Thanks for your patience. Here are requested logs. Also included the quarantined log for the combofix. It generated 2 files. Due to length of logs, Hijack this will come on a separate post.
REALLY appreciate your help.
1. Sophos
Sophos Anti-Rootkit Version 1.3.1 (data 1.07) (c) 2006 Sophos Plc
Started logging on 9/9/2007 at 14:51:04 PM
Stopped logging on 9/9/2007 at 14:55:02 PM
2. Combofix (2 files)
ComboFix 07-09-10.2 - "Jennifer" 2007-09-10 15:13:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.491 [GMT -7:00]
.
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-09 14:49 <DIR> d-------- C:\Program Files\Sophos
2007-08-24 22:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-24 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-24 22:21 <DIR> d-------- C:\DOCUME~1\Jennifer\APPLIC~1\SUPERAntiSpyware.com
2007-08-18 16:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-18 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-18 09:17 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-08-11 18:16 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-08-10 16:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-08-10 14:38 <DIR> d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 15:07 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Skype
2007-08-24 22:20 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-11 17:58 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 17:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-10 14:37 --------- d-------- C:\Program Files\Lavasoft
2007-08-06 15:48 401720 --a------ C:\Program Files\Scanner.exe
2007-08-06 15:42 --------- d-------- C:\Program Files\Trend Micro
2007-08-06 15:25 --------- d-------- C:\Program Files\DIGStream
2007-08-05 12:26 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-03 20:11 11254 --a------ C:\WINDOWS\system32\locate.com
2007-08-03 19:20 --------- d-------- C:\Program Files\QuickTime
2007-08-03 19:16 --------- d-------- C:\Program Files\iTunes
2007-08-03 19:13 --------- d-------- C:\Program Files\Google
2007-08-03 19:12 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-03 15:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-03 14:41 --------- d-------- C:\DOCUME~1\Jennifer\APPLIC~1\Sunbelt Software
2007-08-02 15:49 3592 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 12:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-30 09:28 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-27 06:51 --------- d-------- C:\Program Files\FairUse Wizard 2
2007-07-25 10:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-22 13:31 --------- d-------- C:\Program Files\BroadJump
2007-07-22 12:57 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-22 07:55 --------- d-------- C:\Program Files\CONEXANT
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:27 363520 --a------ C:\WINDOWS\system32\dllcache\w3svc.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-10-04 15:36 12841240 --a------ C:\Program Files\SkypeSetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 13:50]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-28 22:52]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-17 11:29]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 14:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-07 10:45:07]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\3.tmp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b6e7aba-4783-11dc-891b-0014a5723710}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 15:15:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?4?5??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 15:15:37
C:\ComboFix-quarantined-files.txt ... 2007-09-10 15:15
C:\ComboFix2.txt ... 2007-08-25 06:44
.
--- E O F ---
Code:
2007-05-30 02:34 103207 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\resources\webmedias.vir
2007-05-30 02:34 10716 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\resources\languages.xml.vir
2007-05-30 02:34 333043 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\sqlite3.dll.vir
2007-05-30 02:34 544502 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\skins\classic.skn.vir
2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-07-22 18:19 1112339 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pack.epk.vir
2007-07-22 18:19 329728 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich.exe.vir
2007-07-22 18:19 57 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\Website.url.vir
2007-07-22 18:19 60133 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\uninst.exe.vir
2007-07-22 18:19 66 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\Terms and conditions.url.vir
2007-07-22 18:19 68 --a------ C:\Qoobox\Quarantine\C\Program Files\WebMediaPlayer\Privacy Policy.url.vir
2007-07-22 18:19 754 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Jennifer\Desktop\WebMediaPlayer.lnk.vir
2007-08-05 12:22 265497 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich_nav.dat.vir
2007-08-25 06:42 4562 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich.dat.vir
2007-08-25 06:43 939 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmxdxcdich_navps.dat.vir
Folder PATH listing
Volume serial number is 7C2B-4929
C:\QOOBOX\QUARANTINE
+---C
| +---ComboFix
| | FProps.vbs.vir
| |
| +---DOCUME~1
| | \---Jennifer
| | \---Desktop
| | WebMediaPlayer.lnk.vir
| |
| +---Program Files
| | \---WebMediaPlayer
| | | Privacy Policy.url.vir
| | | sqlite3.dll.vir
| | | Terms and conditions.url.vir
| | | uninst.exe.vir
| | | Website.url.vir
| | |
| | +---resources
| | | languages.xml.vir
| | | webmedias.vir
| | |
| | \---skins
| | classic.skn.vir
| |
| \---WINDOWS
| | pack.epk.vir
| |
| \---system32
| jmxdxcdich.dat.vir
| jmxdxcdich.exe.vir
| jmxdxcdich_nav.dat.vir
| jmxdxcdich_navps.dat.vir
|
\---Registry_backups