Malware Removal Help

[tsagi]

Hi.
 I think Symantec is not doing the job it is supposed to.  It is up to date but did not find any of the files the programs you suggested in the Malware Removal Guide.  I am submitting the files requested for your review.  Any and all help removing the viruses and malware from my computer would be GREATLY appreciated. 
Thank you for all your help.
Tsagi






CCLEANER:

ANALYSIS COMPLETE - (0.123 secs)
------------------------------------------------------------------------------------------
0.30MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------

Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
IE Temporary Internet Files (29 files) 0.23MB
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ccleaner[2].txt 340 bytes
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt 101 bytes
C:\Documents and Settings\HP_Administrator\Recent\CCleaner log  4 16 2009.lnk 837 bytes
C:\Documents and Settings\HP_Administrator\Recent\Malware Forum Software.lnk 485 bytes
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CmdLineExt03.dll 39.50KB
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll 24.04KB
------------------------------------------------------------------------------------------



Malwarebytes' Anti-Malware 1.36
Database version: 1990
Windows 5.1.2600 Service Pack 3

4/16/2009 3:40:52 PM
mbam-log-2009-04-16 (15-40-52).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 252614
Time elapsed: 1 hour(s), 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 30

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057889.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057867.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057874.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057876.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057877.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057878.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057880.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057882.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057883.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057887.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057888.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057890.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057891.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057892.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057894.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057895.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057896.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057897.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057898.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057899.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057900.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057901.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057902.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057903.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0057904.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0058325.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0058326.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1035\A0058328.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1036\A0058396.dll (Adware.MyWeb) -> Quarantined and deleted successfully.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/16/2009 at 12:35 PM

Application Version : 4.26.1000

Core Rules Database Version : 3846
Trace Rules Database Version: 1801

Scan type       : Complete Scan
Total Scan Time : 01:35:08

Memory items scanned      : 627
Memory threats detected   : 0
Registry items scanned    : 8687
Registry threats detected : 30
File items scanned        : 140773
File threats detected     : 13

Adware.MyWebSearch
   HKU\S-1-5-21-1540154373-1559213523-1839698443-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-1540154373-1559213523-1839698443-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-1540154373-1559213523-1839698443-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.CouponBar
   HKU\S-1-5-21-1540154373-1559213523-1839698443-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
   HKU\S-1-5-21-1540154373-1559213523-1839698443-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   HKU\S-1-5-21-1540154373-1559213523-1839698443-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}

Adware.SideStep Toolbar
   HKU\S-1-5-21-1540154373-1559213523-1839698443-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}

Adware.Tracking Cookie
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ez-tracks[2].txt
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt

Adware.MyWebSearch/FunWebProducts
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

Trojan.Agent/Gen-FSG
   C:\PROGRAM FILES\SHAREAZA\DOWNLOADS\WINACE WINRAR WINZIP WINISO + PASSWORD & CRACKER\WINRAR\KEYGEN.EXE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:07 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\xampp\filezillaftp\filezillaserver.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qresolve.webex.com/client/T26L/support/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\program,files\premieropinion\pmai.dll,C:\program,files\premieropinion\pmai.dll,C:\program,files\premieropinion\pmai.dll,C:\program files\premieropinion\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: Hexowsel - {2490173B-2ADB-4541-9B5E-A37290D0FACD} - C:\WINDOWS\system32\drvugdx.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9384 bytes

[tsagi]

I have removed the attached files and copied them into the text.....  Could I use ComboFix to Fix my computer?  I don't really understand the results of Hijacker so I don't know if I have issues or not.  Would any of these programs tell me if someone has physically installed spyware on this computer?  Like tracking the keyboard clicks?

Thank you.

[Karnac]

Don't use Combofix without the guidance of Evil or Broni........it's a powerful program and if not used right you can cripple your PC....Wait for a expert to analyse your logs......With regards to Symantec.......I don't trust their scans period.

[tsagi]

Thank you.  I'll wait for one of them to respond.  Neither Norton or Symantec are worth it to me.

[evilfantasy]

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
• R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/
• O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
• O20 - AppInit_DLLs: c:\program,files\premieropinion\pmai.dll,C:\program,files\premieropinion\pmai.dll,C:\program,files\premieropinion\pmai.dll,C:\program files\premieropinion\pmai.dll
• O21 - SSODL: Hexowsel - {2490173B-2ADB-4541-9B5E-A37290D0FACD} - C:\WINDOWS\system32\drvugdx.dll

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[tsagi]

Hi Again.  Here are the DDS results.  THANK YOU!!!


DDS (Ver_09-03-16.01) - NTFSx86 
Run by HP_Administrator at 18:01:52.53 on Tue 04/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.489 [GMT -4:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
svchost.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\QuickTime\qttask.exe
C:\xampp\filezillaftp\filezillaserver.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\xampp\apache\bin\apache.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Administrator\Desktop\Malware Forum Software\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache group\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: americangreetings.com\www
Trusted Zone: inuit.com\registerqb
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qresolve.webex.com/client/T26L/support/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2007-5-20 19478]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2007-5-20 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2007-5-20 431236]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-9 24636]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-21 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090416.006\naveng.sys [2009-4-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090416.006\navex15.sys [2009-4-17 876144]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2007-5-20 64093]
S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-2-26 67424]
S3 jbridgep;jbridgep;\??\c:\docume~1\hp_adm~1\locals~1\temp\jbridgep.sys --> c:\docume~1\hp_adm~1\locals~1\temp\jbridgep.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17

