ComboFix 12-04-10.02 - Janet 04/11/2012 9:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.298 [GMT -4:00]
Running from: c:\documents and settings\Janet\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with Spy Sweeper *Disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\windows\iun6002.exe
c:\windows\patch.exe
c:\windows\system32\basexinfo.txt
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\rnaph.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-10 02:20 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 02:20 . 2012-04-10 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-09 22:55 . 2012-04-09 22:55 388096 ----a-r- c:\documents and settings\Janet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-09 22:55 . 2012-04-09 22:55 -------- d-----w- c:\program files\Trend Micro
2012-04-09 21:11 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-09 21:11 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-09 21:10 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-04-09 21:10 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-04-05 11:43 . 2012-04-05 11:43 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-12 16:23 . 2011-06-01 17:16 3705856 ----a-w- c:\documents and settings\Janet\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrint.msi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 11:43 . 2011-06-16 12:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 01:25 . 2004-12-07 21:37 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25 . 2005-02-14 17:52 78336 ------w- c:\windows\system32\ieencode.dll
2012-03-01 01:25 . 2003-03-31 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-03 09:22 . 2003-03-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 14:36 . 2008-09-18 20:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-02 14:36 . 2008-09-18 20:48 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-02 14:35 . 2008-09-18 20:48 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-02 14:35 . 2008-09-18 20:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_21.59.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-03-31 12:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2007-08-13 22:39 . 2011-12-16 12:22 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2007-08-13 22:39 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2003-03-31 12:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\iernonce.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\iernonce.dll
- 2003-03-31 12:00 . 2011-12-16 12:22 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2003-03-31 12:00 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2007-08-13 22:36 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\icardie.dll
- 2007-08-13 22:36 . 2011-12-19 08:13 63488 c:\windows\SYSTEM32\icardie.dll
+ 2007-08-13 22:36 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-08-13 22:36 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2011-05-03 19:35 . 2011-12-16 12:22 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2011-05-03 19:35 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-08-13 22:39 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2009-02-20 08:10 . 2011-12-19 08:13 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2009-02-20 08:10 . 2012-03-01 01:25 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2007-08-13 22:39 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2007-08-13 22:39 . 2011-12-16 12:22 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2011-05-03 19:35 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2007-08-13 22:42 . 2012-03-01 01:25 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
- 2007-08-13 22:42 . 2011-12-19 08:13 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2012-04-09 22:00 . 2012-04-11 07:17 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-09 22:00 . 2012-04-09 21:58 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-09-03 07:08 . 2012-04-09 21:58 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2002-09-03 07:08 . 2012-04-11 07:17 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 07:08 . 2012-04-09 21:58 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2002-09-03 07:08 . 2012-04-11 07:17 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2012-04-11 03:41 . 2011-12-19 08:13 44544 c:\windows\ie7updates\KB2675157-IE7\pngfilt.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 52224 c:\windows\ie7updates\KB2675157-IE7\msfeedsbs.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 27648 c:\windows\ie7updates\KB2675157-IE7\jsproxy.dll
+ 2012-04-11 03:41 . 2011-12-16 12:22 13824 c:\windows\ie7updates\KB2675157-IE7\ieudinit.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 44544 c:\windows\ie7updates\KB2675157-IE7\iernonce.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 78336 c:\windows\ie7updates\KB2675157-IE7\ieencode.dll
+ 2012-04-11 03:41 . 2011-12-16 12:22 70656 c:\windows\ie7updates\KB2675157-IE7\ie4uinit.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 63488 c:\windows\ie7updates\KB2675157-IE7\icardie.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 17408 c:\windows\ie7updates\KB2675157-IE7\corpol.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\webcheck.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 233472 c:\windows\SYSTEM32\webcheck.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 106496 c:\windows\SYSTEM32\url.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\url.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\occache.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 102912 c:\windows\SYSTEM32\occache.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\mstime.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 671232 c:\windows\SYSTEM32\mstime.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 193024 c:\windows\SYSTEM32\msrating.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\msrating.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 478720 c:\windows\SYSTEM32\mshtmled.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 478720 c:\windows\SYSTEM32\mshtmled.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 468480 c:\windows\SYSTEM32\msfeeds.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 468480 c:\windows\SYSTEM32\msfeeds.dll
