Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer becoming unresponsive and unusable

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer becoming unresponsive and unusable

Unread postby eteacher47 » January 28th, 2009, 3:17 pm

Hello,

While trying to drag and drop cfscript, the program nearly completes, until I get this error message:

"dumphive.cfexe has encountered a problem and needs to close. we are sorry for the inconvinence" along with the option to send an error report.

But here is the log that came up:

ComboFix 09-01-21.04 - Administrator 2009-01-28 14:06:11.4 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.292 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*

FILE ::
c:\windows\system32\ieexplorer32.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-28 13:51 . 2009-01-28 13:51 <DIR> d--hs---- C:\FOUND.014
2009-01-27 18:17 . 2009-01-27 18:17 <DIR> d--hs---- C:\FOUND.013
2009-01-27 17:54 . 2009-01-27 18:13 754 --a------ C:\Shortcut to ComboFix.exe.lnk
2009-01-26 20:21 . 2009-01-26 20:21 <DIR> d--hs---- C:\FOUND.012
2009-01-25 16:23 . 2009-01-25 16:23 <DIR> d--hs---- C:\FOUND.011
2009-01-25 14:29 . 2009-01-25 14:29 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-25 14:28 . 2009-01-25 14:28 <DIR> d-------- c:\windows\ERUNT
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d--hs---- C:\FOUND.010
2009-01-25 14:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-25 14:17 . 2009-01-25 14:17 <DIR> d--hs---- C:\FOUND.009
2009-01-25 14:10 . 2009-01-25 14:10 83 --a------ C:\httpdownloads.andymanchesta.comRemovalToolsSDFix.exe.URL
2009-01-20 23:29 . 2009-01-20 23:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 09:47 . 2009-01-16 09:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-13 16:20 . 2009-01-13 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 02:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 19:46 . 2009-01-01 19:46 <DIR> d--hs---- C:\FOUND.008
2009-01-01 19:41 . 2009-01-01 19:41 <DIR> d--hs---- C:\FOUND.007
2009-01-01 14:39 . 2009-01-01 14:39 <DIR> d--hs---- C:\FOUND.006
2009-01-01 14:34 . 2009-01-01 14:34 <DIR> d--hs---- C:\FOUND.005
2009-01-01 14:29 . 2009-01-01 14:29 <DIR> d--hs---- C:\FOUND.004
2009-01-01 14:24 . 2009-01-01 14:24 <DIR> d--hs---- C:\FOUND.003
2009-01-01 14:15 . 2009-01-01 14:15 <DIR> d--hs---- C:\FOUND.002
2009-01-01 14:05 . 2009-01-01 14:05 <DIR> d--hs---- C:\FOUND.001
2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:43 --------- d-----w c:\program files\Raxco
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-10 22:40 --------- d-----w c:\program files\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\Consumer\Application Data\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 22:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 21:06 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-01 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-01 21:05 --------- d-----w c:\program files\AIM6
2008-11-30 18:25 --------- d-----w c:\program files\Wal-Mart
2008-11-30 18:25 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Manager
2008-11-30 18:11 --------- d-----w c:\documents and settings\Consumer\Application Data\Printer Info Cache
2008-11-30 18:05 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Viewer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:10 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-04-25 08:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 13:32 5537792 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2008-10-20 17:04 2303216 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 08:30 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-11-08 08:30 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 13:32 1495040 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

S1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2006-05-25 7296]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;c:\progra~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 14887]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys --> c:\windows\system32\DRIVERS\wg121nd5.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-01 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjpue1qd.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 14:07:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-28 14:10:25
ComboFix-quarantined-files.txt 2009-01-28 19:10:24
ComboFix4.txt 2009-01-27 01:14:24
ComboFix3.txt 2009-01-28 00:00:38
ComboFix2.txt 2009-01-28 18:58:22

Pre-Run: 57,334,431,744 bytes free
Post-Run: 57,318,572,032 bytes free

168 --- E O F --- 2008-12-19 08:00:46
eteacher47
Active Member
 
Posts: 13
Joined: January 13th, 2009, 5:51 pm
Advertisement
Register to Remove

Re: Computer becoming unresponsive and unusable

Unread postby eteacher47 » January 28th, 2009, 3:20 pm

Also, I cannot uninstall anything in normal mode, nor can I instal the virus protection or firewall. Very frustrated :cry:
eteacher47
Active Member
 
Posts: 13
Joined: January 13th, 2009, 5:51 pm

Re: Computer becoming unresponsive and unusable

Unread postby Bio-Hazard » January 29th, 2009, 10:42 am

eteacher47 wrote:Also, I cannot uninstall anything in normal mode, nor can I instal the virus protection or firewall. Very frustrated :cry:


Does the normal mode work at all?
What happens when you use normal mode?
Do you get error messages when you try to install antivirus programs?




