ComboFix 10-12-18.01 - Blain 18/12/2010 14:32:44.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.320.177 [GMT -8:00] Running from: c:\documents and settings\Blain\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))))) . 2010-12-15 01:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 01:23 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-07 15:04 . 2010-05-26 18:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2010-12-07 05:15 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\1A1.tmp 2010-12-07 05:11 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\1A0.tmp 2010-12-07 05:11 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\19F.tmp 2010-12-07 05:11 . 2010-12-07 05:11 -------- d-----w- c:\program files\Sophos 2010-12-07 04:05 . 2010-12-07 04:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10 2010-12-07 03:54 . 2010-12-07 04:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData 2010-12-07 03:50 . 2010-12-07 03:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-12-04 19:52 . 2010-12-04 19:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Webroot 2010-12-04 19:52 . 2010-12-04 19:52 -------- d-----w- c:\documents and settings\Mommy\Local Settings\Application Data\PackageAware 2010-12-04 19:25 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-11-29 06:06 . 2010-11-29 06:06 -------- d-----w- c:\documents and settings\Mommy\Application Data\Malwarebytes 2010-11-29 06:06 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 06:06 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-24 03:43 . 2010-11-24 03:43 -------- d-----w- c:\windows\system32\wbem\Repository 2010-11-24 03:37 . 2010-11-24 03:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Research In Motion 2010-11-24 03:37 . 2010-11-24 03:37 -------- d-----w- c:\documents and settings\Mommy\Application Data\Research In Motion 2010-11-23 05:50 . 2010-11-23 05:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-11-23 05:50 . 2010-11-30 03:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-23 05:50 . 2010-11-23 05:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-21 18:28 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPa8c2.tmp 2010-11-21 18:27 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPa945.tmp 2010-11-21 18:25 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPa8eb.tmp 2010-11-21 18:24 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPa930.tmp 2010-11-21 18:23 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPa8ea.tmp 2010-11-21 18:21 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPaaf2.tmp 2010-11-21 18:20 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPa912.tmp 2010-11-21 18:18 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMPa944.tmp 2010-11-20 19:48 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP87be.tmp 2010-11-20 19:46 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8804.tmp 2010-11-20 19:45 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP88e0.tmp 2010-11-20 19:44 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP87bd.tmp 2010-11-20 19:23 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP88a4.tmp 2010-11-20 19:22 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8fea.tmp 2010-11-20 19:11 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8fd6.tmp 2010-11-20 19:10 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8fc4.tmp 2010-11-20 19:08 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8fc3.tmp 2010-11-20 19:07 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8fc2.tmp 2010-11-20 19:06 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP90b3.tmp 2010-11-20 19:05 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP9013.tmp 2010-11-18 18:12 . 2007-10-21 07:01 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-18 06:31 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8bf7.tmp 2010-11-18 06:29 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8b25.tmp 2010-11-18 06:28 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a8f.tmp 2010-11-18 06:26 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8b39.tmp 2010-11-18 06:25 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8c01.tmp 2010-11-18 06:23 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a04.tmp 2010-11-18 06:22 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8ae9.tmp 2010-11-18 06:20 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a84.tmp 2010-11-18 06:19 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a17.tmp 2010-11-18 06:17 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a16.tmp 2010-11-18 06:16 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP89f0.tmp 2010-11-18 06:14 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP89bc.tmp 2010-11-18 06:13 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a22.tmp 2010-11-18 06:11 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a03.tmp 2010-11-18 06:10 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a21.tmp 2010-11-18 06:08 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a02.tmp 2010-11-18 06:07 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP89f8.tmp 2010-11-18 06:05 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8acb.tmp 2010-11-18 06:04 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8b58.tmp 2010-11-18 06:02 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP89da.tmp 2010-11-18 06:01 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8ab7.tmp 2010-11-18 05:59 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8bbb.tmp 2010-11-18 05:58 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8b43.tmp 2010-11-18 05:56 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8a20.tmp 2010-11-18 05:55 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP89ef.tmp 2010-11-18 05:53 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP89ee.tmp 2010-11-18 05:52 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8aa3.tmp 2010-11-18 05:50 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8b75.tmp 2010-11-18 05:49 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8384.tmp 2010-11-18 05:47 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8b57.tmp 2010-11-18 05:46 . 