- 2007-08-13 22:34 . 2011-12-19 08:13 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2007-08-13 22:34 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2004-12-07 16:51 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\iepeers.dll
- 2004-12-07 16:51 . 2011-12-19 08:13 192512 c:\windows\SYSTEM32\iepeers.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\iedkcs32.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 384512 c:\windows\SYSTEM32\iedkcs32.dll
+ 2007-07-11 16:27 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\ieapfltr.dll
- 2007-07-11 16:27 . 2011-12-19 08:13 380928 c:\windows\SYSTEM32\ieapfltr.dll
+ 2003-03-31 12:00 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\ieakui.dll
- 2003-03-31 12:00 . 2011-12-16 10:58 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2005-02-14 17:52 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\extmgr.dll
- 2005-02-14 17:52 . 2011-12-19 08:13 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\dxtmsft.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
- 2008-04-21 06:44 . 2011-12-19 08:13 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-04-21 06:44 . 2012-03-01 01:25 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-08-13 22:44 . 2011-12-19 08:13 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2007-08-13 22:44 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2007-08-13 22:44 . 2011-12-19 08:13 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2007-08-13 22:44 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2010-11-05 05:05 . 2011-12-19 08:13 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2010-11-05 05:05 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-08-13 22:44 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2007-08-13 22:44 . 2011-12-19 08:13 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2010-09-09 14:16 . 2011-12-19 08:13 478720 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2010-09-09 14:16 . 2012-03-01 01:25 478720 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 468480 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 468480 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\DLLCACHE\imagehlp.dll
- 2007-08-13 22:43 . 2011-12-16 11:00 634680 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-08-13 22:43 . 2012-02-29 11:01 634680 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
- 2011-05-03 19:35 . 2011-12-19 08:13 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2010-02-26 05:43 . 2011-12-19 08:13 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2010-02-26 05:43 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2003-03-31 12:00 . 2011-12-16 10:58 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2003-03-31 12:00 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-08-13 22:35 . 2011-12-19 08:13 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-08-13 22:35 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-08-13 22:35 . 2011-12-19 08:13 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2007-08-13 22:35 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 124928 c:\windows\SYSTEM32\advpack.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\advpack.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 832512 c:\windows\ie7updates\KB2675157-IE7\wininet.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 233472 c:\windows\ie7updates\KB2675157-IE7\webcheck.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 106496 c:\windows\ie7updates\KB2675157-IE7\url.dll
+ 2012-04-11 03:42 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2675157-IE7\spuninst\updspapi.dll
+ 2012-04-11 03:42 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2675157-IE7\spuninst\spuninst.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 102912 c:\windows\ie7updates\KB2675157-IE7\occache.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 671232 c:\windows\ie7updates\KB2675157-IE7\mstime.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 193024 c:\windows\ie7updates\KB2675157-IE7\msrating.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 478720 c:\windows\ie7updates\KB2675157-IE7\mshtmled.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 468480 c:\windows\ie7updates\KB2675157-IE7\msfeeds.dll
+ 2012-04-11 03:41 . 2011-12-16 11:00 634680 c:\windows\ie7updates\KB2675157-IE7\iexplore.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 268288 c:\windows\ie7updates\KB2675157-IE7\iertutil.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 192512 c:\windows\ie7updates\KB2675157-IE7\iepeers.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 384512 c:\windows\ie7updates\KB2675157-IE7\iedkcs32.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 380928 c:\windows\ie7updates\KB2675157-IE7\ieapfltr.dll