[?]
S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

=============== Created Last 30 ================

2009-04-21 07:50   202,072   a----r--   c:\windows\cpnprt2.cid
2009-04-21 07:50   202,072   --------   c:\windows\system32\cpnprt2.cid
2009-04-21 07:50   <DIR>   --d-----   c:\windows\Cache
2009-04-16 16:43   410,984   a-------   c:\windows\system32\deploytk.dll
2009-04-16 16:43   73,728   a-------   c:\windows\system32\javacpl.cpl
2009-04-16 14:03   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-04-16 14:03   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-04-16 14:03   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 14:03   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:03   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-16 10:55   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-16 10:54   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-04-16 10:54   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-04-16 10:54   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-04-16 08:21   27   a-------   c:\windows\sssTbarV2.ini
2009-04-16 07:50   <DIR>   --d-----   c:\program files\CCleaner
2009-04-15 22:30   401,408   --------   c:\windows\system32\dllcache\rpcss.dll
2009-04-15 22:30   284,160   --------   c:\windows\system32\dllcache\pdh.dll
2009-04-15 22:30   473,600   --------   c:\windows\system32\dllcache\fastprox.dll
2009-04-15 22:30   227,840   --------   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 22:30   110,592   --------   c:\windows\system32\dllcache\services.exe
2009-04-15 22:30   729,088   --------   c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 22:30   714,752   --------   c:\windows\system32\dllcache\ntdll.dll
2009-04-15 22:30   617,472   --------   c:\windows\system32\dllcache\advapi32.dll
2009-04-15 22:30   453,120   --------   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 22:27   2,560   --------   c:\windows\system32\xpsp4res.dll
2009-04-15 22:27   1,203,922   --------   c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 22:27   215,552   --------   c:\windows\system32\dllcache\wordpad.exe
2009-04-08 16:46   138,384   a-------   c:\windows\system32\drivers\tmcomm.sys
2009-04-08 16:46   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\HouseCall 6.6
2009-04-08 07:46   <DIR>   --d-----   c:\program files\CyberDefender
2009-04-08 07:46   <DIR>   --d-----   c:\program files\Cloudmark
2009-04-08 07:46   <DIR>   --d-----   c:\program files\AC3Filter
2009-04-06 16:51   363   a-------   c:\windows\ereg077.dat
2009-04-06 16:51   <DIR>   --d-----   c:\program files\The Learning Company
2009-04-06 16:15   <DIR>   --d-----   c:\program files\Curious George
2009-04-06 15:34   <DIR>   --d-----   c:\program files\Knowledge Adventure
2009-03-30 08:13   <DIR>   --d-----   C:\php
2009-03-30 08:01   <DIR>   --d-----   c:\program files\Apache Group
2009-03-30 07:35   <DIR>   --d-----   c:\program files\MySQL
2009-03-24 16:12   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Echo Software
2009-03-24 16:12   <DIR>   --d-----   c:\program files\Programmer's Notepad
2009-03-24 13:57   <DIR>   --d-----   c:\documents and settings\hp_administrator\workspace
2009-03-24 10:18   <DIR>   --d-----   c:\program files\Smart-Shopper
2009-03-24 10:18   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Smart-Shopper
2009-03-24 10:18   <DIR>   --d-----   c:\program files\jZip
2009-03-22 18:55   <DIR>   --d-----   C:\xampp

==================== Find3M  ====================

2009-04-20 15:49   0   a-------   c:\windows\system32\drivers\lvuvc.hs
2009-04-20 15:49   0   a-------   c:\windows\system32\drivers\logiflt.iad
2009-03-21 10:06   157,044   a-------   c:\windows\system32\netetw3232.dll
2009-03-21 10:06   989,696   --------   c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22   284,160   --------   c:\windows\system32\pdh.dll
2009-03-02 20:18   826,368   a-------   c:\windows\system32\wininet.dll
2009-03-02 20:18   826,368   a-------   c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54   636,072   a-------   c:\windows\system32\dllcache\iexplore.exe
2009-02-26 18:49   67,424   a-------   c:\windows\system32\drivers\CDAVFS.sys
2009-02-20 06:20   70,656   a-------   c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20   13,824   --------   c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14   161,792   a-------   c:\windows\system32\dllcache\ieakui.dll
2009-02-16 13:16   169,984   --------   c:\windows\system32\urinuerr.dll
2009-02-15 10:29   13   a-------   C:\Winvdrvr.dll
2009-02-10 17:49   286,720   --------   c:\windows\Setup1.exe
2009-02-10 17:49   73,216   a-------   c:\windows\ST6UNST.EXE
2009-02-09 08:10   729,088   --------   c:\windows\system32\lsasrv.dll
2009-02-09 08:10   401,408   a-------   c:\windows\system32\rpcss.dll
2009-02-09 08:10   714,752   --------   c:\windows\system32\ntdll.dll
2009-02-09 08:10   617,472   --------   c:\windows\system32\advapi32.dll
2009-02-09 07:13   1,846,784   --------   c:\windows\system32\win32k.sys
2009-02-09 07:13   1,846,784   --------   c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02   2,066,048   --------   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11   110,592   --------   c:\windows\system32\services.exe
2009-02-06 07:08   2,189,056   --------   c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06   2,145,280   --------   c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06   2,145,280   --------   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39   35,328   --------   c:\windows\system32\sc.exe
2009-02-06 06:39   35,328   --------   c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32   2,023,936   --------   c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32   2,023,936   --------   c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 15:59   56,832   a-------   c:\windows\system32\secur32.dll
2009-02-03 15:59   56,832   --------   c:\windows\system32\dllcache\secur32.dll
2009-01-14 19:43   0   a-------   c:\docume~1\hp_adm~1\applic~1\CopyToGo.dat
2008-04-08 15:35   20   ----h---   c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2007-11-14 10:13   1,316   a-------   c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

============= FINISH: 18:02:26.46 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/11/2005 9:14:29 PM
System Uptime: 4/20/2009 3:49:11 PM (27 hours ago)

Motherboard: ASUSTeK Computer INC. |  | Goldfish3
Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 |

3001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 179 GiB total, 114.713 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.868 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP946: 1/22/2009 8:07:40 AM - System Checkpoint
RP947: 1/23/2009 8:11:34 AM - System Checkpoint
RP948: 1/24/2009 8:53:13 AM - System Checkpoint
RP949: 1/25/2009 9:13:43 AM - System Checkpoint
RP950: 1/26/2009 9:37:45 AM - System Checkpoint
RP951: 1/27/2009 10:37:47 AM - System Checkpoint
RP952: 1/28/2009 11:37:48 AM - System Checkpoint
RP953: 1/29/2009 12:37:49 PM - System Checkpoint
RP954: 1/30/2009 1:37:50 PM - System Checkpoint
RP955: 1/31/2009 2:03:22 PM - System Checkpoint
RP956: 2/1/2009 2:37:57 PM - System Checkpoint
RP957: 2/2/2009 3:37:54 PM - System Checkpoint
RP958: 2/3/2009 4:37:56 PM - System Checkpoint
RP959: 2/4/2009 5:37:57 PM - System Checkpoint
RP960: 2/5/2009 6:37:58 PM - System Checkpoint
RP961: 2/6/2009 7:37:59 PM - System Checkpoint
RP962: 2/7/2009 7:55:05 PM - System Checkpoint
RP963: 2/8/2009 8:56:06 PM - System Checkpoint
RP964: 2/9/2009 9:55:08 PM - System Checkpoint
RP965: 2/10/2009 11:03:16 PM - System Checkpoint
RP966: 2/11/2009 11:54:29 PM - System Checkpoint
RP967: 2/12/2009 3:00:22 AM - Software Distribution Service 3.0
RP968: 2/12/2009 9:59:00 AM - Removed Adobe Acrobat 9 Pro - English,

