Hi,
CyberDefender is my NIGHTMARE. I have uninstalled the program several times through the ControlPanel>Remove Programs and have then gone to C:/Programs and deleted the folder. When I Search for *cyberdefender* in all files and folders nothing is found. BUT the Windows security center still reports that two AV software are on the system and Combo fix still reports that Cyberdefender is running. I have called their TechSupport 3 times and have receved no valuable assistance.
How else can I get this software out of my computer??
THANK YOU!!
ComboFix 09-04-22.A2 - HP_Administrator 04/22/2009 6:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.400 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Malware Forum Software\ComboFix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\Microsoft\SystemCertificates\Request
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\patch.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-21 11:50 . 2009-04-21 11:50 202072 ----a-r c:\windows\cpnprt2.cid
2009-04-21 11:50 . 2009-04-21 11:50 202072 ------w c:\windows\system32\cpnprt2.cid
2009-04-21 11:50 . 2009-04-21 11:50 -------- d-----w c:\windows\Cache
2009-04-16 20:43 . 2009-04-16 20:43 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-16 20:43 . 2009-04-16 20:43 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 18:03 . 2009-04-16 18:03 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-16 18:03 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 18:03 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 18:03 . 2009-04-16 18:03 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 14:55 . 2009-04-16 14:55 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-16 14:54 . 2009-04-16 14:54 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-04-16 12:21 . 2009-04-16 12:26 27 ----a-w c:\windows\sssTbarV2.ini
2009-04-16 02:30 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 02:30 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 02:30 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 02:30 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 02:30 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 02:30 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 02:30 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 02:30 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 02:30 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 02:27 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 02:27 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 02:27 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 20:46 . 2007-12-24 21:37 138384 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-08 20:46 . 2009-04-08 20:48 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\HouseCall 6.6
2009-04-08 11:46 . 2009-04-08 11:46 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-06 20:51 . 2009-04-06 21:01 363 ----a-w c:\windows\ereg077.dat
2009-03-30 12:13 . 2009-03-30 12:13 -------- d-----w C:\php
2009-03-24 20:15 . 2009-03-24 20:15 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Notepad++
2009-03-24 20:12 . 2009-03-24 20:12 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Echo Software
2009-03-24 17:57 . 2009-03-24 17:57 -------- d-----w c:\documents and settings\HP_Administrator\workspace
2009-03-24 14:19 . 2009-03-24 14:19 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-03-24 14:19 . 2009-03-24 14:20 -------- d-----w c:\documents and settings\HP_Administrator\Local Settings\Application Data\jZip
2009-03-24 14:18 . 2009-03-24 14:22 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Smart-Shopper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 11:06 . 2007-12-29 02:54 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-22 11:02 . 2008-10-13 12:16 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-22 11:01 . 2008-10-13 12:16 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-04-22 10:32 . 2009-02-26 22:50 59607 ----a-w C:\CybDefInstallInfo.log
2009-04-21 11:50 . 2008-11-04 16:53 -------- d-----w c:\program files\Coupons
2009-04-16 20:45 . 2006-10-16 13:15 -------- d-----w c:\program files\Trend Micro
2009-04-16 20:43 . 2005-03-15 18:37 -------- d-----w c:\program files\Java
2009-04-16 20:42 . 2009-04-16 20:42 576 ----a-w C:\JavaRa.log
2009-04-16 18:03 . 2009-04-16 18:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:54 . 2009-04-16 14:54 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-16 14:54 . 2009-04-16 14:54 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 12:15 . 2008-06-05 16:36 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 11:50 . 2009-04-16 11:50 -------- d-----w c:\program files\CCleaner
2009-04-16 10:51 . 2009-04-08 11:37 13217 ----a-w C:\CDAVFSuser.log
2009-04-16 07:02 . 2007-09-13 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-11 11:32 . 2009-04-08 11:37 127 ----a-w C:\CDAVFSuserBackup.log
2009-04-10 12:56 . 2006-11-10 13:10 -------- d-----w c:\program files\IncrediMail
2009-04-08 11:46 . 2009-04-08 11:46 -------- d-----w c:\program files\Cloudmark
2009-04-08 11:46 . 2009-04-08 11:46 -------- d-----w c:\program files\AC3Filter
2009-04-08 11:46 . 2008-06-05 17:03 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Cloudmark
2009-04-08 11:46 . 2008-06-05 16:32 -------- d-----w c:\program files\Common Files\Cloudmark
2009-04-08 11:46 . 2009-04-06 19:34 -------- d-----w c:\program files\Knowledge Adventure
2009-04-08 11:46 . 2009-03-14 01:49 -------- d-----w c:\program files\Common Files\Knowledge Adventure
2009-04-08 11:46 . 2009-03-14 01:49 -------- d-----w c:\documents and settings\All Users\Application Data\Knowledge Adventure
2009-04-08 11:45 . 2005-12-28 00:02 -------- d-----w c:\program files\Yahoo!
