 2010-01-13 06:54 10829312 c:\windows\Downloaded Installations\{B06DB85F-066C-4871-9FFA-A3A99854E6FC}\Teamcenter's Application Sharing.msi
+ 2010-01-11 01:24 . 2010-01-11 01:24 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-01-11 01:22 . 2010-01-11 01:22 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SIECACST"="c:\program files\Siemens\CardOS API\bin\siecacst.exe" [2007-08-02 81920]
"Ptipbmf"="ptipbmf.dll" [2007-10-20 118784]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 110592]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-06-04 5069648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"nwiz"="nwiz.exe" [2007-04-29 1626112]
"NVHotkey"="nvHotkey.dll" [2007-04-29 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-29 81920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2007-03-16 1028160]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\Pccntmon.exe" [2010-02-04 718120]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2008-06-29 05:49 122949 ----a-w- c:\windows\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 aacsas;Adaptec SAS/SATA-II RAID Miniport Driver;c:\windows\system32\drivers\aacsas.sys [9/15/2008 10:12 AM 81035]
R0 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [9/15/2008 10:12 AM 360960]
R0 AFAMgt;AFAMgt;c:\windows\system32\drivers\afamgt.sys [9/15/2008 10:12 AM 91707]
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [9/15/2008 10:12 AM 119808]
R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [9/15/2008 10:12 AM 29696]
R0 arcm_x86;arcm_x86;c:\windows\system32\drivers\arcm_x86.sys [9/15/2008 10:12 AM 25888]
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [9/15/2008 10:12 AM 6016]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [9/15/2008 10:12 AM 7680]
R0 FastSx;FastSx;c:\windows\system32\drivers\FastSx.sys [9/15/2008 10:12 AM 167424]
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [9/15/2008 10:12 AM 65536]
R0 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [9/15/2008 10:12 AM 177152]
R0 fttxr52P;fttxr52P;c:\windows\system32\drivers\fttxr52P.sys [9/15/2008 10:12 AM 160256]
R0 HpCISSm2;HpCISSm2;c:\windows\system32\drivers\HpCISSm2.sys [9/15/2008 10:12 AM 23040]
R0 Hpt366;Hpt366;c:\windows\system32\drivers\Hpt366.sys [9/15/2008 10:12 AM 22880]
R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [9/15/2008 10:12 AM 108150]
R0 hptiop;hptiop;c:\windows\system32\drivers\hptiop.sys [9/15/2008 10:12 AM 14496]
R0 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys [9/15/2008 10:12 AM 65024]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [9/15/2008 10:12 AM 26112]
R0 m5228;m5228;c:\windows\system32\drivers\m5228.sys [9/15/2008 10:12 AM 45069]
R0 m5281;m5281;c:\windows\system32\drivers\m5281.sys [9/15/2008 10:12 AM 51072]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [9/15/2008 10:12 AM 103680]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [9/15/2008 10:12 AM 210304]
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [9/15/2008 10:12 AM 52480]
R0 MegaIDE;MegaIDE;c:\windows\system32\drivers\MegaIDE.sys [9/15/2008 10:12 AM 163277]
R0 MegaINTL;MegaINTL;c:\windows\system32\drivers\MegaINTL.sys [9/15/2008 10:12 AM 177536]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [9/15/2008 10:12 AM 34432]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [9/15/2008 10:12 AM 143360]
R0 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [9/15/2008 10:12 AM 212480]
R0 mvSata;mvSata;c:\windows\system32\drivers\mvsata.sys [9/15/2008 10:12 AM 43520]
R0 nfrd960;IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver;c:\windows\system32\drivers\nfrd960.sys [9/15/2008 10:12 AM 74747]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [1/23/2006 2:19 PM 254208]
R0 Pnp649r;CMD IDE Raid Controller;c:\windows\system32\drivers\pnp649r.sys [9/15/2008 10:12 AM 66889]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [9/15/2008 10:12 AM 71720]
R0 raidsrc;raidsrc;c:\windows\system32\drivers\raidsrc.sys [9/15/2008 10:12 AM 45392]
R0 S150sx8;S150sx8;c:\windows\system32\drivers\S150sx8.sys [9/15/2008 10:12 AM 36864]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [9/15/2008 10:12 AM 110128]
R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [9/15/2008 10:12 AM 61952]
R0 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [9/15/2008 10:12 AM 81960]
R0 SI3124r;SiI-3124 SATARaid Controller;c:\windows\system32\drivers\SI3124r.sys [9/15/2008 10:12 AM 100881]
