Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix is amazing (log attached)


  • This topic is locked This topic is locked
2 replies to this topic

#1 youfixedme!

youfixedme!

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 12 February 2011 - 02:09 PM

After wasting a full day downloading 5 or six programs, I was headed to bestbuy to buy a new lap top. this one was toast. I found a random post about combofix and it saved my computer. I can't believe that even microsoft essentials can't figure out how to protect a computer while whoever made combofix can. totally amazing. anyway I think you are supposed to post your log after the program runs to help the programmers see what it fixed. so here is my copy and paste from today. I have never posted a comment about anything onthe internet in 16 years, but this time I was obliged to tell people that combofix can help. Let me know what you think if you know what this log means:

ComboFix 11-02-11.02 - user 02/12/2011 13:39:03.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1572 [GMT -5:00]
Running from: c:\kits\spyware tools\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 18:23 . 2011-02-12 18:27 -------- d-----w- C:\32788R22FWJFW
2011-02-12 18:07 . 2011-02-12 18:07 -------- d-----w- c:\windows\Sun
2011-02-12 01:19 . 2011-01-13 06:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDEAB845-BFBA-42AA-905A-3103868D29AB}\mpengine.dll
2011-02-07 19:27 . 2011-02-07 19:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-02-02 14:06 . 2011-02-02 14:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-02 14:05 . 2011-02-02 14:05 -------- d-----w- c:\program files\CCleaner
2011-02-02 14:05 . 2011-02-02 14:05 -------- d-----w- c:\program files\Metamail Inc
2011-02-02 13:57 . 2005-12-07 21:46 151552 ----a-w- c:\windows\system32\TosBtAPI.dll
2011-02-02 13:57 . 2005-11-22 18:03 98304 ----a-w- c:\windows\system32\TosBdAPI.dll
2011-02-02 12:04 . 2011-02-02 15:58 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-02-01 22:27 . 2011-02-02 14:05 -------- d-----w- c:\documents and settings\LocalService\UserData
2011-02-01 15:25 . 2011-02-01 16:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-01-22 16:05 . 2011-01-13 06:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-21 17:56 . 2011-01-21 17:57 -------- d-----w- c:\program files\Brain Bullet!
2011-01-21 17:56 . 2011-01-21 17:56 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\jZip
2011-01-21 17:55 . 2011-01-21 17:56 -------- d-----w- c:\program files\jZip
2011-01-21 16:08 . 2011-01-21 16:11 -------- d-----w- C:\Jts
2011-01-21 13:08 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 12:13 . 2011-01-21 12:13 -------- d-----w- c:\windows\Internet Logs
2011-01-21 12:12 . 2011-01-21 12:12 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2011-01-21 12:12 . 2011-01-21 12:12 -------- d-----w- c:\program files\Cisco Systems
2011-01-21 12:09 . 2011-01-21 12:56 -------- d-----w- C:\kits
2011-01-18 21:55 . 2011-01-18 21:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AOL
2011-01-18 21:55 . 2011-01-18 21:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2011-01-18 17:00 . 2011-01-18 17:00 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 21:27 . 2010-11-21 21:27 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-11-21 21:27 . 2010-11-21 21:27 28800 ----a-w- c:\windows\system32\drivers\ezgfsfilt.sys
2010-11-21 21:27 . 2010-11-21 21:27 213760 ----a-w- c:\windows\system32\drivers\ezgmntr.sys
2010-11-21 21:27 . 2010-11-21 21:27 85920 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-21 21:19 . 2010-11-21 21:19 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-19 20:05 . 2010-11-21 21:20 45056 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2010-11-19 20:05 . 2010-11-19 20:05 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-21_12.54.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-16 10:41 . 2007-04-09 18:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2011-01-21 13:08 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2006-03-09 01:44 . 2006-03-09 01:44 73728 c:\windows\system32\spool\drivers\w32x86\brothermfc_440cn3120\bril06a.dll
+ 2011-01-21 13:08 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2006-03-09 01:44 . 2006-03-09 01:44 73728 c:\windows\system32\spool\drivers\w32x86\3\bril06a.dll
+ 2006-02-15 14:03 . 2011-01-22 22:31 62284 c:\windows\system32\perfc009.dat
+ 2006-02-16 10:41 . 2007-04-09 18:23 28040 c:\windows\system32\mdimon.dll
+ 2007-03-23 00:17 . 2007-03-23 00:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2006-01-19 15:17 . 2006-01-19 15:17 11904 c:\windows\system32\drivers\BrUsbSer.sys
+ 2006-01-19 10:44 . 2006-01-19 10:44 53248 c:\windows\system32\drivers\BrSerIf.sys
- 2001-01-22 08:25 . 2001-01-22 08:25 32768 c:\windows\system32\ATHPRXY.DLL
+ 2004-01-29 14:08 . 2004-01-29 14:08 32768 c:\windows\system32\ATHPRXY.DLL
+ 2005-11-14 21:38 . 2005-11-14 21:38 72192 c:\windows\Installer\6f3d509.msp