2009-04-06 22:26 . 2008-10-13 11:56 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Skype
2009-04-06 20:51 . 2009-04-06 20:51 -------- d-----w c:\program files\The Learning Company
2009-04-06 20:15 . 2009-04-06 20:15 -------- d-----w c:\program files\Curious George
2009-04-06 13:47 . 2008-10-13 12:00 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-03-30 12:01 . 2009-03-30 12:01 -------- d-----w c:\program files\Apache Group
2009-03-30 11:35 . 2009-03-30 11:35 -------- d-----w c:\program files\MySQL
2009-03-24 20:58 . 2009-03-24 20:12 -------- d-----w c:\program files\Programmer's Notepad
2009-03-24 20:15 . 2009-03-24 20:15 -------- d-----w c:\program files\Notepad++
2009-03-24 14:19 . 2009-03-24 14:18 -------- d-----w c:\program files\jZip
2009-03-24 14:18 . 2009-03-24 14:18 -------- d-----w c:\program files\Smart-Shopper
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 14:06 . 2004-08-10 04:00 157044 ----a-w c:\windows\system32\netetw3232.dll
2009-03-21 13:11 . 2009-03-21 13:08 -------- d-----w c:\program files\LiveUpdate Administration
2009-03-19 01:44 . 2005-06-15 22:19 -------- d-----w c:\program files\Common Files\Adobe
2009-03-18 15:31 . 2009-01-15 02:17 -------- d-----w c:\program files\AviSynth 2.5
2009-03-18 15:31 . 2009-01-15 02:17 -------- d-----w c:\program files\DVD-WMV
2009-03-14 01:49 . 2009-03-14 01:49 -------- d-----w c:\program files\JumpStart
2009-03-14 01:35 . 2009-03-14 01:35 -------- d-----w c:\program files\IBM and Crayola
2009-03-13 22:16 . 2005-06-12 01:41 -------- d-----w c:\program files\Common Files\Logitech
2009-03-12 01:55 . 2005-03-15 19:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 01:54 . 2009-03-12 01:54 -------- d-----w c:\program files\Disney Interactive
2009-03-10 22:37 . 2005-06-12 01:35 143528 ----a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-10 04:00 284160 ------w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-02-28 04:54 . 2004-08-10 04:00 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-26 22:49 . 2009-02-26 22:53 67424 ----a-w c:\windows\system32\drivers\CDAVFS.sys
2009-02-26 08:02 . 2008-06-16 11:46 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 10:20 . 2007-10-10 10:59 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2004-08-10 04:00 70656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-10 04:00 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 17:16 . 2009-02-16 17:16 169984 ------w c:\windows\system32\urinuerr.dll
2009-02-15 14:29 . 2009-02-15 14:29 13 ----a-w C:\Winvdrvr.dll
2009-02-15 14:29 . 2009-02-15 14:29 13 ----a-w C:\Portprcr.dvr
2009-02-15 14:29 . 2009-02-15 14:29 0 ----a-w C:\hfcrgrt.ini
2009-02-10 21:49 . 2009-02-10 21:49 286720 ------w c:\windows\Setup1.exe
2009-02-10 21:49 . 2009-02-10 21:49 73216 ----a-w c:\windows\ST6UNST.EXE
2009-02-09 12:10 . 2004-08-10 04:00 729088 ------w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 04:00 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 04:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-10-15 10:00 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 04:00 1846784 ------w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 10:00 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-10 04:00 110592 ------w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 10:00 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 10:00 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-10 04:00 2145280 ------w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 04:00 35328 ------w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 04:00 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-15 10:00 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-10 11:00 2023936 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 04:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-14 23:43 . 2009-01-14 13:14 0 ----a-w c:\documents and settings\HP_Administrator\Application Data\CopyToGo.dat
2008-04-08 19:35 . 2008-04-08 13:48 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2007-11-14 14:13 . 2005-06-12 01:35 1316 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2005-06-12 01:46 . 2005-06-12 01:15 139 ----a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2005-03-15 18:37 . 2008-01-21 16:47 136 ----a-w c:\documents and settings\QBDataServiceUser17\Local Settings\Application Data\fusioncache.dat
2005-03-15 18:37 . 2005-03-15 18:37 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-09-10 15:06 . 2008-09-10 15:06 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-4-29 41042]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-3-15 45056]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SavRoam"=3 (0x3)
"QuickBooksDB17"=2 (0x2)
"QBFCService"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"KodakCCS"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Premier - Accountant Edition\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\DVD-WMV\\DVDWMV.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\eclipse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 sonypvd2;sonypvd2;c:\windows\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
R3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2009-02-26 67424]
R3 jbridgep;jbridgep;
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R4 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]
S0 sonypvl2;sonypvl2;
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S1 sonypvf2;sonypvf2;
S1 sonypvt2;sonypvt2;
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-09 24636]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: americangreetings.com\www
Trusted Zone: inuit.com\registerqb
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-22 07:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(5316)
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\xampp\FileZillaFTP\FileZillaServer.exe
c:\windows\system32\CBA\PDS.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\progra~1\Symantec\SYMANT~1\NscTop.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\AMS_II\HNDLRSVC.EXE
c:\windows\system32\MSGSYS.EXE
c:\windows\system32\AMS_II\IAO.EXE
c:\windows\system32\CBA\XFR.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\IncrediMail\bin\ImApp.exe
.
**************************************************************************
.
Completion time: 2009-04-22 7:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 11:11
Pre-Run: 123,037,523,968 bytes free
Post-Run: 123,078,754,304 bytes free
317 --- E O F --- 2009-04-16 07:06