2009-06-21 23:29 94208 ----a-w- c:\windows\DUMP8be3.tmp 2010-11-06 00:26 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2007-10-21 10:07 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2001-08-23 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2001-08-23 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-26 03:16 . 2010-10-20 22:05 2404 ----a-w- c:\documents and settings\Squirt\Local Settings\Application Data\d3d9caps.tmp 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-11_22.12.34 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-18 22:10 . 2010-12-18 22:10 16384 c:\windows\temp\Perflib_Perfdata_500.dat + 2007-11-13 11:31 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe - 2007-11-13 11:31 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe + 2009-08-26 20:01 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll - 2009-08-26 20:01 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll - 2001-08-23 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll + 2001-08-23 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll - 2009-03-08 11:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll + 2009-03-08 11:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll + 2001-08-23 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll - 2001-08-23 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll - 2009-06-10 23:40 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll + 2009-06-10 23:40 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll + 2009-03-08 11:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll - 2009-03-08 11:31 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll - 2009-07-30 05:35 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-07-30 05:35 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-03-08 11:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll - 2009-03-08 11:34 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll + 2009-03-08 11:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll - 2009-03-08 11:33 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll + 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll + 2007-10-21 17:56 . 2010-12-15 11:12 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-10-21 17:56 . 2010-12-08 11:02 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-10-21 17:56 . 2010-12-08 11:02 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-10-21 17:56 . 2010-12-15 11:12 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2007-10-21 17:56 . 2010-12-08 11:02 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-10-21 17:56 . 2010-12-15 11:12 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-10-21 17:56 . 2010-12-08 11:02 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-10-21 17:56 . 2010-12-15 11:12 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-10-21 17:56 . 2010-12-15 11:12 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2007-10-21 17:56 . 2010-12-08 11:02 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2007-10-21 17:56 . 2010-12-08 11:02 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-10-21 17:56 . 2010-12-15 11:12 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2010-12-15 11:11 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll + 2010-12-15 11:10 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll + 2010-12-15 11:10 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll + 2010-12-15 11:10 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll + 2010-12-15 11:10 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll + 2007-10-21 17:56 . 2010-12-15 11:12 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-10-21 17:56 . 2010-12-08 11:02 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2001-08-23 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll - 2001-08-23 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll - 2001-08-23 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll + 2001-08-23 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll + 2009-03-08 11:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll - 2009-03-08 11:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll - 2001-08-23 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll + 2001-08-23 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll + 2001-08-23 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll - 2001-08-23 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll + 2001-08-23 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe + 2007-10-20 23:43 . 2010-12-15 11:29 371280 c:\windows\system32\FNTCACHE.DAT - 2007-10-20 23:43 . 2010-11-24 03:45 371280 c:\windows\system32\FNTCACHE.DAT - 2008-04-21 06:44 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll + 2008-04-21 06:44 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll - 2009-03-08 11:34 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll + 2009-03-08 11:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll - 2009-03-08 11:32 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll + 2009-03-08 11:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll - 2009-07-30 05:35 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll + 2009-07-30 05:35 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll - 2009-06-10 23:40 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll + 2009-06-10 23:40 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll - 2009-03-08 11:31 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll + 2009-03-08 11:31 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-06-09 18:09 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll - 2010-06-09 18:09 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll - 2009-03-08 21:09 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2009-03-08 21:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2009-03-08 11:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll + 2010-11-12 19:08 . 