+ 2011-01-21 13:08 . 2011-02-09 23:29 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-01-21 13:08 . 2011-02-09 23:29 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-01-21 13:08 . 2011-02-09 23:29 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-01-21 13:08 . 2011-02-09 23:29 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-04-19 19:10 . 2007-04-19 19:10 65888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-03-23 00:07 . 2007-03-23 00:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-04-19 19:10 . 2007-04-19 19:10 63840 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-03-23 00:07 . 2007-03-23 00:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 00:23 . 2007-03-23 00:23 17248 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2007-04-19 19:10 . 2007-04-19 19:10 80216 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-23 00:29 . 2007-03-23 00:29 44888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 18:57 . 2007-04-19 18:57 46432 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-03-23 00:13 . 2007-03-23 00:13 58720 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-03-23 00:13 . 2007-03-23 00:13 45408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-03-23 00:29 . 2007-03-23 00:29 39256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-04-19 19:07 . 2007-04-19 19:07 36192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-04-19 19:07 . 2007-04-19 19:07 61280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-04-19 18:56 . 2007-04-19 18:56 29024 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-03-23 00:29 . 2007-03-23 00:29 31072 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-03-23 00:29 . 2007-03-23 00:29 20824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-04-30 20:11 . 2007-04-30 20:11 89440 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2007-03-23 00:07 . 2007-03-23 00:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 00:29 . 2007-03-23 00:29 99160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-04-19 19:10 . 2007-04-19 19:10 45920 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-23 00:07 . 2007-03-23 00:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 59960 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2003-07-15 04:00 . 2003-07-15 04:00 99904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-15 03:44 . 2003-07-15 03:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 74288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-15 03:42 . 2003-07-15 03:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 64056 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 03:44 . 2003-07-15 03:44 88128 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 03:41 . 2003-07-15 03:41 24640 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 27192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 54328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 40504 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 04:12 . 2003-07-15 04:12 47872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 35328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 18944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 17920 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-07-15 03:41 . 2003-07-15 03:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 03:57 . 2003-07-15 03:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 03:56 . 2003-07-15 03:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-25 23:57 . 2003-07-25 23:57 75832 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 47160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-15 03:53 . 2003-07-15 03:53 46144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 60984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 87616 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2011-01-21 13:02 . 2011-01-21 13:02 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2011-01-21 13:08 . 2011-02-09 23:29 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2011-01-21 13:02 . 2011-01-21 13:02 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2011-01-21 13:08 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2005-06-16 15:03 . 2005-06-16 15:03 101888 c:\windows\system32\spool\drivers\w32x86\brothermfc_440cn3120\brqikmon.exe
+ 2011-01-21 13:08 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2005-06-16 15:03 . 2005-06-16 15:03 101888 c:\windows\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2011-02-02 14:04 . 2011-02-02 14:06 748588 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-15 14:03 . 2011-01-22 22:31 402188 c:\windows\system32\perfh009.dat
- 2006-02-15 07:29 . 2011-01-21 12:33 165120 c:\windows\system32\FNTCACHE.DAT
+ 2006-02-15 07:29 . 2011-01-22 15:53 165120 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-25 02:25 . 2010-10-25 02:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2008-07-23 04:20 . 2008-07-23 04:20 110592 c:\windows\Installer\6f3d553.msp
+ 2009-04-20 19:59 . 2009-04-20 19:59 219648 c:\windows\Installer\6f3d540.msp
+ 2009-11-05 19:21 . 2009-11-05 19:21 537600 c:\windows\Installer\6f3d4e4.msp
+ 2010-11-16 17:54 . 2010-11-16 17:54 906240 c:\windows\Installer\6f3d3b7.msp
+ 2009-09-09 20:40 . 2009-09-09 20:40 632320 c:\windows\Installer\37030.msp
+ 2011-01-21 13:02 . 2011-01-21 13:02 604672 c:\windows\Installer\198d1d.msi
+ 2011-01-21 13:01 . 2011-01-21 13:01 786432 c:\windows\Installer\198d17.msi
+ 2011-01-21 13:01 . 2011-01-21 13:01 479744 c:\windows\Installer\198d11.msi
+ 2011-01-21 13:01 . 2011-01-21 13:01 301056 c:\windows\Installer\198d0c.msi
