REmoved viruses no internet now


I have a virus and removed it with a few virus scans now it is running much better. I am receiving a local ip from the computer. It is telling me it cannot reach the dhcp server. I have tried to manually assign an ip and still cannot ping the router. has anyone heard of this problem after cleaning a virus.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:56:19 PM, on 4/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted IP range:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BB1ECCD-100E-44DF-B92A-2079CC1A6F57}: NameServer =
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ( - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O24 - Desktop Component 0: (no name) -

End of file - 8276 bytes
Okay, as I'm not completely trained on HijackThis logs, I'll wait for John to come in and make a recommendation. Though I do see several straight out problems with your log.
You could run a full scan with MalwareBytes if you haven't done so already.
Sorry about that, I saw this thread earlier today when I was at work but didn't want to reply until now.

In any of your scans, did anything come up as the Zero Access rootkit? If so, its pretty nasty. I would suggest doing the following and post the logs. Since you don't have internet, you will have to download the following from a different machine and transfer them to the infected machine using a usb flashdrive.


Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.


Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or If you are still having issues running rkill then try downloading these renamed versions of the same program.


But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

You already have hijackthis installed just post a fresh log after running malwarebytes.
None of the scans I have run have come with ZeroAccess Rootkit. I will follow your instructions now and post back.
Malwarebytes Anti-Malware

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Janet :: DBGV2S21 [administrator]

4/10/2012 8:20:07 AM
mbam-log-2012-04-10 (08-20-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219257
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:17 AM, on 4/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted IP range:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ( - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O24 - Desktop Component 0: (no name) -

End of file - 8138 bytes
You have left over remnants of mcafee. Please download and run their removal tool.

You also have entries listed in your trusted zone. Nothing should be in your trusted zone. Are you familiar with this IP address?

O15 - Trusted IP range: - It's a canadian IP address.

If not have hijackthis fix these entries to start off with.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted IP range:

Just rerun hijackthis and place checks next to those entries and click on fix checked.

Next step...

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :


  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.


  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.


  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:


  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.