2010-11-12 19:08 889344 c:\windows\Installer\115d178e.msp - 2007-10-21 17:56 . 2010-12-08 11:02 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-10-21 17:56 . 2010-12-15 11:12 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-10-21 17:56 . 2010-12-15 11:12 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-10-21 17:56 . 2010-12-08 11:02 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-10-21 17:56 . 2010-12-08 11:02 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2007-10-21 17:56 . 2010-12-15 11:12 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-10-21 17:56 . 2010-12-08 11:02 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-10-21 17:56 . 2010-12-15 11:12 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-10-21 17:56 . 2010-12-08 11:02 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-10-21 17:56 . 2010-12-15 11:12 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-10-21 17:56 . 2010-12-08 11:02 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-10-21 17:56 . 2010-12-15 11:12 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2010-12-15 11:10 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll + 2010-12-15 11:11 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll + 2010-12-15 11:11 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe + 2010-12-15 11:10 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll + 2010-12-15 11:10 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll + 2010-12-15 11:10 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll + 2010-12-15 11:11 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll + 2010-12-15 11:10 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll + 2010-12-15 11:11 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll + 2010-12-15 11:11 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll + 2010-12-15 11:11 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe - 2001-08-23 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll + 2001-08-23 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll + 2001-08-23 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll + 2009-03-08 11:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll + 2008-10-16 04:07 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys - 2008-06-26 08:15 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll + 2008-06-26 08:15 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll + 2008-04-21 06:44 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll + 2009-06-10 23:40 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll + 2010-10-22 23:45 . 2010-10-22 23:45 8444928 c:\windows\Installer\115d17a6.msp + 2010-12-06 23:02 . 2010-12-06 23:02 5518848 c:\windows\Installer\115d1772.msp + 2010-10-02 05:53 . 2010-10-02 05:53 4147712 c:\windows\Installer\115d175b.msp + 2010-12-15 11:10 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll + 2010-12-15 11:10 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll + 2010-12-15 11:10 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll + 2007-10-21 08:17 . 2010-12-15 11:02 37366216 c:\windows\system32\MRT.exe + 2009-03-08 11:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll + 2009-06-10 23:40 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll + 2010-12-15 11:10 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-09-04 139264] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Blain\Start Menu\Programs\Startup\ MemTurbo.lnk - c:\program files\Silicon Prairie Software\MemTurbo\MemTurbo.exe [2009-7-7 512000] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-6 67128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MemTurbo.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\MemTurbo.lnk backup=c:\windows\pss\MemTurbo.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-16 08:37 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbDetect.exe] 2006-10-26 21:34 65536 ----a-w- c:\program files\Playskool\MADE FOR ME Software\HbDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2003-07-28 21:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2003-07-28 21:19 49152 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-07-28 21:19 323584 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] 2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 12:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-11-04 19:47 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "YahooAUService"=2 (0x2) "Pctspk"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "gupdate"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\ICQ\\Icq.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [07/12/2010 7:04 AM 18816] R3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [30/12/2009 3:38 PM 13359] S2 DILUSBCamera;Agfa ePhoto CL18 Camera Stream Driver;c:\windows\system32\drivers\stream18.sys [04/09/2008 12:36 PM 70708] S2 wntpport;wntpport; [x] S3 banshee;banshee;c:\windows\system32\drivers\banshee.sys [26/09/2010 6:38 PM 36128] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1A1.tmp [06/12/2010 9:15 PM 6144] S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?] S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [23/07/2004 2:55 PM 46536] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/02/2010 2:07 PM 135664] . Contents of the 'Scheduled Tasks' folder 2010-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 22:07] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 22:07] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Blain\Application Data\Mozilla\Firefox\Profiles\iqbq3baq.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 14:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\1A1.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2010-12-18 14:49:46 ComboFix-quarantined-files.txt 2010-12-18 22:49 ComboFix2.txt 2010-12-11 22:17 Pre-Run: 15,362,379,776 bytes free Post-Run: 15,342,948,352 bytes free - - End Of File - - B3165B7002A2C3824D5FF5693FFD0BE6