ComboFix 10-10-22.04 - mike busch 10/22/2010 22:53:21.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.320 [GMT -5:00]
Running from: c:\documents and settings\mike busch\Desktop\mikebusch.exe
Command switches used :: c:\documents and settings\mike busch\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.
2010-10-21 00:41 . 2010-10-21 00:41 -------- d-----w- c:\documents and settings\mike busch\Application Data\Malwarebytes
2010-10-21 00:40 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-21 00:40 . 2010-10-21 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-21 00:40 . 2010-10-21 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-21 00:40 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 02:19 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 02:19 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 02:19 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 02:19 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-17 16:09 . 2010-10-17 16:09 -------- d-----w- c:\program files\Seagate
2010-10-17 16:09 . 2010-10-17 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-10-17 16:07 . 2010-10-17 16:07 -------- d-----w- c:\documents and settings\mike busch\Local Settings\Application Data\Downloaded Installations
2010-10-17 16:06 . 2010-10-17 16:06 -------- d-----w- c:\program files\Carbonite
2010-10-17 16:06 . 2010-10-17 16:06 -------- d-sh--w- c:\windows\ftpcache
2010-10-17 16:05 . 2010-10-17 16:05 -------- d-----w- c:\documents and settings\mike busch\Application Data\Leadertech
2010-10-17 12:45 . 2010-10-17 13:09 -------- d-----w- C:\MikeB
2010-10-10 23:52 . 2010-10-10 23:53 -------- d-----w- c:\program files\Linksys
2010-10-08 12:50 . 2010-10-08 12:50 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-10-05 07:26 . 2010-10-05 07:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-15 14:03 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-15 14:03 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-15 14:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-15 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2006-02-15 14:02 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-15 14:04 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-15 14:04 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-15 14:04 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-15 14:04 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 05:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-15 14:02 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-15 14:04 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-15 14:03 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-09 17:57 . 2010-09-22 00:46 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-08-09 17:57 . 2010-08-09 17:57 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-21_03.02.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 05:46 . 2006-12-02 05:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2006-02-15 14:03 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2006-02-15 14:03 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
- 2007-08-14 00:54 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 00:54 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-02-15 14:02 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2006-02-15 14:02 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2010-09-22 00:52 . 2010-09-22 00:52 97549 c:\windows\system32\drivers\klick.dat
- 2009-07-04 15:10 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-04 15:10 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2006-05-10 05:25 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-12-07 12:52 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-12-07 12:52 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 00:44 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-05-10 05:25 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-03 22:59 . 2008-04-13 18:31 36352 c:\windows\system32\dllcache\intelppm.sys
- 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 08:17 . 2010-09-23 08:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 08:17 . 2010-09-23 08:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-10-14 11:54 . 2010-10-14 11:54 21504 c:\windows\Installer\12a9b9.msi
- 2006-02-16 10:41 . 2010-09-15 08:08 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-10-17 16:10 . 2010-10-17 16:10 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut3_3AA20A2C6BEF43A6A3B4F09C5D78D1D4.exe
+ 2010-10-17 16:10 . 2010-10-17 16:10 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut2_B7AA0888E8864144BA725EAA61DC15D5.exe
+ 2010-10-17 16:10 . 2010-10-17 16:10 50512 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut1_68F918D3F91F411B8936985CC2BD4192.exe
+ 2010-10-17 16:10 . 2010-10-17 16:10 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\ARPPRODUCTICON.exe
+ 2010-10-19 02:40 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-19 02:40 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-19 02:40 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-10-19 02:33 . 2010-10-19 02:33 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c3fdc88e\System.Drawing.Design.dll
+ 2010-10-19 02:33 . 2010-10-19 02:33 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c3626064\CustomMarshalers.dll
- 2010-06-11 08:09 . 2010-06-11 08:09 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-19 02:33 . 2010-10-19 02:33 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2006-02-16 10:41 . 2010-09-15 08:08 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-02-15 14:03 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2006-02-15 14:03 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2006-02-15 14:03 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
- 2006-02-15 14:03 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 00:54 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2009-11-06 03:17 . 2009-11-06 03:17 297808 c:\windows\system32\mscoree.dll
- 2006-02-15 14:02 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
+ 2006-02-15 14:02 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2006-02-15 14:02 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
- 2006-02-15 14:02 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-15 14:02 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
- 2006-02-15 14:02 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-15 07:29 . 2010-10-20 11:52 180240 c:\windows\system32\FNTCACHE.DAT
- 2006-02-15 07:29 . 2010-08-11 08:28 180240 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-22 00:52 . 2010-09-22 00:52 113933 c:\windows\system32\drivers\klin.dat
+ 2010-05-28 14:55 . 2010-05-28 14:55 321552 c:\windows\system32\drivers\klif.sys
+ 2009-04-15 05:18 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
- 2006-02-15 14:04 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-15 14:04 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-14 23:36 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
- 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-14 00:44 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 00:44 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:25 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-12-07 12:52 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-10-14 08:13 . 2010-09-18 17:23 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2009-07-04 15:10 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-07-04 15:10 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:25 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:25 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 00:09 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 00:09 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-14 00:39 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 00:39 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 07:25 . 2010-09-23 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 08:17 . 2010-09-23 08:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-10-17 16:07 . 2010-10-17 16:07 331264 c:\windows\Installer\7cb61.msi