Français, Deutsch.
RP969: 2/13/2009 12:43:52 PM - System Checkpoint
RP970: 2/14/2009 2:45:18 PM - System Checkpoint
RP971: 2/15/2009 3:11:42 PM - System Checkpoint
RP972: 2/16/2009 3:18:05 PM - System Checkpoint
RP973: 2/17/2009 3:37:00 PM - System Checkpoint
RP974: 2/18/2009 4:35:43 PM - System Checkpoint
RP975: 2/19/2009 4:56:51 PM - System Checkpoint
RP976: 2/20/2009 5:38:39 PM - System Checkpoint
RP977: 2/21/2009 5:55:50 PM - System Checkpoint
RP978: 2/22/2009 6:56:54 PM - System Checkpoint
RP979: 2/23/2009 7:35:12 PM - System Checkpoint
RP980: 2/24/2009 8:11:14 PM - System Checkpoint
RP981: 2/25/2009 8:22:33 PM - System Checkpoint
RP982: 2/26/2009 3:00:21 AM - Software Distribution Service 3.0
RP983: 2/27/2009 3:06:24 AM - System Checkpoint
RP984: 2/28/2009 4:07:31 AM - System Checkpoint
RP985: 3/1/2009 4:09:02 AM - System Checkpoint
RP986: 3/2/2009 5:09:02 AM - System Checkpoint
RP987: 3/3/2009 5:15:39 AM - System Checkpoint
RP988: 3/4/2009 5:49:11 AM - System Checkpoint
RP989: 3/5/2009 6:42:20 AM - System Checkpoint
RP990: 3/6/2009 7:42:24 AM - System Checkpoint
RP991: 3/7/2009 9:58:43 AM - System Checkpoint
RP992: 3/8/2009 10:13:21 AM - System Checkpoint
RP993: 3/9/2009 12:11:01 PM - System Checkpoint
RP994: 3/10/2009 12:38:46 PM - System Checkpoint
RP995: 3/10/2009 1:18:54 PM - Software Distribution Service 3.0
RP996: 3/10/2009 2:31:14 PM - Printer Driver Microsoft XPS Document

Writer Installed
RP997: 3/11/2009 2:00:20 AM - Software Distribution Service 3.0
RP998: 3/11/2009 8:55:30 PM - Instalado El Libro de Pooh
RP999: 3/12/2009 10:13:50 PM - System Checkpoint
RP1000: 3/16/2009 10:56:08 AM - System Checkpoint
RP1001: 3/17/2009 11:21:43 AM - System Checkpoint
RP1002: 3/18/2009 2:20:20 PM - System Checkpoint
RP1003: 3/19/2009 7:13:16 PM - System Checkpoint
RP1004: 3/20/2009 7:48:29 PM - System Checkpoint
RP1005: 3/21/2009 8:17:45 PM - System Checkpoint
RP1006: 3/22/2009 9:14:42 PM - System Checkpoint
RP1007: 3/23/2009 9:33:28 PM - System Checkpoint
RP1008: 3/24/2009 10:13:36 PM - System Checkpoint
RP1009: 3/25/2009 10:15:37 PM - System Checkpoint
RP1010: 3/26/2009 11:14:24 PM - System Checkpoint
RP1011: 3/28/2009 9:56:46 PM - System Checkpoint
RP1012: 3/29/2009 10:52:45 PM - System Checkpoint
RP1013: 3/30/2009 7:35:20 AM - Installed MySQL Server 5.0
RP1014: 3/30/2009 8:01:55 AM - Installed Apache HTTP Server 2.0.58
RP1015: 3/30/2009 8:05:53 AM - Removed Apache HTTP Server 2.0.58
RP1016: 3/30/2009 8:09:16 AM - Installed Apache HTTP Server 2.0.58
RP1017: 3/31/2009 8:23:47 AM - System Checkpoint
RP1018: 4/1/2009 9:30:41 AM - System Checkpoint
RP1019: 4/2/2009 10:02:56 AM - System Checkpoint
RP1020: 4/3/2009 10:19:28 AM - System Checkpoint
RP1021: 4/4/2009 10:42:28 AM - System Checkpoint
RP1022: 4/5/2009 11:18:27 AM - System Checkpoint
RP1023: 4/6/2009 7:40:06 AM - Removed Cloudmark Desktop for

Microsoft Outlook
RP1024: 4/6/2009 11:25:34 AM - Software Distribution Service 3.0
RP1025: 4/7/2009 1:44:52 PM - System Checkpoint
RP1026: 4/8/2009 7:29:19 AM - Restore Operation
RP1027: 4/8/2009 7:44:17 AM - Restore Operation
RP1028: 4/9/2009 8:41:22 AM - System Checkpoint
RP1029: 4/10/2009 10:49:55 AM - System Checkpoint
RP1030: 4/11/2009 11:34:41 AM - System Checkpoint
RP1031: 4/12/2009 12:40:34 PM - System Checkpoint
RP1032: 4/13/2009 1:34:37 PM - System Checkpoint
RP1033: 4/14/2009 2:34:44 PM - System Checkpoint
RP1034: 4/15/2009 4:59:28 PM - System Checkpoint
RP1035: 4/16/2009 3:00:32 AM - Software Distribution Service 3.0
RP1036: 4/16/2009 10:54:49 AM - Installed SUPERAntiSpyware Free

