0

Generic Pentium 4 PC Windows XP
I've been scanning and removing viruses and spyware, registry erros and malware for over 1 week.

Here's the hijack this report. Is version 2.0.2 the latest? You helped me last year with my daughter's computer. Kids what can you do with them except love-em. :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:25 AM, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.metroymcas.org/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8909 bytes

2
Contributors
13
Replies
14
Views
9 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • Honestly, I am thinking (which may be dangerous in itself) that this Authenium could actually be part of the Verizon Security Suite. I just haven't yet been able to find who provides their Security Suite. Let me do some more looking around and maybe I can finally find out. I … Read More

0

First of all looks like from your log that Malwarebytes' Anti-Malware program needs the computer to reboot as indicated from this entry here;
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
In order to remove some infections sometimes the program must have the computer reboot so that the infections can be removed early in the boot process before other programs have started up.
Reboot the computer.
Then post that log from the Malwarebytes' program. You can find it if you open the program and click on the Log Tab.
Copy/Paste or attach that log back here. I need to see what has been found and removed before I can give other steps.
Judy

0

Thank You for responding Judy.

I've since rebooted a couple of times but here's the Malwarebytes log from that time. Also included recent Hijack log. I've also run Uniblue registry. Also uninstalled Symantec antivirus whick got broken alsong the way and Hallmark Cards which wasn't being used. I reenabled Verizon Antivirus ( I prefer Symantec which is better but I didn't want conflicks)
Also attached Combofix.txt.

Malwarebytes' Anti-Malware 1.28
Database version: 1139
Windows 5.1.2600 Service Pack 3

9/11/2008 10:14:57 AM
mbam-log-2008-09-11 (10-14-57).txt

Scan type: Quick Scan
Objects scanned: 48495
Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------- Is 08? suspicious? ----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:25, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.metroymcas.org/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6414 bytes

________________________

Attachments
ComboFix 08-09-10.04 - Administrator 2008-09-11 12:35:44.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.358 [GMT -5:00]
Running from: C:\My Downloads\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bundles
C:\WINDOWS\bundles\adv0ltc0m.exe
C:\WINDOWS\bundles\b2s-162813.exe
C:\WINDOWS\bundles\Beryllium.exe
C:\WINDOWS\bundles\bs5-tsrkqn.exe
C:\WINDOWS\bundles\optimizejames.exe
C:\WINDOWS\bundles\runsearch.exe
C:\WINDOWS\bundles\vl_ezstub.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\vMW02a

.
(((((((((((((((((((((((((   Files Created from 2008-08-11 to 2008-09-11  )))))))))))))))))))))))))))))))
.

2008-09-09 07:10 . 2008-09-09 07:10	101,560	--ah-----	C:\WINDOWS\system32\mlfcache.dat
2008-09-09 00:45 . 2008-09-09 00:45	<DIR>	d--------	C:\Documents and Settings\Lisa Drogon\Application Data\Uniblue
2008-09-09 00:44 . 2008-09-09 00:44	<DIR>	d--------	C:\Program Files\Uniblue
2008-09-09 00:43 . 2008-09-09 00:43	0	--a------	C:\WINDOWS\VPC32.INI
2008-09-08 09:33 . 2006-01-31 13:29	107,696	--a------	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-08 09:33 . 2006-01-31 13:29	87,808	--a------	C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-08 09:32 . 2008-09-11 11:23	<DIR>	d--------	C:\Program Files\Symantec AntiVirus
2008-09-08 09:22 . 2008-09-08 09:22	<DIR>	d--------	C:\Program Files\SpyRemover
2008-09-08 09:18 . 2008-09-08 09:18	<DIR>	d--------	C:\Program Files\Unisys IT
2008-09-06 21:21 . 2008-09-06 21:30	<DIR>	d--------	C:\Program Files\Common Files\Panda Security
2008-09-06 18:10 . 2008-09-07 06:08	<DIR>	d--------	C:\Program Files\stevelogs
2008-09-06 18:04 . 2008-09-06 18:04	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Simple Star
2008-09-06 08:41 . 2008-09-06 08:41	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-11 10:14	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 19:13 . 2008-09-05 19:13	<DIR>	d--------	C:\Documents and Settings\Lisa Drogon\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-05 19:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-10 00:04	38,528	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 19:13 . 2008-09-10 00:03	17,200	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 12:34 . 2008-09-05 12:43	<DIR>	d--------	C:\Documents and Settings\Lisa Drogon\Application Data\U3
2008-09-05 12:13 . 2008-04-13 22:06	144,384	---------	C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-05 12:13 . 2008-04-14 00:10	10,240	---------	C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:11 . 2006-12-29 00:31	19,569	--a------	C:\WINDOWS\[u]0[/u]05232_.tmp
2008-09-03 09:46 . 2008-09-11 11:02	<DIR>	d--------	C:\Program Files\Trend Micro
2008-09-02 19:27 . 2008-09-02 19:27	<DIR>	d--------	C:\Program Files\Windows Defender
2008-09-02 15:05 . 2008-09-02 16:04	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 14:12 . 2008-09-05 12:17	<DIR>	d--------	C:\WINDOWS\peernet
2008-09-02 14:08 . 2008-09-09 00:44	<DIR>	d--h-c---	C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-02 11:34 . 2004-08-03 22:32	84,480	--a------	C:\WINDOWS\system32\drivers\ac97via.sys
2008-08-23 09:15 . 2008-08-23 09:15	<DIR>	d--------	C:\Program Files\MSECache
2008-08-13 18:14 . 2008-04-11 14:04	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 17:47	---------	d-----w	C:\Program Files\Symantec
2008-09-09 17:47	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-09-09 17:35	27,262,976	----a-w	C:\VIRTPART.DAT
2008-09-09 17:34	2,855	----a-w	C:\WINDOWS\PIF\COMMAND.PIF
2008-09-08 16:04	---------	d-----w	C:\Program Files\vol_toolbar
2008-09-08 14:32	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-07 02:21	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-05 17:40	---------	d-----w	C:\Program Files\Java
2008-09-02 17:00	---------	d-----w	C:\Program Files\Common Files\Scanner
2008-07-19 03:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-19 03:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07	270,880	----a-w	C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07	210,976	----a-w	C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-06-24 16:43	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
2005-04-18 22:27	8,224	----a-w	C:\Documents and Settings\Lisa Drogon\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 163840]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-25 180269]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-02 98304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 124656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 67824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lisa Drogon\Application Data\Mozilla\Firefox\Profiles\ucfa5c6h.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 12:41:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Symantec AntiVir
0

