Here are the logs: (4)
1. 2009-01-26 19:57:16 A------- 750 C:\Qoobox\Quarantine\catchme.log
2009-01-26 20:12:22 A------- 16,513 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-26 20:13:21 A------- 570 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DSS.reg.dat
2. ComboFix 09-01-21.04 - Administrator 2009-01-26 20:11:37.1 -
FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.379 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*
.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.
2009-01-25 16:23 . 2009-01-25 16:23 <DIR> d--hs---- C:\FOUND.011
2009-01-25 14:29 . 2009-01-25 14:29 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-25 14:28 . 2009-01-25 14:28 <DIR> d-------- c:\windows\ERUNT
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d--hs---- C:\FOUND.010
2009-01-25 14:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-25 14:17 . 2009-01-25 14:17 <DIR> d--hs---- C:\FOUND.009
2009-01-25 14:10 . 2009-01-25 14:10 83 --a------ C:\httpdownloads.andymanchesta.comRemovalToolsSDFix.exe.URL
2009-01-20 23:29 . 2009-01-20 23:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 09:47 . 2009-01-16 09:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-13 16:20 . 2009-01-13 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 02:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 19:46 . 2009-01-01 19:46 <DIR> d--hs---- C:\FOUND.008
2009-01-01 19:41 . 2009-01-01 19:41 <DIR> d--hs---- C:\FOUND.007
2009-01-01 14:39 . 2009-01-01 14:39 <DIR> d--hs---- C:\FOUND.006
2009-01-01 14:34 . 2009-01-01 14:34 <DIR> d--hs---- C:\FOUND.005
2009-01-01 14:29 . 2009-01-01 14:29 <DIR> d--hs---- C:\FOUND.004
2009-01-01 14:24 . 2009-01-01 14:24 <DIR> d--hs---- C:\FOUND.003
2009-01-01 14:15 . 2009-01-01 14:15 <DIR> d--hs---- C:\FOUND.002
2009-01-01 14:05 . 2009-01-01 14:05 <DIR> d--hs---- C:\FOUND.001
2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d--hs---- C:\FOUND.000
2008-12-27 10:01 . 2009-01-20 23:29 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-27 10:01 . 2008-12-27 10:01 1,409 --a------ c:\windows\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:43 --------- d-----w c:\program files\Raxco
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-10 22:40 --------- d-----w c:\program files\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\Consumer\Application Data\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 22:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 21:06 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-01 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-01 21:05 --------- d-----w c:\program files\AIM6
2008-11-30 18:25 --------- d-----w c:\program files\Wal-Mart
2008-11-30 18:25 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Manager
2008-11-30 18:11 --------- d-----w c:\documents and settings\Consumer\Application Data\Printer Info Cache
2008-11-30 18:05 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Viewer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\
0autocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:10 50472 c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-04-25 08:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 13:32 5537792 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2008-10-20 17:04 2303216 c:\program files\Verizon\VSP\VerizonServicepoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 08:30 16384 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-11-08 08:30 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 13:32 1495040 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
S1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2006-05-25 7296]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;c:\progra~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 14887]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys --> c:\windows\system32\DRIVERS\wg121nd5.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-01 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DSS - c:\windows\BBStore\DSS\dssagent.exe
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjpue1qd.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-26 20:12:52
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-26 20:14:22
ComboFix-quarantined-files.txt 2009-01-27 01:14:22
Pre-Run: 54,761,717,760 bytes free
Post-Run: 57,347,637,248 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
169 --- E O F --- 2008-12-19 08:00:46
3.
ComboFix 09-01-21.04 - Administrator 2009-01-27 18:54:04.2 -
FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.379 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\cfscript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*
FILE ::
c:\windows\system32\ieexplorer32.exe
.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.
2009-01-27 18:17 . 2009-01-27 18:17 <DIR> d--hs---- C:\FOUND.013
2009-01-27 17:54 . 2009-01-27 18:13 754 --a------ C:\Shortcut to ComboFix.exe.lnk
2009-01-26 20:21 . 2009-01-26 20:21 <DIR> d--hs---- C:\FOUND.012
2009-01-25 16:23 . 2009-01-25 16:23 <DIR> d--hs---- C:\FOUND.011
2009-01-25 14:29 . 2009-01-25 14:29 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-25 14:28 . 2009-01-25 14:28 <DIR> d-------- c:\windows\ERUNT
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d--hs---- C:\FOUND.010
2009-01-25 14:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-25 14:17 . 2009-01-25 14:17 <DIR> d--hs---- C:\FOUND.009
2009-01-25 14:10 . 2009-01-25 14:10 83 --a------ C:\httpdownloads.andymanchesta.comRemovalToolsSDFix.exe.URL
2009-01-20 23:29 . 2009-01-20 23:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 09:47 . 2009-01-16 09:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-13 16:20 . 2009-01-13 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 02:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 19:46 . 2009-01-01 19:46 <DIR> d--hs---- C:\FOUND.008
2009-01-01 19:41 . 2009-01-01 19:41 <DIR> d--hs---- C:\FOUND.007
2009-01-01 14:39 . 2009-01-01 14:39 <DIR> d--hs---- C:\FOUND.006
2009-01-01 14:34 . 2009-01-01 14:34 <DIR> d--hs---- C:\FOUND.005
2009-01-01 14:29 . 2009-01-01 14:29 <DIR> d--hs---- C:\FOUND.004
2009-01-01 14:24 . 2009-01-01 14:24 <DIR> d--hs---- C:\FOUND.003
2009-01-01 14:15 . 2009-01-01 14:15 <DIR> d--hs---- C:\FOUND.002
2009-01-01 14:05 . 2009-01-01 14:05 <DIR> d--hs---- C:\FOUND.001
2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d--hs---- C:\FOUND.000
2008-12-27 10:01 . 2009-01-27 15:25 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-27 10:01 . 2008-12-27 10:01 1,409 --a------ c:\windows\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:43 --------- d-----w c:\program files\Raxco
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-10 22:40 --------- d-----w c:\program files\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\Consumer\Application Data\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 22:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 21:06 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-01 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-01 21:05 --------- d-----w c:\program files\AIM6
2008-11-30 18:25 --------- d-----w c:\program files\Wal-Mart
2008-11-30 18:25 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Manager
2008-11-30 18:11 --------- d-----w c:\documents and settings\Consumer\Application Data\Printer Info Cache
2008-11-30 18:05 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Viewer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\
0autocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:10 50472 c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-04-25 08:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 13:32 5537792 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2008-10-20 17:04 2303216 c:\program files\Verizon\VSP\VerizonServicepoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 08:30 16384 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-11-08 08:30 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 13:32 1495040 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
S1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2006-05-25 7296]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;c:\progra~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 14887]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys --> c:\windows\system32\DRIVERS\wg121nd5.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-01 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjpue1qd.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-27 18:56:03
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-27 19:00:35
ComboFix-quarantined-files.txt 2009-01-28 00:00:34
ComboFix2.txt 2009-01-27 01:14:24
Pre-Run: 57,291,964,416 bytes free
Post-Run: 57,270,468,608 bytes free
167 --- E O F --- 2008-12-19 08:00:46
4.