Edition
RP1037: 4/16/2009 4:43:20 PM - Installed Java(TM) 6 Update 13
RP1038: 4/17/2009 5:26:16 PM - System Checkpoint
RP1039: 4/19/2009 7:10:41 AM - System Checkpoint
RP1040: 4/20/2009 7:55:23 AM - System Checkpoint
RP1041: 4/21/2009 9:23:19 AM - System Checkpoint

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
7300_Help
7300Trb
7400
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Stock Photos 1.0
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Apache HTTP Server 2.0.58
AviSynth 2.5
BufferChm
CameraDrivers
CCleaner (remove only)
CCScore
Chinese Simplified Fonts Support For Adobe Reader 9
Cloudmark Desktop for Microsoft Outlook
Compatibility Pack for the 2007 Office system
Copy
Core FTP LE 2.1
Corel DVD Copy 6
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CyberDefender Early Detection Center
Destinations
Director
DocProc
DocumentViewer
DVD-TO-AVI V1.9
DVD-WMV
DVD Copy
El Libro de Pooh de Disney
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
Fax
Freeze Clip Art
Google Earth
Google Toolbar for Internet Explorer
Greeting Card Factory Deluxe
HandBrake 0.9.3
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPIndex
HLPRFO
Hooked on Phonics Letter Names
Hooked on Phonics Letter Sounds
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.5.3
HP Image Zone for Media Center PC
HP Image Zone Plus 4.5.3
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HP Tunes
HPIZplus450
HpSdpAppCoreApp
ImageMixer for Sony DVD Handycam
IncrediMail
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo VirtualDrive
InterVideo WinDVD 8
InterVideo WinDVD Creator
ISO Recorder
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
JumpStart Advanced Preschool
jZip
KBD
Kodak EasyShare software
KSU
LiveUpdate 2.6 (Symantec Corporation)
LiveUpdate Administration Utility
Logitech Desktop Messenger
Logitech Mobile Video
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Logitech Updater
LS_HSI
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MicroStaff WINASPI
MovieShop
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Music Manager
Musicmatch® Jukebox
muvee autoProducer 3.5 magicMoments - HPD
muvee autoProducer unPlugged - HPD
MySQL Server 5.0
Nikon Message Center
Notepad++
Notifier
Orbital from HP Media Center (remove only)
OTtBPSDK
PanoStandAlone
PC-Doctor for Windows
PCDADDIN
PCDHELP
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PictureProject
PictureProject In Touch Downloader 1.0
PrintScreen
ProductContext
Programmer's Notepad 2
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickBooks Premier: Contractor Edition 2007
QuickBooks Product Listing Service
Quicken 2005
QuickProjects
QuickTime
Readme
RealPlayer
Rhapsody Player Engine
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
Shockwave
Shutterfly Studio
Skin Creator
SKIN0001
SkinsHP1
SKINXSDK
Skype™ 3.8
SmartShopper
Smilebox
Sonic Encoders
Sonic Express Labeler
Sonic RecordNow!
Sony DVD Handycam USB Driver
Sony USB Driver
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Symantec AntiVirus
Symantec System Center
System Requirements Lab
The Print Shop
TrayApp
TrojanHunter 5.0
Undisker
Unload
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP
Vehicle Voyages
Visual J# .NET Redistributable Package
VPRINTOL
VTech® Photo Editor
WebFldrs XP
WebReg
Windows Desktop Search 3.01
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player 11
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinISO 5.3
WinZip 11.2
WIRELESS
XAMPP 1.7.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/18/2009 8:56:40 AM, error: W32Time [17]  - Time Provider

NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS

lookup again in 30 minutes. The error was: A socket operation was

attempted to an unreachable host. (0x80072751)
4/18/2009 8:41:40 AM, error: W32Time [17]  - Time Provider

NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS

lookup again in 15 minutes. The error was: A socket operation was

attempted to an unreachable host. (0x80072751)
4/18/2009 3:14:33 PM, error: Disk [11]  - The driver detected a

controller error on \Device\Harddisk5\D.
4/16/2009 9:10:42 PM, error: Service Control Manager [7026]  - The

following boot-start or system-start driver(s) failed to load:  szkg
4/16/2009 9:10:08 PM, error: Dhcp [1002]  - The IP address lease

76.18.56.185 for the Network Card with network address 0011D8F001C6

has been denied by the DHCP server 192.168.100.1 (The DHCP Server

sent a DHCPNACK message).
4/16/2009 6:09:37 AM, error: Dhcp [1002]  - The IP address lease

192.168.100.2 for the Network Card with network address 0011D8F001C6

has been denied by the DHCP server 192.168.100.1 (The DHCP Server

sent a DHCPNACK message).
4/16/2009 3:44:24 PM, error: Service Control Manager [7026]  - The

following boot-start or system-start driver(s) failed to load: 

fasttx2k szkg

==== End Of File ===========================

[evilfantasy]

Is CyberDefender a paid version? If not then please uninstall it.

Also uninstall:

• J2SE Runtime Environment 5.0 Update 4
• J2SE Runtime Environment 5.0 Update 6
• Java 2 Runtime Environment, SE v1.4.2_03

.
----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[tsagi]

Hi,

CyberDefender is my NIGHTMARE.  I have uninstalled the program several times through the ControlPanel>Remove Programs and have then gone to C:/Programs and deleted the folder.  When I Search for *cyberdefender* in all files and folders nothing is found.  BUT the Windows security center still reports that two AV software are on the system and Combo fix still reports that Cyberdefender is running.  I have called their TechSupport 3 times and have receved no valuable assistance.

How else can I get this software out of my computer??

THANK YOU!!


ComboFix 09-04-22.A2 - HP_Administrator 04/22/2009  6:54.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.400 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Malware Forum Software\ComboFix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\Microsoft\SystemCertificates\Request
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\patch.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-03-22 to 2009-04-22  )))))))))))))))))))))))))))))))
.