Hi chess77, Looks pretty good really. Do you feel that all the issues have been resolved?
One thing I wonder about...you say you uninstalled the Norton program and now are running the Verizon Security Suite which of course includes and antivirus and firewall program, but also showing on the computer as running is THIS entry;
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

Is this a portion of the Verizon program or perhaps a remaining piece of an old antivirus program? It also shows in your first log when you still had the Norton/Symantec program installed. I know this is NOT part of Norton but part of another antivirus program.
Can you please check and see if this is somehow connected to that Verizon Security Suite? I cannot find anywhere that it IS connected but being a Verizon customer maybe you can.
If it is NOT connected to that Verizon program then it will need to be removed and we will have to do that as more than one antivirus program running on a computer can really cause some problems.
Judy

0

Judy The system seems ok now but I'm not sure and I don't run everything Lisa does. I believe Authentium was something that was installed the last time she had a problem with this system. I can't see where to deinstall. There are too many websites saying to install this and that to test your system, I think that is how she got the AntiVirus2008 Virus. Also Windows defender is installed on the system. Let me know what to do and I'll attempt it when I get home from work tomorrow.
Thanks Steve

1

Honestly, I am thinking (which may be dangerous in itself) that this Authenium could actually be part of the Verizon Security Suite. I just haven't yet been able to find who provides their Security Suite. Let me do some more looking around and maybe I can finally find out. I will let you know as soon as I do.
Judy

Votes + Comments
Very Profesional she took personal interest
0

Judy
You maybe right on Authentium, I did a google search and a lot of people were asking about it. Someone else said they bundle the software for company Suites. My problem is it's only partially installed, I've got to get more information to call verizon. I appreciate the help.

0

Judy This looks like the answer.
But It only scanned about 58000 files where Symantec scans over 117,000.

Anti-Virus engine status
Last update: 2008-09-11 19:28:14
Virus definition file: C:\Program Files\Common Files\Authentium\AntiVirus\def-w32i-20080911111900-20080911174900.msp
File generated by Verizon Internet Security Suite Anti

0

You said that Symantec comflicts...with what? If it is the Verizon Security Suite then I would get rid of the Verizon Security stuff since you prefer Symantec. They WILL conflict because running two security suites or two antivirus programs . two firewalls, of any brand or name will conflict. I would remove all the Verizon stuff, except what is needed for connections and reinstall Symantec, add a firewall, there are many good ones for free out there, or Windows Does have a built in one way one, add Spywareblaster which is a must have protection program, FREE, doesn't run in the background and try all that.
Judy

0

Conflicts were with the 2 antivirus running at same time. OK I downloaded and installed spyblaster, she's paid for Verizon so I think I'll leave that for now, thanks for your help. Mark it solved and I give an Atta-girl to you? Steve

0

You DID totally Uninstall Symantec I hope?

OK I downloaded and installed spyblaster

I hope you mean SpywareBlaster Spyblaster is a totally different program and definitely NOT the one I spoke about. SpywareBlaster is FREE, Spyblaster, eventually is NOT, believe after the free trial it costs around $30 and isn't worth it.