  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
ComboFix 12-04-10.02 - Janet 04/11/2012 9:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.298 [GMT -4:00]
Running from: c:\documents and settings\Janet\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with Spy Sweeper *Disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\INSTALL.LOG
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
2012-04-10 02:20 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 02:20 . 2012-04-10 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-09 22:55 . 2012-04-09 22:55 388096 ----a-r- c:\documents and settings\Janet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-09 22:55 . 2012-04-09 22:55 -------- d-----w- c:\program files\Trend Micro
2012-04-09 21:11 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-09 21:11 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-09 21:10 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-04-09 21:10 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-04-05 11:43 . 2012-04-05 11:43 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-12 16:23 . 2011-06-01 17:16 3705856 ----a-w- c:\documents and settings\Janet\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrint.msi
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-04-05 11:43 . 2011-06-16 12:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 01:25 . 2004-12-07 21:37 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25 . 2005-02-14 17:52 78336 ------w- c:\windows\system32\ieencode.dll
2012-03-01 01:25 . 2003-03-31 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-03 09:22 . 2003-03-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 14:36 . 2008-09-18 20:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-02 14:36 . 2008-09-18 20:48 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-02 14:35 . 2008-09-18 20:48 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-02 14:35 . 2008-09-18 20:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
((((((((((((((((((((((((((((( SnapShot@2012-04-09_21.59.33 )))))))))))))))))))))))))))))))))))))))))
+ 2003-03-31 12:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2007-08-13 22:39 . 2011-12-16 12:22 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2007-08-13 22:39 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2003-03-31 12:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\iernonce.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\iernonce.dll
- 2003-03-31 12:00 . 2011-12-16 12:22 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2003-03-31 12:00 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2007-08-13 22:36 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\icardie.dll
- 2007-08-13 22:36 . 2011-12-19 08:13 63488 c:\windows\SYSTEM32\icardie.dll
+ 2007-08-13 22:36 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-08-13 22:36 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2011-05-03 19:35 . 2011-12-16 12:22 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2011-05-03 19:35 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-08-13 22:39 . 2011-12-19 08:13 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2009-02-20 08:10 . 2011-12-19 08:13 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2009-02-20 08:10 . 2012-03-01 01:25 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2007-08-13 22:39 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2007-08-13 22:39 . 2011-12-16 12:22 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2011-05-03 19:35 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2007-08-13 22:42 . 2012-03-01 01:25 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
- 2007-08-13 22:42 . 2011-12-19 08:13 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2012-04-09 22:00 . 2012-04-11 07:17 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-09 22:00 . 2012-04-09 21:58 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-09-03 07:08 . 2012-04-09 21:58 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2002-09-03 07:08 . 2012-04-11 07:17 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 07:08 . 2012-04-09 21:58 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2002-09-03 07:08 . 2012-04-11 07:17 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2012-04-11 03:41 . 2011-12-19 08:13 44544 c:\windows\ie7updates\KB2675157-IE7\pngfilt.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 52224 c:\windows\ie7updates\KB2675157-IE7\msfeedsbs.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 27648 c:\windows\ie7updates\KB2675157-IE7\jsproxy.dll
+ 2012-04-11 03:41 . 2011-12-16 12:22 13824 c:\windows\ie7updates\KB2675157-IE7\ieudinit.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 44544 c:\windows\ie7updates\KB2675157-IE7\iernonce.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 78336 c:\windows\ie7updates\KB2675157-IE7\ieencode.dll
+ 2012-04-11 03:41 . 2011-12-16 12:22 70656 c:\windows\ie7updates\KB2675157-IE7\ie4uinit.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 63488 c:\windows\ie7updates\KB2675157-IE7\icardie.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 17408 c:\windows\ie7updates\KB2675157-IE7\corpol.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\webcheck.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 233472 c:\windows\SYSTEM32\webcheck.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 106496 c:\windows\SYSTEM32\url.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\url.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\occache.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 102912 c:\windows\SYSTEM32\occache.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\mstime.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 671232 c:\windows\SYSTEM32\mstime.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 193024 c:\windows\SYSTEM32\msrating.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\msrating.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 478720 c:\windows\SYSTEM32\mshtmled.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 478720 c:\windows\SYSTEM32\mshtmled.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 468480 c:\windows\SYSTEM32\msfeeds.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 468480 c:\windows\SYSTEM32\msfeeds.dll
- 2007-08-13 22:34 . 2011-12-19 08:13 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2007-08-13 22:34 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2004-12-07 16:51 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\iepeers.dll
- 2004-12-07 16:51 . 2011-12-19 08:13 192512 c:\windows\SYSTEM32\iepeers.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\iedkcs32.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 384512 c:\windows\SYSTEM32\iedkcs32.dll
+ 2007-07-11 16:27 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\ieapfltr.dll
- 2007-07-11 16:27 . 2011-12-19 08:13 380928 c:\windows\SYSTEM32\ieapfltr.dll
+ 2003-03-31 12:00 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\ieakui.dll
- 2003-03-31 12:00 . 2011-12-16 10:58 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2005-02-14 17:52 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\extmgr.dll
- 2005-02-14 17:52 . 2011-12-19 08:13 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\dxtmsft.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
- 2008-04-21 06:44 . 2011-12-19 08:13 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-04-21 06:44 . 2012-03-01 01:25 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-08-13 22:44 . 2011-12-19 08:13 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2007-08-13 22:44 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2007-08-13 22:44 . 2011-12-19 08:13 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2007-08-13 22:44 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2010-11-05 05:05 . 2011-12-19 08:13 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2010-11-05 05:05 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-08-13 22:44 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2007-08-13 22:44 . 2011-12-19 08:13 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2010-09-09 14:16 . 2011-12-19 08:13 478720 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2010-09-09 14:16 . 2012-03-01 01:25 478720 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 468480 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 468480 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\DLLCACHE\imagehlp.dll
- 2007-08-13 22:43 . 2011-12-16 11:00 634680 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-08-13 22:43 . 2012-02-29 11:01 634680 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