2009-04-21 11:50 . 2009-04-21 11:50   202072   ----a-r   c:\windows\cpnprt2.cid
2009-04-21 11:50 . 2009-04-21 11:50   202072   ------w   c:\windows\system32\cpnprt2.cid
2009-04-21 11:50 . 2009-04-21 11:50   --------   d-----w   c:\windows\Cache
2009-04-16 20:43 . 2009-04-16 20:43   73728   ----a-w   c:\windows\system32\javacpl.cpl
2009-04-16 20:43 . 2009-04-16 20:43   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-04-16 18:03 . 2009-04-16 18:03   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-16 18:03 . 2009-04-06 19:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-16 18:03 . 2009-04-06 19:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 18:03 . 2009-04-16 18:03   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 14:55 . 2009-04-16 14:55   --------   d-----w   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-16 14:54 . 2009-04-16 14:54   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-04-16 12:21 . 2009-04-16 12:26   27   ----a-w   c:\windows\sssTbarV2.ini
2009-04-16 02:30 . 2009-03-06 14:22   284160   ------w   c:\windows\system32\dllcache\pdh.dll
2009-04-16 02:30 . 2009-02-09 12:10   401408   ------w   c:\windows\system32\dllcache\rpcss.dll
2009-04-16 02:30 . 2009-02-09 12:10   473600   ------w   c:\windows\system32\dllcache\fastprox.dll
2009-04-16 02:30 . 2009-02-06 11:11   110592   ------w   c:\windows\system32\dllcache\services.exe
2009-04-16 02:30 . 2009-02-06 10:10   227840   ------w   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 02:30 . 2009-02-09 12:10   729088   ------w   c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 02:30 . 2009-02-09 12:10   714752   ------w   c:\windows\system32\dllcache\ntdll.dll
2009-04-16 02:30 . 2009-02-09 12:10   617472   ------w   c:\windows\system32\dllcache\advapi32.dll
2009-04-16 02:30 . 2009-02-09 12:10   453120   ------w   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 02:27 . 2008-05-03 11:55   2560   ------w   c:\windows\system32\xpsp4res.dll
2009-04-16 02:27 . 2009-03-27 06:58   1203922   ------w   c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 02:27 . 2008-04-21 12:08   215552   ------w   c:\windows\system32\dllcache\wordpad.exe
2009-04-08 20:46 . 2007-12-24 21:37   138384   ----a-w   c:\windows\system32\drivers\tmcomm.sys
2009-04-08 20:46 . 2009-04-08 20:48   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\HouseCall 6.6
2009-04-08 11:46 . 2009-04-08 11:46   --------   d-----w   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-06 20:51 . 2009-04-06 21:01   363   ----a-w   c:\windows\ereg077.dat
2009-03-30 12:13 . 2009-03-30 12:13   --------   d-----w   C:\php
2009-03-24 20:15 . 2009-03-24 20:15   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Notepad++
2009-03-24 20:12 . 2009-03-24 20:12   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Echo Software
2009-03-24 17:57 . 2009-03-24 17:57   --------   d-----w   c:\documents and settings\HP_Administrator\workspace
2009-03-24 14:19 . 2009-03-24 14:19   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-03-24 14:19 . 2009-03-24 14:20   --------   d-----w   c:\documents and settings\HP_Administrator\Local Settings\Application Data\jZip
2009-03-24 14:18 . 2009-03-24 14:22   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Smart-Shopper