Run a new HJT scan just to be certain there are not remnants sitting there ok? Post back with that log.
Judy

0

yes you're right again, spywareclaster and I paid for autoupdate because when I give this computer back I don't want to keep doing this. I reran and also combofix cleaned out
"- - - - ORPHANS REMOVED - - - -

HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33, on 2008-09-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.metroymcas.org/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6777 bytes


___________________________

ComboFix 08-09-10.04 - Lisa Drogon 2008-09-14 21:38:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.244 [GMT -5:00]
Running from: C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\D-Link
2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\ANI
2008-09-14 21:27 . 2004-08-16 16:45 1,163,337 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-09-14 21:27 . 2004-09-20 16:51 577,536 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-09-14 21:27 . 2004-08-16 16:45 192,512 --a------ C:\WINDOWS\system32\aIPH.dll
2008-09-14 21:27 . 2004-09-17 16:03 131,072 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-09-14 21:27 . 2004-08-16 16:45 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-09-14 21:27 . 2004-08-16 16:45 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-09-14 21:27 . 2004-01-27 17:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-09-14 21:27 . 2003-05-05 18:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2008-09-14 21:27 . 2004-04-15 11:10 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-09-14 21:27 . 2003-05-05 14:00 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-09-14 08:10 . 2008-09-14 08:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-09 07:10 . 2008-09-09 07:10 101,560 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-09-09 00:45 . 2008-09-09 00:45 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Uniblue
2008-09-09 00:44 . 2008-09-09 00:44 <DIR> d-------- C:\Program Files\Uniblue
2008-09-09 00:43 . 2008-09-09 00:43 0 --a------ C:\WINDOWS\VPC32.INI
2008-09-08 09:22 . 2008-09-08 09:22 <DIR> d-------- C:\Program Files\SpyRemover
2008-09-08 09:18 . 2008-09-08 09:18 <DIR> d-------- C:\Program Files\Unisys IT
2008-09-06 21:21 . 2008-09-06 21:30 <DIR> d-------- C:\Program Files\Common Files\Panda Security
2008-09-06 18:10 . 2008-09-07 06:08 <DIR> d-------- C:\Program Files\stevelogs
2008-09-06 18:04 . 2008-09-06 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simple Star
2008-09-06 08:41 . 2008-09-06 08:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-11 10:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 19:13 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 12:34 . 2008-09-05 12:43 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\U3
2008-09-05 12:13 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-05 12:13 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005232_.tmp
2008-09-03 09:46 . 2008-09-11 11:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 19:27 . 2008-09-02 19:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-02 15:05 . 2008-09-14 21:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 14:12 . 2008-09-05 12:17 <DIR> d-------- C:\WINDOWS\peernet
2008-09-02 14:08 . 2008-09-09 00:44 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-02 11:34 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-08-23 09:15 . 2008-08-23 09:15 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 17:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Verizon
2008-09-12 15:11 --------- d-----w C:\Program Files\Common Files\Real
2008-09-11 18:39 --------- d-----w C:\Program Files\Symantec
2008-09-11 18:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-11 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-11 18:18 --------- d-----w C:\Program Files\QuickTime
2008-09-09 17:35 27,262,976 ----a-w C:\VIRTPART.DAT
2008-09-09 17:34 2,855 ----a-w C:\WINDOWS\PIF\COMMAND.PIF
2008-09-08 16:04 --------- d-----w C:\Program Files\vol_toolbar
2008-09-05 17:40 --------- d-----w C:\Program Files\Java
2008-09-02 17:00 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2005-04-18 22:27 8,224 ----a-w C:\Documents and Settings\Lisa Drogon\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 163840]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [2008-06-10 906792]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-09-14 1212416]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 67824]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lisa Drogon\Application Data\Mozilla\Firefox\Profiles\ucfa5c6h.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 21:44:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-09-14 21:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-15 02:57:38
ComboFix2.txt 2008-09-11 17:56:45

Pre-Run: 27,280,171,008 bytes free
Post-Run: 27,268,517,888 bytes free

156 --- E O F --- 2008-09-13 06:38:04

0

SpywareBlaster it's late, typos.
Thanks for all your help.

0

Still going through the combofix log, one thing I didn't notice on the last one...it was there just didn't see this then. There is a program listed, SpyRemover, may I ask, who is the manufacturer of this program? Is it ItCompany.com? The reason I ask, if it is THAT manufacturer then the program is a legitimate program, if it is NOT then it is considered a Rogue program and should be removed.

Can you run HiJackthis again, but this time choose the Misc tools button and get an Uninstall List for me?
It will take me a bit to go through this combofix log but I will get back ASAP to let you know if there are other fixes which need to be done with it. In the meantime post that Uninstall List for me if you can.
Judy

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.