Step 1:
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folders:

C:\qoobox In that folder you will find the ComboFix log files.

Please post the contents of each of those log files in your next reply.


Step 2:
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folders:

C:\QooBox\LastRun

If there are any log files in that folder, please post them in your next reply as well.

Thank you.


Using Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.
  • Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  • In Command Prompt, type in net stop gmer. Press Enter.
  • Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Computer becoming unresponsive and unusable

Unread postby eteacher47 » February 1st, 2009, 10:39 pm

Here are the logs: (4)



1. 2009-01-26 19:57:16 A------- 750 C:\Qoobox\Quarantine\catchme.log
2009-01-26 20:12:22 A------- 16,513 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-26 20:13:21 A------- 570 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DSS.reg.dat








2. ComboFix 09-01-21.04 - Administrator 2009-01-26 20:11:37.1 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.379 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-25 16:23 . 2009-01-25 16:23 <DIR> d--hs---- C:\FOUND.011
2009-01-25 14:29 . 2009-01-25 14:29 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-25 14:28 . 2009-01-25 14:28 <DIR> d-------- c:\windows\ERUNT
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d--hs---- C:\FOUND.010
2009-01-25 14:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-25 14:17 . 2009-01-25 14:17 <DIR> d--hs---- C:\FOUND.009
2009-01-25 14:10 . 2009-01-25 14:10 83 --a------ C:\httpdownloads.andymanchesta.comRemovalToolsSDFix.exe.URL
2009-01-20 23:29 . 2009-01-20 23:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 09:47 . 2009-01-16 09:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-13 16:20 . 2009-01-13 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 02:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 19:46 . 2009-01-01 19:46 <DIR> d--hs---- C:\FOUND.008
2009-01-01 19:41 . 2009-01-01 19:41 <DIR> d--hs---- C:\FOUND.007
2009-01-01 14:39 . 2009-01-01 14:39 <DIR> d--hs---- C:\FOUND.006
2009-01-01 14:34 . 2009-01-01 14:34 <DIR> d--hs---- C:\FOUND.005
2009-01-01 14:29 . 2009-01-01 14:29 <DIR> d--hs---- C:\FOUND.004
2009-01-01 14:24 . 2009-01-01 14:24 <DIR> d--hs---- C:\FOUND.003
2009-01-01 14:15 . 2009-01-01 14:15 <DIR> d--hs---- C:\FOUND.002
2009-01-01 14:05 . 2009-01-01 14:05 <DIR> d--hs---- C:\FOUND.001
2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d--hs---- C:\FOUND.000
2008-12-27 10:01 . 2009-01-20 23:29 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-27 10:01 . 2008-12-27 10:01 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:43 --------- d-----w c:\program files\Raxco
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-10 22:40 --------- d-----w c:\program files\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\Consumer\Application Data\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 22:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 21:06 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-01 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-01 21:05 --------- d-----w c:\program files\AIM6
2008-11-30 18:25 --------- d-----w c:\program files\Wal-Mart
2008-11-30 18:25 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Manager
2008-11-30 18:11 --------- d-----w c:\documents and settings\Consumer\Application Data\Printer Info Cache
2008-11-30 18:05 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Viewer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:10 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-04-25 08:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 13:32 5537792 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2008-10-20 17:04 2303216 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 08:30 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-11-08 08:30 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 13:32 1495040 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

S1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2006-05-25 7296]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;c:\progra~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 14887]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys --> c:\windows\system32\DRIVERS\wg121nd5.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-01 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DSS - c:\windows\BBStore\DSS\dssagent.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjpue1qd.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 20:12:52
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-26 20:14:22
ComboFix-quarantined-files.txt 2009-01-27 01:14:22

Pre-Run: 54,761,717,760 bytes free
Post-Run: 57,347,637,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

169 --- E O F --- 2008-12-19 08:00:46





3.