+ 2010-10-19 02:30 . 2010-10-19 02:30 248832 c:\windows\Installer\110418.msi
+ 2006-02-16 10:41 . 2010-10-19 02:41 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-02-16 10:41 . 2010-10-19 02:41 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-02-16 10:41 . 2010-09-15 08:08 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-10-19 02:40 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-19 02:40 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-19 02:40 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-19 02:40 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-19 02:40 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-19 02:40 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-10-19 02:34 . 2010-10-19 02:34 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_dca40a68\System.Drawing.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f36c1da8\System.Drawing.Design.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6fbade09\CustomMarshalers.dll
+ 2010-10-19 02:19 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-02-15 14:04 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2006-02-15 14:03 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2006-02-15 14:03 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
+ 2007-08-14 00:34 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
- 2007-08-14 00:34 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2008-10-14 23:35 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:25 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2006-05-19 15:06 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2007-12-07 12:52 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2007-12-07 12:52 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 07:25 . 2010-09-23 07:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-10-17 16:10 . 2010-10-17 16:10 3668992 c:\windows\Installer\7cb66.msi
+ 2010-08-23 22:09 . 2010-08-23 22:09 7673344 c:\windows\Installer\110464.msp
+ 2010-10-04 21:32 . 2010-10-04 21:32 5517824 c:\windows\Installer\110452.msp
+ 2010-08-24 14:49 . 2010-08-24 14:49 6825472 c:\windows\Installer\110429.msp
+ 2010-10-19 02:40 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-19 02:40 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-19 02:40 . 2010-06-24 12:21 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_91e2d7f2\System.dll
+ 2010-10-19 02:33 . 2010-10-19 02:33 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3d149c19\System.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ceb9c03b\System.Xml.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_bf52a4c2\System.Xml.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4ecc7bf9\System.Windows.Forms.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_494d9cf3\System.Windows.Forms.dll
+ 2010-10-19 02:35 . 2010-10-19 02:35 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0f90a563\System.Drawing.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f7abd516\System.Design.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bf0ca42a\System.Design.dll
+ 2010-10-19 02:35 . 2010-10-19 02:35 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bd88e1dd\mscorlib.dll
+ 2010-10-19 02:34 . 2010-10-19 02:34 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_43a4040e\mscorlib.dll
- 2010-06-11 08:09 . 2010-06-11 08:09 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-19 02:33 . 2010-10-19 02:33 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-19 02:33 . 2010-10-19 02:33 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-11 08:09 . 2010-06-11 08:09 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2006-02-15 14:05 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll
+ 2006-02-15 14:05 . 2010-08-26 04:36 10841088 c:\windows\system32\wmp.dll
+ 2006-07-24 11:27 . 2010-10-19 02:35 35385288 c:\windows\system32\MRT.exe
+ 2007-08-14 00:54 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
- 2009-07-14 04:43 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-14 04:43 . 2010-08-26 04:36 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2007-12-07 12:52 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-24 19:08 . 2010-09-24 19:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\110441.msp
+ 2010-10-19 02:40 . 2010-06-24 22:51 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\PLAV\Pareto_AV.exe" [2010-09-08 4547864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-05 155648]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2010-09-29 4861720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-28 232912]
c:\documents and settings\mike busch\Start Menu\Programs\Startup\
Seagate Product Registration.lnk - c:\documents and settings\mike busch\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2010-10-17 1731736]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56092:TCP"= 56092:TCP:Pando
"56092:UDP"= 56092:UDP:Pando
"22778:TCP"= 22778:TCP:spport
"22549:TCP"= 22549:TCP:spport
"29215:TCP"= 29215:TCP:spport
"16980:TCP"= 16980:TCP:spport
"18849:TCP"= 18849:TCP:spport
"8955:TCP"= 8955:TCP:spport
"18405:TCP"= 18405:TCP:spport
"29937:TCP"= 29937:TCP:spport
"7953:TCP"= 7953:TCP:spport
"6578:TCP"= 6578:TCP:spport
"15619:TCP"= 15619:TCP:spport
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [8/9/2010 12:57 PM 32272]
S2 gupdate1c9cab57a5a0ae4;Google Update Service (gupdate1c9cab57a5a0ae4);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 6:35 PM 133104]
S2 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S3 PLAVService;PLAVService;c:\program files\Common Files\PLAV\plavservice.exe [9/8/2010 12:32 PM 599384]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\DRIVERS\w600bus.sys --> c:\windows\system32\DRIVERS\w600bus.sys [?]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w600mdfl.sys --> c:\windows\system32\DRIVERS\w600mdfl.sys [?]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\w600mdm.sys --> c:\windows\system32\DRIVERS\w600mdm.sys [?]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\w600mgmt.sys --> c:\windows\system32\DRIVERS\w600mgmt.sys [?]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w600obex.sys --> c:\windows\system32\DRIVERS\w600obex.sys [?]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [9/29/2010 1:43 PM 582424]
.
Contents of the 'Scheduled Tasks' folder
2010-10-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 23:34]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 23:35]
2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 23:35]
2010-10-05 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\PLAV\pareto_av.exe [2010-09-08 17:31]
2010-10-04 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\PLAV\pareto_av.exe [2010-09-08 17:31]
2010-10-04 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58]
2010-10-07 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]
2006-07-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
2010-09-19 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.aol.comuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext =
hxxp://www.toshibadirect.com/dpdstartuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-10-22 23:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-22 23:02:56
ComboFix-quarantined-files.txt 2010-10-23 04:02
ComboFix2.txt 2010-10-20 12:37
ComboFix3.txt 2010-10-17 13:09
ComboFix4.txt 2010-10-15 15:14
ComboFix5.txt 2010-10-23 03:49
Pre-Run: 53,831,028,736 bytes free
Post-Run: 53,932,752,896 bytes free
- - End Of File - - 84E2B897E52A8A775DA3CDD79157E563