+ 2011-01-21 13:08 . 2011-02-09 23:29 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2011-01-21 13:08 . 2011-02-09 23:29 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2011-01-21 13:08 . 2011-02-09 23:29 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-01-21 13:08 . 2011-02-09 23:29 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2011-01-21 13:08 . 2011-02-09 23:29 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2011-01-21 12:26 . 2011-01-24 08:04 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2011-01-21 12:26 . 2011-01-21 12:26 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2011-01-22 20:37 . 2011-01-22 20:37 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-03-23 00:22 . 2007-03-23 00:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-06-06 17:07 . 2007-06-06 17:07 100192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 18:42 . 2007-05-31 18:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 18:53 . 2007-04-19 18:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-04-19 19:09 . 2007-04-19 19:09 157024 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 18:49 . 2007-04-19 18:49 383328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-03-23 00:04 . 2007-03-23 00:04 130912 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-23 00:04 . 2007-03-23 00:04 109912 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-04-19 19:10 . 2007-04-19 19:10 127840 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-04-19 18:54 . 2007-04-19 18:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 19:09 . 2007-04-19 19:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 19:10 . 2007-04-19 19:10 116576 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 19:16 . 2007-04-19 19:16 807256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2003-08-06 18:31 . 2003-08-06 18:31 362552 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE
+ 2003-07-15 03:57 . 2003-07-15 03:57 349248 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-21 16:46 . 2003-07-21 16:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 430136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 139320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 03:45 . 2003-07-15 03:45 196152 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-08 16:48 . 2003-07-08 16:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 03:44 . 2003-07-15 03:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 828472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-24 03:40 . 2003-07-24 03:40 482872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 124984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-15 04:02 . 2003-07-15 04:02 627256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 04:02 . 2003-07-15 04:02 637496 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-06-19 21:05 . 2003-06-19 21:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2002-04-10 04:14 . 2002-04-10 04:14 187560 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2002-12-18 03:08 . 2002-12-18 03:08 359600 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2003-07-15 03:58 . 2003-07-15 03:58 230968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 124480 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 04:01 . 2003-07-15 04:01 445496 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
+ 2003-07-15 03:46 . 2003-07-15 03:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 443904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 758784 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-07-24 03:32 . 2003-07-24 03:32 121400 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-15 06:53 . 2003-07-15 06:53 161336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-15 03:40 . 2003-07-15 03:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-15 03:40 . 2003-07-15 03:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 04:36 . 2003-07-15 04:36 186424 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-31 20:19 . 2003-07-31 20:19 131648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 350264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2011-01-21 13:02 . 2011-01-21 13:02 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2011-01-21 13:02 . 2011-01-21 13:02 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2006-04-06 06:20 . 2006-04-06 06:20 1095879 c:\windows\system32\spool\drivers\w32x86\brothermfc_440cn3120\briu06a.dll
+ 2006-04-06 06:20 . 2006-04-06 06:20 1687722 c:\windows\system32\spool\drivers\w32x86\brothermfc_440cn3120\brio06a.dll
+ 2006-04-06 06:20 . 2006-04-06 06:20 1095879 c:\windows\system32\spool\drivers\w32x86\3\briu06a.dll
+ 2006-04-06 06:20 . 2006-04-06 06:20 1687722 c:\windows\system32\spool\drivers\w32x86\3\brio06a.dll
+ 2009-08-05 00:52 . 2009-08-05 00:52 1193832 c:\windows\system32\FM20.DLL
+ 2010-10-04 21:00 . 2010-10-04 21:00 7973888 c:\windows\Installer\6f3d52e.msp
+ 2008-09-04 20:52 . 2008-09-04 20:52 4337664 c:\windows\Installer\6f3d51b.msp
+ 2010-08-09 21:44 . 2010-08-09 21:44 3778048 c:\windows\Installer\6f3d4f7.msp
+ 2010-01-11 21:35 . 2010-01-11 21:35 4480000 c:\windows\Installer\6f3d4ba.msp
+ 2006-02-27 21:31 . 2006-02-27 21:31 1269248 c:\windows\Installer\6f3d4a8.msp