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\3124r5A2.sys [9/15/2008 10:12 AM 207152]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [9/15/2008 10:12 AM 210736]
R0 SiSRaid1;SiSRaid1;c:\windows\system32\drivers\SiSRaid1.sys [9/15/2008 10:11 AM 46464]
R0 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [9/15/2008 10:11 AM 68864]
R0 sisraidx;sisraidx;c:\windows\system32\drivers\sisraidx.sys [9/15/2008 10:11 AM 47616]
R0 sptrak;sptrak;c:\windows\system32\drivers\sptrak.sys [9/15/2008 10:12 AM 41216]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [9/15/2008 10:12 AM 125952]
R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [9/15/2008 10:11 AM 29184]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [4/28/2006 6:57 AM 17968]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [12/11/2006 10:12 AM 87664]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/9/2005 6:34 PM 36368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/4/2009 8:15 AM 24521]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [11/14/2006 9:49 AM 398720]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [5/25/2009 6:34 AM 338960]
R3 WSUSBDMAN;VMware VDM Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [5/8/2008 3:45 PM 21504]
S0 2310_00;2310_00;c:\windows\system32\drivers\2310_00.sys [9/15/2008 10:12 AM 100224]
S0 hptmv6;hptmv6;c:\windows\system32\drivers\hptmv6.sys [9/15/2008 10:12 AM 93696]
S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [9/15/2008 10:12 AM 9809]
S0 lsi_sas2;lsi_sas2;c:\windows\system32\drivers\lsi_sas2.sys [9/15/2008 10:12 AM 93184]
S0 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [9/15/2008 10:12 AM 83200]
S0 rr174x;rr174x;c:\windows\system32\drivers\rr174x.sys [9/15/2008 10:12 AM 107296]
S0 rr232x;rr232x;c:\windows\system32\drivers\rr232x.sys [9/15/2008 10:12 AM 101888]
S0 rr2340;rr2340;c:\windows\system32\drivers\rr2340.sys [9/15/2008 10:12 AM 102400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/2/2009 11:04 PM 135664]
S2 MobileAutmationAgentService;iPass Endpoint Policy Management Agent;"c:\program files\mobile automation\rstate.exe" --> c:\program files\mobile automation\rstate.exe [?]
S2 SttService;Stt Services;c:\windows\SttService.exe [9/2/2009 7:43 AM 42043]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/9/2005 6:34 PM 230928]
S2 wsnm;VMware VDM Client Service;c:\program files\VMware\VMware VDM\Client\bin\wsnm.exe [5/8/2008 3:51 PM 131072]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [11/29/2009 3:47 PM 401920]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [3/16/2007 5:33 PM 81992]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Nortel Networks\Extranet_serv.exe [8/4/2009 8:15 AM 835584]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/4/2009 8:15 AM 155216]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [5/25/2009 6:34 AM 488768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [5/25/2009 6:30 AM 652552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 06:04]
2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 06:04]
2010-04-07 c:\windows\Tasks\stt_inv_report_24.job
- c:\program files\stt\stt_report_controller.bat [2009-09-02 02:48]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: salesforce.com
Trusted Zone: siemens.com\*.industrysoftware.automation
Trusted Zone: siemens.us\ura
Trusted Zone: ugs.com
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Malwarebytes Anti-Malware (reboot) - e:\debug malware\Software\Malwarebytes' Anti-Malware\mbam.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-16 11:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x80800000]<< >>UNKNOWN [0xF1A72000]<< >>UNKNOWN [0xF7657000]<< >>UNKNOWN [0xF7647000]<< >>UNKNOWN [0x8B50AAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xf765bf28
\Driver\ACPI -> 0xf735ecb8
\Driver\atapi -> 0xf72a7852
\Driver\iaStor -> 0xf7214002
IoDeviceObjectType -> DeleteProcedure -> 0x808ac6a8
ParseProcedure -> 0x808ab7e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x808ac6a8
ParseProcedure -> 0x808ab7e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0xf694cbb0
PacketIndicateHandler -> 0xf693ba0d
SendHandler -> 0xf694fb40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\WININET.dll
c:\windows\system32\odyEvent.dll
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-16 11:16:52
ComboFix-quarantined-files.txt 2010-04-16 18:16
ComboFix2.txt 2009-11-23 01:06
ComboFix3.txt 2009-11-22 21:08
ComboFix4.txt 2009-11-22 18:49
Pre-Run: 134,108,975,104 bytes free
Post-Run: 134,172,774,400 bytes free
- - End Of File - - BE96276F6BFAB87EDE309121838AA9EE