+ 2012-04-11 03:41 . 2011-12-16 10:58 161792 c:\windows\ie7updates\KB2675157-IE7\ieakui.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 230400 c:\windows\ie7updates\KB2675157-IE7\ieaksie.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 153088 c:\windows\ie7updates\KB2675157-IE7\ieakeng.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 133120 c:\windows\ie7updates\KB2675157-IE7\extmgr.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 214528 c:\windows\ie7updates\KB2675157-IE7\dxtrans.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 347136 c:\windows\ie7updates\KB2675157-IE7\dxtmsft.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 124928 c:\windows\ie7updates\KB2675157-IE7\advpack.dll
- 2004-12-07 21:37 . 2011-12-19 08:13 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2004-12-07 21:37 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2005-01-27 20:35 . 2012-03-01 01:25 3616768 c:\windows\SYSTEM32\mshtml.dll
- 2005-01-27 20:35 . 2011-12-19 08:13 3616768 c:\windows\SYSTEM32\mshtml.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 6076928 c:\windows\SYSTEM32\ieframe.dll
+ 2008-06-26 08:15 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-06-26 08:15 . 2011-12-19 08:13 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-04-21 06:44 . 2012-03-01 01:25 3616768 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-04-21 06:44 . 2011-12-19 08:13 3616768 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 6076928 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2012-04-09 22:55 . 2012-04-09 22:55 1094656 c:\windows\Installer\34b210.msi
+ 2012-04-11 03:41 . 2011-12-19 08:13 1168896 c:\windows\ie7updates\KB2675157-IE7\urlmon.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 3616768 c:\windows\ie7updates\KB2675157-IE7\mshtml.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 6076416 c:\windows\ie7updates\KB2675157-IE7\ieframe.dll
+ 2005-05-11 00:52 . 2012-04-11 03:43 55154568 c:\windows\SYSTEM32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-02 14:35 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^kktpup.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\kktpup.exe
backup=c:\windows\pss\kktpup.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureGear Studio Media Watcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureGear Studio Media Watcher.lnk
backup=c:\windows\pss\PictureGear Studio Media Watcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Janet^Start Menu^Programs^Startup^AdDestroyer.lnk]
path=c:\documents and settings\Janet\Start Menu\Programs\Startup\AdDestroyer.lnk
backup=c:\windows\pss\AdDestroyer.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-18 21:42 79448 ----a-w- c:\progra~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 -c--a-r- c:\program files\Common Files\aol\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1141939736\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 12:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 12:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2002-08-14 22:29 90112 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 20:19 6515784 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2003-05-07 01:03 151597 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZESOFT"=2 (0x2)
"WinToolsSvc"=2 (0x2)
"TBPSSvc"=2 (0x2)
"ISEXEng"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP
COM(135)
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/9/2010 12:59 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/5/2010 6:14 PM 1201640]
S2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe --> c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 7:43 AM 253600]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 11:49 PM 8320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 11:43]
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-04-10 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
.
2012-04-11 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
.
2012-04-10 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
.
2012-04-10 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616036653-269924785-2946693537-1006Core.job
- c:\documents and settings\Janet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 16:16]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616036653-269924785-2946693537-1006UA.job
- c:\documents and settings\Janet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 16:16]
.
2012-04-11 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2003-05-20 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2005-02-14 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.net/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uCustomizeSearch =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-= - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-04-11 09:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2012-04-11 09:28:41
ComboFix-quarantined-files.txt 2012-04-11 13:28
.
Pre-Run: 2,497,044,480 bytes free
Post-Run: 2,480,193,536 bytes free
.
- - End Of File - - 0F3671953533A961A2237EB7E397D3F8
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:54 AM, on 4/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (
www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O24 - Desktop Component 0: (no name) -
http://netmail.verizon.net/webmail/...&messageID=186&partIndex=1&disposition=inline
--
End of file - 5988 bytes
While waiting foryour reply I uninstalled and reinstalled the NIC driver and it now goes onto the internet. The machine is running much better now. Here is the most recent Combofix and HiJackThis log. Are there any other problems you see that may need to get fixed on the system. Thanks for the help.