+ 2010-10-04 18:59 . 2010-10-04 18:59 8300032 c:\windows\Installer\6f3d495.msp
+ 2006-03-28 20:37 . 2006-03-28 20:37 6956032 c:\windows\Installer\6f3d483.msp
+ 2006-08-29 22:50 . 2006-08-29 22:50 3210240 c:\windows\Installer\6f3d46f.msp
+ 2010-10-04 18:55 . 2010-10-04 18:55 9629696 c:\windows\Installer\6f3d45c.msp
+ 2010-08-27 18:36 . 2010-08-27 18:36 2807296 c:\windows\Installer\6f3d44a.msp
+ 2004-03-10 14:13 . 2004-03-10 14:13 2602496 c:\windows\Installer\6f3d438.msp
+ 2010-08-18 15:19 . 2010-08-18 15:19 8400896 c:\windows\Installer\6f3d423.msp
+ 2004-09-13 05:35 . 2004-09-13 05:35 1452544 c:\windows\Installer\6f3d411.msp
+ 2009-08-20 20:27 . 2009-08-20 20:27 3622400 c:\windows\Installer\6f3d3c9.msp
+ 2010-05-24 18:54 . 2010-05-24 18:54 6704640 c:\windows\Installer\6f3d37f.msp
+ 2005-10-26 19:59 . 2005-10-26 19:59 2883072 c:\windows\Installer\5caba06.msp
+ 2007-07-08 16:34 . 2007-07-08 16:34 6648832 c:\windows\Installer\5cab9f4.msp
+ 2010-12-06 20:02 . 2010-12-06 20:02 5518848 c:\windows\Installer\5cab908.msp
+ 2010-08-05 15:57 . 2010-08-05 15:57 4066304 c:\windows\Installer\3708f.msp
+ 2009-10-16 23:07 . 2009-10-16 23:07 6115328 c:\windows\Installer\3706d.msp
+ 2010-10-22 20:45 . 2010-10-22 20:45 8444928 c:\windows\Installer\3704c.msp
+ 2009-08-20 10:02 . 2009-08-20 10:02 5204992 c:\windows\Installer\3701f.msp
+ 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\37007.msp
+ 2010-08-23 22:09 . 2010-08-23 22:09 7673344 c:\windows\Installer\36ff2.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\36fe0.msp
+ 2010-10-01 22:42 . 2010-10-01 22:42 5054464 c:\windows\Installer\36fcf.msp
+ 2009-12-17 03:58 . 2009-12-17 03:58 5382144 c:\windows\Installer\36fbb.msp
+ 2010-08-24 14:49 . 2010-08-24 14:49 6825472 c:\windows\Installer\36f26.msp
+ 2011-01-17 21:06 . 2011-01-17 21:06 5518848 c:\windows\Installer\24ee77d0.msp
+ 2011-01-21 13:08 . 2011-01-21 13:08 4716032 c:\windows\Installer\198fa7.msi
+ 2007-05-09 22:19 . 2007-05-09 22:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-04-19 18:49 . 2007-04-19 18:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-05-31 18:35 . 2007-05-31 18:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 18:45 . 2007-05-10 18:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 18:10 . 2007-03-14 18:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-31 18:43 . 2007-05-31 18:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2005-09-20 17:33 . 2005-09-20 17:33 1293008 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-05-31 18:50 . 2007-05-31 18:50 1168736 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-06-06 15:53 . 2007-06-06 15:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2003-07-03 20:19 . 2003-07-03 20:19 2502656 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-03 15:52 . 2003-08-03 15:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-31 20:21 . 2003-07-31 20:21 1782840 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-30 17:40 . 2003-07-30 17:40 6133312 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-08-01 20:09 . 2003-08-01 20:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-04 18:19 . 2003-08-04 18:19 7330360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-10 04:06 . 2003-08-10 04:06 7522360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-07 18:36 . 2003-07-07 18:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-15 04:05 . 2003-07-15 04:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2002-12-18 03:09 . 2002-12-18 03:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-18 03:08 . 2002-12-18 03:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 04:11 . 2003-07-15 04:11 2139192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-24 04:01 . 2003-07-24 04:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-08-03 18:56 . 2003-08-03 18:56 1146184 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2010-12-04 20:11 . 2011-02-09 23:27 37443528 c:\windows\system32\MRT.exe
+ 2005-09-25 16:46 . 2005-09-25 16:46 16084480 c:\windows\Installer\6f3d4d0.msp
+ 2009-07-20 17:03 . 2009-07-20 17:03 16465408 c:\windows\Installer\6f3d3a4.msp
+ 2010-08-18 15:12 . 2010-08-18 15:12 17516032 c:\windows\Installer\6f3d391.msp
+ 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\37008.msp
+ 2004-01-30 08:19 . 2004-01-30 08:19 56269996 c:\windows\Installer\36f97.msp
+ 2007-05-31 18:37 . 2007-05-31 18:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-05-31 18:41 . 2007-05-31 18:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2003-08-06 18:24 . 2003-08-06 18:24 12037688 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2003-08-13 07:34 . 2003-08-13 07:34 10073144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2007-07-27 14:03 . 2007-07-27 14:03 119977472 c:\windows\Installer\5cab9ed.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Aim"="c:\program files\AIM\aim.exe" [2010-12-17 4321112]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-01-12 160328]
"Brain Bullet"="c:\program files\Brain Bullet!\bb.exe" [2004-11-12 813056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD5234315724"="rd" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-01-12 160328]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2011-1-21 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