ComboFix 09-01-21.04 - Administrator 2009-01-28 13:55:49.3 -
FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.277 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*
FILE ::
c:\windows\system32\ieexplorer32.exe
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.
2009-01-28 13:51 . 2009-01-28 13:51 <DIR> d--hs---- C:\FOUND.014
2009-01-27 18:17 . 2009-01-27 18:17 <DIR> d--hs---- C:\FOUND.013
2009-01-27 17:54 . 2009-01-27 18:13 754 --a------ C:\Shortcut to ComboFix.exe.lnk
2009-01-26 20:21 . 2009-01-26 20:21 <DIR> d--hs---- C:\FOUND.012
2009-01-25 16:23 . 2009-01-25 16:23 <DIR> d--hs---- C:\FOUND.011
2009-01-25 14:29 . 2009-01-25 14:29 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-25 14:28 . 2009-01-25 14:28 <DIR> d-------- c:\windows\ERUNT
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d--hs---- C:\FOUND.010
2009-01-25 14:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-25 14:17 . 2009-01-25 14:17 <DIR> d--hs---- C:\FOUND.009
2009-01-25 14:10 . 2009-01-25 14:10 83 --a------ C:\httpdownloads.andymanchesta.comRemovalToolsSDFix.exe.URL
2009-01-20 23:29 . 2009-01-20 23:29 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-16 09:47 . 2009-01-16 09:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-13 16:20 . 2009-01-13 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-13 02:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-13 02:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 02:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 19:46 . 2009-01-01 19:46 <DIR> d--hs---- C:\FOUND.008
2009-01-01 19:41 . 2009-01-01 19:41 <DIR> d--hs---- C:\FOUND.007
2009-01-01 14:39 . 2009-01-01 14:39 <DIR> d--hs---- C:\FOUND.006
2009-01-01 14:34 . 2009-01-01 14:34 <DIR> d--hs---- C:\FOUND.005
2009-01-01 14:29 . 2009-01-01 14:29 <DIR> d--hs---- C:\FOUND.004
2009-01-01 14:24 . 2009-01-01 14:24 <DIR> d--hs---- C:\FOUND.003
2009-01-01 14:15 . 2009-01-01 14:15 <DIR> d--hs---- C:\FOUND.002
2009-01-01 14:05 . 2009-01-01 14:05 <DIR> d--hs---- C:\FOUND.001
2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d--hs---- C:\FOUND.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 14:52 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:43 --------- d-----w c:\program files\Raxco
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-10 22:40 --------- d-----w c:\program files\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\Consumer\Application Data\Verizon
2008-12-10 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 22:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 21:06 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-01 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-01 21:05 --------- d-----w c:\program files\AIM6
2008-11-30 18:25 --------- d-----w c:\program files\Wal-Mart
2008-11-30 18:25 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Manager
2008-11-30 18:11 --------- d-----w c:\documents and settings\Consumer\Application Data\Printer Info Cache
2008-11-30 18:05 --------- d-----w c:\documents and settings\Consumer\Application Data\Wal-Mart Digital Photo Viewer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\
0autocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:10 50472 c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-04-25 08:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 13:32 5537792 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2008-10-20 17:04 2303216 c:\program files\Verizon\VSP\VerizonServicepoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 08:30 16384 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-11-08 08:30 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 13:32 1495040 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
S1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2006-05-25 7296]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;c:\progra~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 14887]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys --> c:\windows\system32\DRIVERS\wg121nd5.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-01 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjpue1qd.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-28 13:57:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-28 13:58:19
ComboFix-quarantined-files.txt 2009-01-28 18:58:18
ComboFix3.txt 2009-01-27 01:14:24
ComboFix2.txt 2009-01-28 00:00:38
Pre-Run: 57,301,467,136 bytes free
Post-Run: 57,283,346,432 bytes free
167 --- E O F --- 2008-12-19 08:00:46
C:\QooBox\LastRun - none found
Also, when trying to instal gmer, after extracting the file, windows says the file is corrupt and it cannot install, even after several times of trying and downloading.