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 11:06 . 2007-12-29 02:54   --------   d-----w   c:\program files\Symantec AntiVirus
2009-04-22 11:02 . 2008-10-13 12:16   0   ----a-w   c:\windows\system32\drivers\lvuvc.hs
2009-04-22 11:01 . 2008-10-13 12:16   0   ----a-w   c:\windows\system32\drivers\logiflt.iad
2009-04-22 10:32 . 2009-02-26 22:50   59607   ----a-w   C:\CybDefInstallInfo.log
2009-04-21 11:50 . 2008-11-04 16:53   --------   d-----w   c:\program files\Coupons
2009-04-16 20:45 . 2006-10-16 13:15   --------   d-----w   c:\program files\Trend Micro
2009-04-16 20:43 . 2005-03-15 18:37   --------   d-----w   c:\program files\Java
2009-04-16 20:42 . 2009-04-16 20:42   576   ----a-w   C:\JavaRa.log
2009-04-16 18:03 . 2009-04-16 18:03   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:54 . 2009-04-16 14:54   --------   d-----w   c:\program files\SUPERAntiSpyware
2009-04-16 14:54 . 2009-04-16 14:54   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-04-16 12:15 . 2008-06-05 16:36   --------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 11:50 . 2009-04-16 11:50   --------   d-----w   c:\program files\CCleaner
2009-04-16 10:51 . 2009-04-08 11:37   13217   ----a-w   C:\CDAVFSuser.log
2009-04-16 07:02 . 2007-09-13 22:28   --------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-11 11:32 . 2009-04-08 11:37   127   ----a-w   C:\CDAVFSuserBackup.log
2009-04-10 12:56 . 2006-11-10 13:10   --------   d-----w   c:\program files\IncrediMail
2009-04-08 11:46 . 2009-04-08 11:46   --------   d-----w   c:\program files\Cloudmark
2009-04-08 11:46 . 2009-04-08 11:46   --------   d-----w   c:\program files\AC3Filter
2009-04-08 11:46 . 2008-06-05 17:03   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Cloudmark
2009-04-08 11:46 . 2008-06-05 16:32   --------   d-----w   c:\program files\Common Files\Cloudmark
2009-04-08 11:46 . 2009-04-06 19:34   --------   d-----w   c:\program files\Knowledge Adventure
2009-04-08 11:46 . 2009-03-14 01:49   --------   d-----w   c:\program files\Common Files\Knowledge Adventure
2009-04-08 11:46 . 2009-03-14 01:49   --------   d-----w   c:\documents and settings\All Users\Application Data\Knowledge Adventure
2009-04-08 11:45 . 2005-12-28 00:02   --------   d-----w   c:\program files\Yahoo!
2009-04-06 22:26 . 2008-10-13 11:56   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Skype
2009-04-06 20:51 . 2009-04-06 20:51   --------   d-----w   c:\program files\The Learning Company
2009-04-06 20:15 . 2009-04-06 20:15   --------   d-----w   c:\program files\Curious George
2009-04-06 13:47 . 2008-10-13 12:00   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-03-30 12:01 . 2009-03-30 12:01   --------   d-----w   c:\program files\Apache Group
2009-03-30 11:35 . 2009-03-30 11:35   --------   d-----w   c:\program files\MySQL
2009-03-24 20:58 . 2009-03-24 20:12   --------   d-----w   c:\program files\Programmer's Notepad
2009-03-24 20:15 . 2009-03-24 20:15   --------   d-----w   c:\program files\Notepad++
2009-03-24 14:19 . 2009-03-24 14:18   --------   d-----w   c:\program files\jZip
2009-03-24 14:18 . 2009-03-24 14:18   --------   d-----w   c:\program files\Smart-Shopper
2009-03-21 14:06 . 2009-03-21 14:06   989696   ------w   c:\windows\system32\dllcache\kernel32.dll
2009-03-21 14:06 . 2004-08-10 04:00   157044   ----a-w   c:\windows\system32\netetw3232.dll
2009-03-21 13:11 . 2009-03-21 13:08   --------   d-----w   c:\program files\LiveUpdate Administration
2009-03-19 01:44 . 2005-06-15 22:19   --------   d-----w   c:\program files\Common Files\Adobe
2009-03-18 15:31 . 2009-01-15 02:17   --------   d-----w   c:\program files\AviSynth 2.5
2009-03-18 15:31 . 2009-01-15 02:17   --------   d-----w   c:\program files\DVD-WMV
2009-03-14 01:49 . 2009-03-14 01:49   --------   d-----w   c:\program files\JumpStart
2009-03-14 01:35 . 2009-03-14 01:35   --------   d-----w   c:\program files\IBM and Crayola
2009-03-13 22:16 . 2005-06-12 01:41   --------   d-----w   c:\program files\Common Files\Logitech
2009-03-12 01:55 . 2005-03-15 19:07   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-12 01:54 . 2009-03-12 01:54   --------   d-----w   c:\program files\Disney Interactive
2009-03-10 22:37 . 2005-06-12 01:35   143528   ----a-w   c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-10 04:00   284160   ------w   c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 04:00   826368   ----a-w   c:\windows\system32\wininet.dll
2009-03-03 00:18 . 2004-08-10 04:00   826368   ----a-w   c:\windows\system32\dllcache\wininet.dll
2009-02-28 04:54 . 2004-08-10 04:00   636072   ----a-w   c:\windows\system32\dllcache\iexplore.exe
2009-02-26 22:49 . 2009-02-26 22:53   67424   ----a-w   c:\windows\system32\drivers\CDAVFS.sys
2009-02-26 08:02 . 2008-06-16 11:46   --------   d-----w   c:\program files\Microsoft Silverlight
2009-02-20 10:20 . 2007-10-10 10:59   13824   ------w   c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2004-08-10 04:00   70656   ----a-w   c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-10 04:00   161792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
2009-02-16 17:16 . 2009-02-16 17:16   169984   ------w   c:\windows\system32\urinuerr.dll
2009-02-15 14:29 . 2009-02-15 14:29   13   ----a-w   C:\Winvdrvr.dll
2009-02-15 14:29 . 2009-02-15 14:29   13   ----a-w   C:\Portprcr.dvr
2009-02-15 14:29 . 2009-02-15 14:29   0   ----a-w   C:\hfcrgrt.ini
2009-02-10 21:49 . 2009-02-10 21:49   286720   ------w   c:\windows\Setup1.exe
2009-02-10 21:49 . 2009-02-10 21:49   73216   ----a-w   c:\windows\ST6UNST.EXE
2009-02-09 12:10 . 2004-08-10 04:00   729088   ------w   c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00   714752   ------w   c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 04:00   617472   ------w   c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 04:00   401408   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-10-15 10:00   1846784   ------w   c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 04:00   1846784   ------w   c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 10:00   2066048   ------w   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-10 04:00   110592   ------w   c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 10:00   2189056   ------w   c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 10:00   2145280   ------w   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-10 04:00   2145280   ------w   c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 04:00   35328   ------w   c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 04:00   35328   ------w   c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-15 10:00   2023936   ------w   c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-10 11:00   2023936   ------w   c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59   56832   ------w   c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 04:00   56832   ----a-w   c:\windows\system32\secur32.dll
2009-01-14 23:43 . 2009-01-14 13:14   0   ----a-w   c:\documents and settings\HP_Administrator\Application Data\CopyToGo.dat
2008-04-08 19:35 . 2008-04-08 13:48   20   ---h--w   c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2007-11-14 14:13 . 2005-06-12 01:35   1316   ----a-w   c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2005-06-12 01:46 . 2005-06-12 01:15   139   ----a-w   c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2005-03-15 18:37 . 2008-01-21 16:47   136   ----a-w   c:\documents and settings\QBDataServiceUser17\Local Settings\Application Data\fusioncache.dat
2005-03-15 18:37 . 2005-03-15 18:37   136   ----a-w   c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-09-10 15:06 . 2008-09-10 15:06   32768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-4-29 41042]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-3-15 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05   356352   ----a-w   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SavRoam"=3 (0x3)
"QuickBooksDB17"=2 (0x2)
"QBFCService"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"KodakCCS"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"QBCFMonitorService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Premier - Accountant Edition\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\DVD-WMV\\DVDWMV.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\eclipse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sonypvd2;sonypvd2;c:\windows\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
R3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2009-02-26 67424]
R3 jbridgep;jbridgep;

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R4 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]
S0 sonypvl2;sonypvl2;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S1 sonypvf2;sonypvf2;

S1 sonypvt2;sonypvt2;

S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-09 24636]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: americangreetings.com\www
Trusted Zone: inuit.com\registerqb
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 07:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(5316)
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\xampp\FileZillaFTP\FileZillaServer.exe
c:\windows\system32\CBA\PDS.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\progra~1\Symantec\SYMANT~1\NscTop.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\AMS_II\HNDLRSVC.EXE
c:\windows\system32\MSGSYS.EXE
c:\windows\system32\AMS_II\IAO.EXE
c:\windows\system32\CBA\XFR.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\IncrediMail\bin\ImApp.exe
.
**************************************************************************
.
Completion time: 2009-04-22  7:11 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-22 11:11

Pre-Run: 123,037,523,968 bytes free
Post-Run: 123,078,754,304 bytes free

317   --- E O F ---   2009-04-16 07:06

[evilfantasy]

Look in Add or Remove Programs and uninstall: (if found)

- CyberDefender Early Detection Center

----------

Delete ComboFix and download a new copy to your desktop.

ComboFix.exe

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Driver::
CDAVFS
jbridgep

Folder::
c:\program files\CyberDefender

File::
c:\windows\system32\DRIVERS\CDAVFS.sys
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[tsagi]

Hello,
Thank you again for your help.  My modem went down and delayed my progress....

Here is the new ComboFix log:

ComboFix 09-04-29.07 - HP_Administrator 04/30/2009  7:50.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.438 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\Malware Forum Software\cfscript.txt
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
 * Created a new restore point

FILE ::
c:\windows\system32\DRIVERS\CDAVFS.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\messenger\msmsgs.exe
c:\windows\system32\DRIVERS\CDAVFS.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDAVFS
-------\Legacy_JBRIDGEP
-------\Service_CDAVFS
-------\Service_jbridgep


(((((((((((((((((((((((((   Files Created from 2009-05-28 to 2009-4-30  )))))))))))))))))))))))))))))))
.

2009-04-27 02:21 . 2009-04-27 02:21   144896   ----a-w   c:\windows\system32\canimkbd.dll
2009-04-21 11:50 . 2009-04-21 11:50   --------   d-----w   c:\windows\Cache
2009-04-16 20:43 . 2009-04-16 20:43   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-04-16 18:03 . 2009-04-16 18:03   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-16 18:03 . 2009-04-06 19:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-16 18:03 . 2009-04-06 19:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 18:03 . 2009-04-16 18:03   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 18:03 . 2009-04-16 18:03   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-16 14:55 . 2009-04-16 14:55   --------   d-----w   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-16 14:54 . 2009-04-16 14:54   --------   d-----w   c:\program files\SUPERAntiSpyware
2009-04-16 14:54 . 2009-04-16 14:54   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-04-16 14:54 . 2009-04-16 14:54   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-04-16 11:50 . 2009-04-16 11:50   --------   d-----w   c:\program files\CCleaner
2009-04-16 02:30 . 2009-03-06 14:22   284160   ------w   c:\windows\system32\dllcache\pdh.dll
2009-04-16 02:30 . 2009-02-09 12:10   401408   ------w   c:\windows\system32\dllcache\rpcss.dll
2009-04-16 02:30 . 2009-02-06 11:11   110592   ------w   c:\windows\system32\dllcache\services.exe
2009-04-16 02:30 . 2009-02-09 12:10   473600   ------w   c:\windows\system32\dllcache\fastprox.dll
2009-04-16 02:30 . 2009-02-06 10:10   227840   ------w   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 02:30 . 2009-02-09 12:10   453120   ------w   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 02:30 . 2009-02-09 12:10   729088   ------w   c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 02:30 . 2009-02-09 12:10   617472   ------w   c:\windows\system32\dllcache\advapi32.dll
2009-04-16 02:30 . 2009-02-09 12:10   714752   ------w   c:\windows\system32\dllcache\ntdll.dll
2009-04-16 02:27 . 2008-05-03 11:55   2560   ------w   c:\windows\system32\xpsp4res.dll
2009-04-16 02:27 . 2008-04-21 12:08   215552   ------w   c:\windows\system32\dllcache\wordpad.exe
2009-04-08 20:46 . 2007-12-24 21:37   138384   ----a-w   c:\windows\system32\drivers\tmcomm.sys
2009-04-08 20:46 . 2009-04-08 20:48   --------   d-----w   c:\documents and settings\HP_Administrator\Application Data\HouseCall 6.6
2009-04-08 11:46 . 2009-04-08 11:46   --------   d-----w   c:\program files\AC3Filter
2009-04-08 11:46 . 2009-04-08 11:46   --------   d-----w   c:\program files\Cloudmark
2009-04-08 11:46 . 2009-04-08 11:46   --------   d-----w   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-06 20:51 . 2009-04-06 21:01   363   ----a-w   c:\windows\ereg077.dat
2009-04-06 20:51 . 2009-04-06 20:51   --------   d-----w   c:\program files\The Learning Company
2009-04-06 20:15 . 2009-04-06 20:15   --------   d-----w   c:\program files\Curious George
2009-04-06 19:34 . 2009-04-08 11:46   --------   d-----w   c:\program files\Knowledge Adventure

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 12:17 . 2007-12-29 02:54   --------   d-----w   c:\program files\Symantec AntiVirus
2009-04-30 11:59 . 2008-10-13 12:16   0   ----a-w   c:\windows\system32\drivers\lvuvc.hs
2009-04-30 11:59 . 2008-10-13 12:16   0   ----a-w   c:\windows\system32\drivers\logiflt.iad
2009-04-21 11:50 . 2008-11-04 16:53   --------   d-----w   c:\program files\Coupons
2009-04-16 20:45 . 2006-10-16 13:15   --------   d-----w   c:\program files\Trend Micro
2009-04-16 20:43 . 2005-03-15 18:37   --------   d-----w   c:\program files\Java
2009-04-10 12:56 . 2006-11-10 13:10   --------   d-----w   c:\program files\IncrediMail
2009-04-08 11:46 . 2008-06-05 16:32   --------   d-----w   c:\program files\Common Files\Cloudmark
2009-04-08 11:46 . 2009-03-14 01:49   --------   d-----w   c:\program files\Common Files\Knowledge Adventure
2009-04-08 11:45 . 2005-12-28 00:02   --------   d-----w   c:\program files\Yahoo!
2009-03-30 12:01 . 2009-03-30 12:01   --------   d-----w   c:\program files\Apache Group
2009-03-30 11:35 . 2009-03-30 11:35   --------   d-----w   c:\program files\MySQL
2009-03-24 20:58 . 2009-03-24 20:12   --------   d-----w   c:\program files\Programmer's Notepad
2009-03-24 20:15 . 2009-03-24 20:15   --------   d-----w   c:\program files\Notepad++
2009-03-24 14:19 . 2009-03-24 14:18   --------   d-----w   c:\program files\jZip
2009-03-24 14:18 . 2009-03-24 14:18   --------   d-----w   c:\program files\Smart-Shopper
2009-03-21 14:06 . 2004-08-10 04:00   2498560   ----a-w   c:\windows\system32\tmpagdat.dll
2009-03-21 14:06 . 2004-08-10 04:00   157085   ----a-w   c:\windows\system32\camavjob32.dll
2009-03-21 14:06 . 2004-08-10 04:00   1269760   ----a-w   c:\windows\system32\manaszip.dll
2009-03-21 14:06 . 2004-08-10 04:00   1216512   ----a-w   c:\windows\system32\endopobj.exe
2009-03-21 14:06 . 2004-08-10 04:00   119756   ----a-w   c:\windows\system32\dateceng.dll
2009-03-21 14:06 . 2004-08-10 04:00   1028096   ----a-w   c:\windows\system32\dskulctl.dll
2009-03-21 13:11 . 2009-03-21 13:08   --------   d-----w   c:\program files\LiveUpdate Administration
2009-03-19 01:44 . 2005-06-15 22:19   --------   d-----w   c:\program files\Common Files\Adobe
2009-03-18 15:31 . 2009-01-15 02:17   --------   d-----w   c:\program files\AviSynth 2.5
2009-03-18 15:31 . 2009-01-15 02:17   --------   d-----w   c:\program files\DVD-WMV
2009-03-14 01:49 . 2009-03-14 01:49   --------   d-----w   c:\program files\JumpStart
2009-03-14 01:35 . 2009-03-14 01:35   --------   d-----w   c:\program files\IBM and Crayola
2009-03-13 22:16 . 2005-06-12 01:41   --------   d-----w   c:\program files\Common Files\Logitech
2009-03-12 01:55 . 2005-03-15 19:07   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-12 01:54 . 2009-03-12 01:54   --------   d-----w   c:\program files\Disney Interactive
2009-03-10 22:37 . 2005-06-12 01:35   143528   ----a-w   c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-10 04:00   284160   ------w   c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 04:00   826368   ----a-w   c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 04:00   78336   ------w   c:\windows\system32\ieencode.dll
2009-02-15 14:29 . 2009-02-15 14:29   13   ----a-w   C:\Winvdrvr.dll
2009-02-10 21:49 . 2009-02-10 21:49   286720   ------w   c:\windows\Setup1.exe
2009-02-10 21:49 . 2009-02-10 21:49   73216   ----a-w   c:\windows\ST6UNST.EXE
2009-02-09 12:10 . 2004-08-10 04:00   729088   ------w   c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00   714752   ------w   c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 04:00   617472   ------w   c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 04:00   401408   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-10 04:00   1846784   ------w   c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-10 04:00   110592   ------w   c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-10 04:00   2145280   ------w   c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 04:00   35328   ------w   c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-10 11:00   2023936   ------w   c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-10 04:00   56832   ----a-w   c:\windows\system32\secur32.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-04-22_11.07.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-30 11:59 . 2009-04-30 11:59   16384              c:\windows\temp\Perflib_Perfdata_228.dat
+ 2005-03-15 18:57 . 2004-10-25 14:17   90112              c:\windows\system32\ps2.bat
+ 2004-08-10 11:00 . 2004-08-10 11:00   19429              c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-04-28 11:09 . 2009-04-28 11:09   84661              c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   35088              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   35088              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   18704              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   18704              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   20240              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   20240              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-09-04 16:38 . 2008-01-18 15:13   2247              c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-09-04 16:38 . 2008-01-18 15:13   2247              c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2004-08-10 04:00 . 2004-08-10 04:00   2589              c:\windows\I386\RUNW32.BAT
+ 2009-02-03 02:15 . 2009-02-03 02:15   240544              c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-10 04:00 . 2009-03-21 14:06   389120              c:\windows\system32\autawad\uihomak\msuxdb.dll
+ 2004-08-10 04:00 . 2009-03-21 14:06   104600              c:\windows\system32\autawad\fatomdoc.dll
+ 2007-09-13 22:40 . 2009-04-29 20:59   888080              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   888080              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   272648              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   272648              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   922384              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   922384              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   845584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   845584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   217864              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   217864              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   159504              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   159504              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15   3771296              c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-09-13 22:40 . 2009-04-16 07:02   1172240              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   1172240              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-09-13 22:40 . 2009-04-29 20:59   1165584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2007-09-13 22:40 . 2009-04-16 07:02   1165584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-4-29 41042]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-3-15 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Devetmid"= {097AA1BE-E1DC-415F-948B-D4748E1F63CE} - c:\windows\system32\dskulctl.dll [2009-03-21 1028096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05   356352   ----a-w   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SavRoam"=3 (0x3)
"QuickBooksDB17"=2 (0x2)
"QBFCService"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"KodakCCS"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"QBCFMonitorService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Premier - Accountant Edition\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\DVD-WMV\\DVDWMV.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\eclipse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sonypvd2;sonypvd2;c:\windows\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R4 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]
S0 sonypvl2;sonypvl2;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S1 sonypvf2;sonypvf2;

S1 sonypvt2;sonypvt2;

S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-09 24636]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: americangreetings.com\www
Trusted Zone: inuit.com\registerqb
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\cbzef3ve.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 08:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(5700)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\dskulctl.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\manaszip.dll
c:\windows\system32\autawad\uihomak\msuxdb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\xampp\FileZillaFTP\FileZillaServer.exe
c:\windows\system32\CBA\PDS.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\progra~1\Symantec\SYMANT~1\NscTop.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\AMS_II\HNDLRSVC.EXE
c:\windows\system32\MSGSYS.EXE
c:\windows\system32\AMS_II\IAO.EXE
c:\windows\system32\CBA\XFR.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-04-30  8:24 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-30 12:24
ComboFix2.txt  2009-04-22 11:11

Pre-Run: 122,732,421,120 bytes free
Post-Run: 122,838,884,352 bytes free

326   --- E O F ---   2009-04-29 20:59


THANK YOU!!!!!

[evilfantasy]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Download

ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

How is the computer running now?

[tsagi]

Much Better!  Thank you!!

 What is the best way to remove old anti-virus programs and which is the best (free) antivirus, anti-malware, firewall to install.  I wonder if Symantec doesn't hog the memory and make the computer run slower.  I changed from using IE to Firefox.

Thank you again for your time and help.

[evilfantasy]

Removal Tools and Methods for Uninstalling Major Antivirus Products

The best free antivirus and firewall in my opinion is Avast and Online Armor.

Remember to only install one antivirus!
 
1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal
.
----------

Remember only install ONE firewall

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) PC Tools Firewall Plus

----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[tsagi]

Thank you for all your help.  I will check these programs out and follow the instructions for getting rid of Symantec.