ComboFix 09-01-21.04 - Administrator 2009-01-27 18:54:04.2 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.379 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\cfscript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*

FILE ::
c:\windows\system32\ieexplorer32.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-27 18:17 . 2009-01-27 18:17 <DIR> d--hs---- C:\FOUND.013
2009-01-27 17:54 . 2009-01-27 18:13 754 --a------ C:\Shortcut to ComboFix.exe.lnk
2009-01-26 20:21 . 2009-01-26 20:21 <DIR> d--hs---- C:\FOUND.012
2009-01-25 16:23 . 2009-01-25 16:23 <DIR> d--hs---- C:\FOUND.011
2009-01-25 14:29 . 2009-01-25 14:29 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-25 14:28 . 2009-01-25 14:28 <DIR> d-------- c:\windows\ERUNT
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d--hs---- C:\FOUND.010
2009-01-25 14:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-25 14:17 . 2009-01-25 14:17 <DIR> d--hs---- C:\FOUND.009
2009-01-25 14:10 . 2009-01-25 14:10 83 --a------ C:\httpdownloads.andymanchesta.comRemovalToolsSDFix.exe.URL
2009-01-20 23:29 . 2009-01-20 23:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 09:47 . 2009-01-16 09:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-13 16:20 . 2009-01-13 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 02:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 19:46 . 2009-01-01 19:46 <DIR> d--hs---- C:\FOUND.008
2009-01-01 19:41 . 2009-01-01 19:41 <DIR> d--hs---- C:\FOUND.007
2009-01-01 14:39 . 2009-01-01 14:39 <DIR> d--hs---- C:\FOUND.006
2009-01-01 14:34 . 2009-01-01 14:34 <DIR> d--hs---- C:\FOUND.005
2009-01-01 14:29 . 2009-01-01 14:29 <DIR> d--hs---- C:\FOUND.004
2009-01-01 14:24 . 2009-01-01 14:24 <DIR> d--hs---- C:\FOUND.003
2009-01-01 14:15 . 2009-01-01 14:15 <DIR> d--hs---- C:\FOUND.002
2009-01-01 14:05 . 2009-01-01 14:05 <DIR> d--hs---- C:\FOUND.001
2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d--hs---- C:\FOUND.000
2008-12-27 10:01 . 2009-01-27 15:25 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-27 10:01 . 2008-12-27 10:01 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:43 --------- d-----w c:\program files\Raxco
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-10 22:40 --------- d-----w c:\program files\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\Consumer\Application Data\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 22:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 21:06 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-01 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-01 21:05 --------- d-----w c:\program files\AIM6
2008-11-30 18:25 --------- d-----w c:\program files\Wal-Mart
2008-11-30 18:25 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Manager
2008-11-30 18:11 --------- d-----w c:\documents and settings\Consumer\Application Data\Printer Info Cache
2008-11-30 18:05 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Viewer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:10 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-04-25 08:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 13:32 5537792 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2008-10-20 17:04 2303216 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 08:30 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-11-08 08:30 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 13:32 1495040 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

S1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2006-05-25 7296]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;c:\progra~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 14887]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys --> c:\windows\system32\DRIVERS\wg121nd5.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-01 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjpue1qd.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 18:56:03
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-27 19:00:35
ComboFix-quarantined-files.txt 2009-01-28 00:00:34
ComboFix2.txt 2009-01-27 01:14:24

Pre-Run: 57,291,964,416 bytes free
Post-Run: 57,270,468,608 bytes free

167 --- E O F --- 2008-12-19 08:00:46





4.



ComboFix 09-01-21.04 - Administrator 2009-01-28 13:55:49.3 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.277 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*