- 2011-05-03 19:35 . 2011-12-19 08:13 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2010-02-26 05:43 . 2011-12-19 08:13 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2010-02-26 05:43 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2011-05-03 19:35 . 2011-12-19 08:13 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2003-03-31 12:00 . 2011-12-16 10:58 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2003-03-31 12:00 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-08-13 22:54 . 2011-12-19 08:13 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-08-13 22:35 . 2011-12-19 08:13 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-08-13 22:35 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-08-13 22:35 . 2011-12-19 08:13 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2007-08-13 22:35 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2007-08-13 22:39 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2007-08-13 22:39 . 2011-12-19 08:13 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2003-03-31 12:00 . 2011-12-19 08:13 124928 c:\windows\SYSTEM32\advpack.dll
+ 2003-03-31 12:00 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\advpack.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 832512 c:\windows\ie7updates\KB2675157-IE7\wininet.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 233472 c:\windows\ie7updates\KB2675157-IE7\webcheck.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 106496 c:\windows\ie7updates\KB2675157-IE7\url.dll
+ 2012-04-11 03:42 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2675157-IE7\spuninst\updspapi.dll
+ 2012-04-11 03:42 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2675157-IE7\spuninst\spuninst.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 102912 c:\windows\ie7updates\KB2675157-IE7\occache.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 671232 c:\windows\ie7updates\KB2675157-IE7\mstime.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 193024 c:\windows\ie7updates\KB2675157-IE7\msrating.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 478720 c:\windows\ie7updates\KB2675157-IE7\mshtmled.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 468480 c:\windows\ie7updates\KB2675157-IE7\msfeeds.dll
+ 2012-04-11 03:41 . 2011-12-16 11:00 634680 c:\windows\ie7updates\KB2675157-IE7\iexplore.exe
+ 2012-04-11 03:41 . 2011-12-19 08:13 268288 c:\windows\ie7updates\KB2675157-IE7\iertutil.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 192512 c:\windows\ie7updates\KB2675157-IE7\iepeers.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 384512 c:\windows\ie7updates\KB2675157-IE7\iedkcs32.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 380928 c:\windows\ie7updates\KB2675157-IE7\ieapfltr.dll
+ 2012-04-11 03:41 . 2011-12-16 10:58 161792 c:\windows\ie7updates\KB2675157-IE7\ieakui.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 230400 c:\windows\ie7updates\KB2675157-IE7\ieaksie.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 153088 c:\windows\ie7updates\KB2675157-IE7\ieakeng.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 133120 c:\windows\ie7updates\KB2675157-IE7\extmgr.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 214528 c:\windows\ie7updates\KB2675157-IE7\dxtrans.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 347136 c:\windows\ie7updates\KB2675157-IE7\dxtmsft.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 124928 c:\windows\ie7updates\KB2675157-IE7\advpack.dll
- 2004-12-07 21:37 . 2011-12-19 08:13 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2004-12-07 21:37 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2005-01-27 20:35 . 2012-03-01 01:25 3616768 c:\windows\SYSTEM32\mshtml.dll
- 2005-01-27 20:35 . 2011-12-19 08:13 3616768 c:\windows\SYSTEM32\mshtml.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 6076928 c:\windows\SYSTEM32\ieframe.dll
+ 2008-06-26 08:15 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-06-26 08:15 . 2011-12-19 08:13 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-04-21 06:44 . 2012-03-01 01:25 3616768 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-04-21 06:44 . 2011-12-19 08:13 3616768 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2011-05-03 19:35 . 2012-03-01 01:25 6076928 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2012-04-09 22:55 . 2012-04-09 22:55 1094656 c:\windows\Installer\34b210.msi
+ 2012-04-11 03:41 . 2011-12-19 08:13 1168896 c:\windows\ie7updates\KB2675157-IE7\urlmon.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 3616768 c:\windows\ie7updates\KB2675157-IE7\mshtml.dll
+ 2012-04-11 03:41 . 2011-12-19 08:13 6076416 c:\windows\ie7updates\KB2675157-IE7\ieframe.dll
+ 2005-05-11 00:52 . 2012-04-11 03:43 55154568 c:\windows\SYSTEM32\MRT.exe
-- Snapshot reset to current date --
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-02 14:35 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^kktpup.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\kktpup.exe
backup=c:\windows\pss\kktpup.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureGear Studio Media Watcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureGear Studio Media Watcher.lnk
backup=c:\windows\pss\PictureGear Studio Media Watcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Janet^Start Menu^Programs^Startup^AdDestroyer.lnk]
path=c:\documents and settings\Janet\Start Menu\Programs\Startup\AdDestroyer.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-18 21:42 79448 ----a-w- c:\progra~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 -c--a-r- c:\program files\Common Files\aol\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1141939736\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 12:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 12:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2002-08-14 22:29 90112 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 20:19 6515784 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2003-05-07 01:03 151597 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZESOFT"=2 (0x2)
"WinToolsSvc"=2 (0x2)
"TBPSSvc"=2 (0x2)
"ISEXEng"=2 (0x2)
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"135:TCP"= 135:TCP:DCOM(135)
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/9/2010 12:59 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/5/2010 6:14 PM 1201640]
S2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe --> c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 7:43 AM 253600]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 11:49 PM 8320]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
Contents of the 'Scheduled Tasks' folder
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 11:43]
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2012-04-10 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
2012-04-11 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
2012-04-10 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
2012-04-10 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 16:57]
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616036653-269924785-2946693537-1006Core.job
- c:\documents and settings\Janet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 16:16]
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616036653-269924785-2946693537-1006UA.job
- c:\documents and settings\Janet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-09 16:16]
2012-04-11 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
2003-05-20 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2005-02-14 00:12]
------- Supplementary Scan -------
uStart Page = hxxp://
uDefault_Search_URL = hxxp://
uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&
uCustomizeSearch =
uSearchAssistant = hxxp://
uSearchURL,(Default) = hxxp://
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer =
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\
- - - - ORPHANS REMOVED - - - -
Notify-= - (no file)
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2012-04-11 09:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(660)
Completion time: 2012-04-11 09:28:41
ComboFix-quarantined-files.txt 2012-04-11 13:28
Pre-Run: 2,497,044,480 bytes free
Post-Run: 2,480,193,536 bytes free
- - End Of File - - 0F3671953533A961A2237EB7E397D3F8

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:54 AM, on 4/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ( - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O24 - Desktop Component 0: (no name) -

End of file - 5988 bytes

While waiting foryour reply I uninstalled and reinstalled the NIC driver and it now goes onto the internet. The machine is running much better now. Here is the most recent Combofix and HiJackThis log. Are there any other problems you see that may need to get fixed on the system. Thanks for the help.