S1 MpKsl2b4476f9;MpKsl2b4476f9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{363B3945-502E-4DF2-9B72-65A1F36C298E}\MpKsl2b4476f9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{363B3945-502E-4DF2-9B72-65A1F36C298E}\MpKsl2b4476f9.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]

2010-11-21 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 12:00]

2010-11-21 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\rzltb5v5.default\
FF - prefs.js: browser.startup.homepage - hxxp://online.wsj.com/itp?mod=WSJ_formfactor#|http://www.ft.com/us-edition|http://www.nytimes.com/pages/todayspaper/index.html?src=hp1-0-P|http://www.investors.com/NewsAndAnalysis/Default.aspx|http://www.nypost.com/todays_paper|http://online.barrons.com/home-page?refresh=on|http://www.usatoday.com/|https://www.google.com/accounts/ServiceLogin?service=reader&passive=1209600&continue=http://www.google.com/reader/view/?hl%3Den%26tab%3Dwy&followup=http://www.google.com/reader/view/?hl%3Den%26tab%3Dwy&hl=en|http://www.newstimes.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: Alexa Toolbar: toolbar@alexa.com - %profile%\extensions\toolbar@alexa.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-12 13:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-12 13:44:09
ComboFix-quarantined-files.txt 2011-02-12 18:44
ComboFix2.txt 2011-02-02 18:52
ComboFix3.txt 2011-01-21 12:55

Pre-Run: 113,798,197,248 bytes free
Post-Run: 113,822,830,592 bytes free

- - End Of File - - 1502F5AE0E98B877EEA8DF84D1ADD98D

Edited by hamluis, 12 February 2011 - 02:38 PM.
Moved from Introductions to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 AM

Posted 12 February 2011 - 11:52 PM

Hello youfixedme! ,

Posted Image

So glad to know you were able to save some money....and your computer! :thumbup2:

No sign of the rootkit you apparently had, but I'd still like to see a couple of reports to be sure there's nothing else involved. I'd like a DDS log from the directions found here: http://www.bleepingcomputer.com/forums/topic34773.html

And a report from the following:

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 AM

Posted 20 February 2011 - 10:52 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users