FILE ::
c:\windows\system32\ieexplorer32.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-28 13:51 . 2009-01-28 13:51 <DIR> d--hs---- C:\FOUND.014
2009-01-27 18:17 . 2009-01-27 18:17 <DIR> d--hs---- C:\FOUND.013
2009-01-27 17:54 . 2009-01-27 18:13 754 --a------ C:\Shortcut to ComboFix.exe.lnk
2009-01-26 20:21 . 2009-01-26 20:21 <DIR> d--hs---- C:\FOUND.012
2009-01-25 16:23 . 2009-01-25 16:23 <DIR> d--hs---- C:\FOUND.011
2009-01-25 14:29 . 2009-01-25 14:29 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-25 14:28 . 2009-01-25 14:28 <DIR> d-------- c:\windows\ERUNT
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d--hs---- C:\FOUND.010
2009-01-25 14:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-25 14:17 . 2009-01-25 14:17 <DIR> d--hs---- C:\FOUND.009
2009-01-25 14:10 . 2009-01-25 14:10 83 --a------ C:\httpdownloads.andymanchesta.comRemovalToolsSDFix.exe.URL
2009-01-20 23:29 . 2009-01-20 23:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 09:47 . 2009-01-16 09:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-13 16:20 . 2009-01-13 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 02:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 19:46 . 2009-01-01 19:46 <DIR> d--hs---- C:\FOUND.008
2009-01-01 19:41 . 2009-01-01 19:41 <DIR> d--hs---- C:\FOUND.007
2009-01-01 14:39 . 2009-01-01 14:39 <DIR> d--hs---- C:\FOUND.006
2009-01-01 14:34 . 2009-01-01 14:34 <DIR> d--hs---- C:\FOUND.005
2009-01-01 14:29 . 2009-01-01 14:29 <DIR> d--hs---- C:\FOUND.004
2009-01-01 14:24 . 2009-01-01 14:24 <DIR> d--hs---- C:\FOUND.003
2009-01-01 14:15 . 2009-01-01 14:15 <DIR> d--hs---- C:\FOUND.002
2009-01-01 14:05 . 2009-01-01 14:05 <DIR> d--hs---- C:\FOUND.001
2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:43 --------- d-----w c:\program files\Raxco
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-10 22:40 --------- d-----w c:\program files\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\Consumer\Application Data\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 22:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 21:06 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-01 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-01 21:05 --------- d-----w c:\program files\AIM6
2008-11-30 18:25 --------- d-----w c:\program files\Wal-Mart
2008-11-30 18:25 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Manager
2008-11-30 18:11 --------- d-----w c:\documents and settings\Consumer\Application Data\Printer Info Cache
2008-11-30 18:05 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Viewer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:10 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-04-25 08:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 13:32 5537792 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2008-10-20 17:04 2303216 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 08:30 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-11-08 08:30 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 13:32 1495040 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

S1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2006-05-25 7296]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;c:\progra~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 14887]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys --> c:\windows\system32\DRIVERS\wg121nd5.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-01 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjpue1qd.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 13:57:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-28 13:58:19
ComboFix-quarantined-files.txt 2009-01-28 18:58:18
ComboFix3.txt 2009-01-27 01:14:24
ComboFix2.txt 2009-01-28 00:00:38

Pre-Run: 57,301,467,136 bytes free
Post-Run: 57,283,346,432 bytes free

167 --- E O F --- 2008-12-19 08:00:46






C:\QooBox\LastRun - none found





Also, when trying to instal gmer, after extracting the file, windows says the file is corrupt and it cannot install, even after several times of trying and downloading.
eteacher47
Active Member
 
Posts: 13
Joined: January 13th, 2009, 5:51 pm

Re: Computer becoming unresponsive and unusable

Unread postby Bio-Hazard » February 2nd, 2009, 5:53 am

Download and Run Blacklight

  • Please download F-Secure Blacklight (fsbl.exe) from HERE
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Computer becoming unresponsive and unusable

Unread postby eteacher47 » February 5th, 2009, 1:34 pm

Hello Bio-Hazard

Thank you so much for putting in the time and effort to help. My friend is actually coming to wipe the entire computer clean, so I will not be needing your servieces anymore. I am so sorry, I did not know this was an option in the first place.

Thank you again
eteacher47
Active Member
 
Posts: 13
Joined: January 13th, 2009, 5:51 pm

Re: Computer becoming unresponsive and unusable

Unread postby Bio-Hazard » February 5th, 2009, 3:15 pm

eteacher47 wrote:Thank you so much for putting in the time and effort to help. My friend is actually coming to wipe the entire computer clean, so I will not be needing your servieces anymore. I am so sorry, I did not know this was an option in the first place.

Thank you again


You are welcome. Reformat and reinstall is always option, but usually we try to clean if we can. Also it is always your choice what you want to do. I wouls also say that considering the problems we had it is a good thing to do reformat and reinstall. I am sorry i couldnt help you more.


Clean Install

I'll respect you decision to do a clean install.

Please make sure that you know what to do before beginning the operation.

Here are a few links that propably help:

When should I re-format? How should I reinstall?
Windows XP Clean install


Then there are a couple of things you should do immediately after installing Windows and before surfing the net.

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    Here are few FREE alternatives:

  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    NOTE: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

    Here are few FREE alternatives:

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:Firefox or Opera


Here is a great article by miekiemoes How to prevent Malware.


Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints >Malware Complaints<. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Computer becoming unresponsive and unusable

Unread postby Gary R » February 7th, 2009, 5:28 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware