Step-Daughter's Computer Viruses and Malware

First of all looks like from your log that Malwarebytes' Anti-Malware program needs the computer to reboot as indicated from this entry here;
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
In order to remove some infections sometimes the program must have the computer reboot so that the infections can be removed early in the boot process before other programs have started up.
Reboot the computer.
Then post that log from the Malwarebytes' program. You can find it if you open the program and click on the Log Tab.
Copy/Paste or attach that log back here. I need to see what has been found and removed before I can give other steps.
Judy

Thank You for responding Judy.

I've since rebooted a couple of times but here's the Malwarebytes log from that time. Also included recent Hijack log. I've also run Uniblue registry. Also uninstalled Symantec antivirus whick got broken alsong the way and Hallmark Cards which wasn't being used. I reenabled Verizon Antivirus ( I prefer Symantec which is better but I didn't want conflicks)
Also attached Combofix.txt.

Malwarebytes' Anti-Malware 1.28
Database version: 1139
Windows 5.1.2600 Service Pack 3

9/11/2008 10:14:57 AM
mbam-log-2008-09-11 (10-14-57).txt

Scan type: Quick Scan
Objects scanned: 48495
Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------- Is 08? suspicious? ----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:25, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.metroymcas.org/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6414 bytes

________________________

Hi chess77, Looks pretty good really. Do you feel that all the issues have been resolved?
One thing I wonder about...you say you uninstalled the Norton program and now are running the Verizon Security Suite which of course includes and antivirus and firewall program, but also showing on the computer as running is THIS entry;
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

Is this a portion of the Verizon program or perhaps a remaining piece of an old antivirus program? It also shows in your first log when you still had the Norton/Symantec program installed. I know this is NOT part of Norton but part of another antivirus program.
Can you please check and see if this is somehow connected to that Verizon Security Suite? I cannot find anywhere that it IS connected but being a Verizon customer maybe you can.
If it is NOT connected to that Verizon program then it will need to be removed and we will have to do that as more than one antivirus program running on a computer can really cause some problems.
Judy

Judy The system seems ok now but I'm not sure and I don't run everything Lisa does. I believe Authentium was something that was installed the last time she had a problem with this system. I can't see where to deinstall. There are too many websites saying to install this and that to test your system, I think that is how she got the AntiVirus2008 Virus. Also Windows defender is installed on the system. Let me know what to do and I'll attempt it when I get home from work tomorrow.
Thanks Steve

Honestly, I am thinking (which may be dangerous in itself) that this Authenium could actually be part of the Verizon Security Suite. I just haven't yet been able to find who provides their Security Suite. Let me do some more looking around and maybe I can finally find out. I will let you know as soon as I do.
Judy

Judy
You maybe right on Authentium, I did a google search and a lot of people were asking about it. Someone else said they bundle the software for company Suites. My problem is it's only partially installed, I've got to get more information to call verizon. I appreciate the help.

Judy This looks like the answer.
But It only scanned about 58000 files where Symantec scans over 117,000.

Anti-Virus engine status
Last update: 2008-09-11 19:28:14
Virus definition file: C:\Program Files\Common Files\Authentium\AntiVirus\def-w32i-20080911111900-20080911174900.msp
File generated by Verizon Internet Security Suite Anti

You said that Symantec comflicts...with what? If it is the Verizon Security Suite then I would get rid of the Verizon Security stuff since you prefer Symantec. They WILL conflict because running two security suites or two antivirus programs . two firewalls, of any brand or name will conflict. I would remove all the Verizon stuff, except what is needed for connections and reinstall Symantec, add a firewall, there are many good ones for free out there, or Windows Does have a built in one way one, add Spywareblaster which is a must have protection program, FREE, doesn't run in the background and try all that.
Judy

Conflicts were with the 2 antivirus running at same time. OK I downloaded and installed spyblaster, she's paid for Verizon so I think I'll leave that for now, thanks for your help. Mark it solved and I give an Atta-girl to you? Steve

You DID totally Uninstall Symantec I hope?

OK I downloaded and installed spyblaster

I hope you mean SpywareBlaster Spyblaster is a totally different program and definitely NOT the one I spoke about. SpywareBlaster is FREE, Spyblaster, eventually is NOT, believe after the free trial it costs around $30 and isn't worth it.

Run a new HJT scan just to be certain there are not remnants sitting there ok? Post back with that log.
Judy

yes you're right again, spywareclaster and I paid for autoupdate because when I give this computer back I don't want to keep doing this. I reran and also combofix cleaned out
"- - - - ORPHANS REMOVED - - - -

HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33, on 2008-09-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.metroymcas.org/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6777 bytes

___________________________

ComboFix 08-09-10.04 - Lisa Drogon 2008-09-14 21:38:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.244 [GMT -5:00]
Running from: C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\D-Link
2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\ANI
2008-09-14 21:27 . 2004-08-16 16:45 1,163,337 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-09-14 21:27 . 2004-09-20 16:51 577,536 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-09-14 21:27 . 2004-08-16 16:45 192,512 --a------ C:\WINDOWS\system32\aIPH.dll
2008-09-14 21:27 . 2004-09-17 16:03 131,072 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-09-14 21:27 . 2004-08-16 16:45 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-09-14 21:27 . 2004-08-16 16:45 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-09-14 21:27 . 2004-01-27 17:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-09-14 21:27 . 2003-05-05 18:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2008-09-14 21:27 . 2004-04-15 11:10 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-09-14 21:27 . 2003-05-05 14:00 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-09-14 08:10 . 2008-09-14 08:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-09 07:10 . 2008-09-09 07:10 101,560 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-09-09 00:45 . 2008-09-09 00:45 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Uniblue
2008-09-09 00:44 . 2008-09-09 00:44 <DIR> d-------- C:\Program Files\Uniblue
2008-09-09 00:43 . 2008-09-09 00:43 0 --a------ C:\WINDOWS\VPC32.INI
2008-09-08 09:22 . 2008-09-08 09:22 <DIR> d-------- C:\Program Files\SpyRemover
2008-09-08 09:18 . 2008-09-08 09:18 <DIR> d-------- C:\Program Files\Unisys IT
2008-09-06 21:21 . 2008-09-06 21:30 <DIR> d-------- C:\Program Files\Common Files\Panda Security
2008-09-06 18:10 . 2008-09-07 06:08 <DIR> d-------- C:\Program Files\stevelogs
2008-09-06 18:04 . 2008-09-06 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simple Star
2008-09-06 08:41 . 2008-09-06 08:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-11 10:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 19:13 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 12:34 . 2008-09-05 12:43 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\U3
2008-09-05 12:13 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-05 12:13 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005232_.tmp
2008-09-03 09:46 . 2008-09-11 11:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 19:27 . 2008-09-02 19:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-02 15:05 . 2008-09-14 21:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 14:12 . 2008-09-05 12:17 <DIR> d-------- C:\WINDOWS\peernet
2008-09-02 14:08 . 2008-09-09 00:44 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-02 11:34 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-08-23 09:15 . 2008-08-23 09:15 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 17:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Verizon
2008-09-12 15:11 --------- d-----w C:\Program Files\Common Files\Real
2008-09-11 18:39 --------- d-----w C:\Program Files\Symantec
2008-09-11 18:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-11 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-11 18:18 --------- d-----w C:\Program Files\QuickTime
2008-09-09 17:35 27,262,976 ----a-w C:\VIRTPART.DAT
2008-09-09 17:34 2,855 ----a-w C:\WINDOWS\PIF\COMMAND.PIF
2008-09-08 16:04 --------- d-----w C:\Program Files\vol_toolbar
2008-09-05 17:40 --------- d-----w C:\Program Files\Java
2008-09-02 17:00 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2005-04-18 22:27 8,224 ----a-w C:\Documents and Settings\Lisa Drogon\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 163840]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [2008-06-10 906792]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-09-14 1212416]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 67824]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lisa Drogon\Application Data\Mozilla\Firefox\Profiles\ucfa5c6h.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 21:44:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-09-14 21:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-15 02:57:38
ComboFix2.txt 2008-09-11 17:56:45

Pre-Run: 27,280,171,008 bytes free
Post-Run: 27,268,517,888 bytes free

156 --- E O F --- 2008-09-13 06:38:04

SpywareBlaster it's late, typos.
Thanks for all your help.

Still going through the combofix log, one thing I didn't notice on the last one...it was there just didn't see this then. There is a program listed, SpyRemover, may I ask, who is the manufacturer of this program? Is it ItCompany.com? The reason I ask, if it is THAT manufacturer then the program is a legitimate program, if it is NOT then it is considered a Rogue program and should be removed.

Can you run HiJackthis again, but this time choose the Misc tools button and get an Uninstall List for me?
It will take me a bit to go through this combofix log but I will get back ASAP to let you know if there are other fixes which need to be done with it. In the meantime post that Uninstall List for me if you can.
Judy