I've lost count of what all has come up to be quite honest. And I don't really know what I'm doing to remove any of this, but I do know that after following the directions for removing this in your forum, when I perform a virus scan online, I'm still infected. Vundo is one that comes up consistently. I just really need help because I am really clueless when it comes to computers. Here's my dss log-I finally got it to run. Please help! Thanks in advance.

Deckard's System Scanner v20071014.68
Run by libc1 on 2008-05-20 09:46:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as libc1.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:31 AM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\libc1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\libc1.exe
C:\WINDOWS\system32\HPZinw12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: hp973f8e HP0018FE973F8E
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\libc1\Application Data\Deskbar_{380C73FA-F65D-49d1-95D5-C938579255FE}\starter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191525831828
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ahsstud.ahs.mcnairy.org
O17 - HKLM\Software\..\Telephony: DomainName = ahsstud.ahs.mcnairy.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ahsstud.ahs.mcnairy.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ahsstud.ahs.mcnairy.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9127 bytes

-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-19 22:32:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 22:32:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 21:28:01 0 d-------- C:\Program Files\Panda Security
2008-05-19 17:58:00 0 d-------- C:\Documents and Settings\libc1\Application Data\Malwarebytes
2008-05-19 17:57:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 17:57:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-19 17:57:10 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-19 06:41:42 0 d-------- C:\Documents and Settings\libc1\DoctorWeb
2008-05-19 06:39:48 0 d-------- C:\Program Files\Trend Micro
2008-05-19 06:12:23 0 d-------- C:\Documents and Settings\libc1\Application Data\Symantec
2008-05-19 02:16:12 0 d-------- C:\Program Files\Norton 360
2008-05-19 02:13:18 0 d-------- C:\Program Files\Symantec
2008-05-19 02:13:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-19 02:13:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-18 21:21:52 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-18 20:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 20:17:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 20:17:55 0 d-------- C:\Documents and Settings\libc1\Application Data\SUPERAntiSpyware.com
2008-05-18 20:17:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 19:47:22 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-18 19:07:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-18 18:56:21 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 18:55:25 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 18:32:50 25558 --ahs---- C:\WINDOWS\system32\CfggNXyb.ini2
2008-05-18 18:31:33 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-05-18 18:30:24 0 d-------- C:\WINDOWS\Sun
2008-05-18 18:30:24 0 d-------- C:\Documents and Settings\libc1\Application Data\Sun
2008-05-18 18:28:05 0 d--hs---- C:\WINDOWS\QUhT
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\polX
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\GUI2
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\binR
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\3036a
2008-05-18 18:27:46 0 d-------- C:\WINDOWS\system32\logXv18
2008-05-18 18:25:08 0 d-------- C:\Program Files\SurfingProgram
2008-05-18 18:21:25 0 d-------- C:\Documents and Settings\libc1\Application Data\LimeWire
2008-05-18 18:15:47 0 d-------- C:\Program Files\LimeWire
2008-05-10 08:28:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-09 13:36:13 2550 --a------ C:\WINDOWS\mozver.dat
2008-05-01 08:36:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Amazon
2008-05-01 08:36:27 0 d-------- C:\Program Files\Amazon
2008-05-01 08:35:20 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-01 08:30:04 0 d-------- C:\WINDOWS\Downloaded Installations


-- Find3M Report ---------------------------------------------------------------

2008-05-20 09:25:48 2812 --a------ C:\Documents and Settings\libc1\Application Data\evpro32.prf
2008-05-19 17:57:10 0 d-------- C:\Program Files\Common Files
2008-05-01 08:37:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 15:33:15 0 d-------- C:\Documents and Settings\libc1\Application Data\U3
2008-04-09 14:54:24 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-09 14:54:22 0 d--h----- C:\Program Files\Zenographics
2008-04-04 21:57:55 0 d-------- C:\Documents and Settings\libc1\Application Data\Adobe
2008-04-04 20:57:02 0 d-------- C:\Documents and Settings\libc1\Application Data\Real
2008-04-04 20:51:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 20:51:49 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 20:51:42 0 d-------- C:\Program Files\Real
2008-04-04 20:43:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-04 20:42:58 0 d-------- C:\Documents and Settings\libc1\Application Data\Mozilla
2008-04-04 08:27:21 94123 --a------ C:\WINDOWS\hppins05.dat
2008-04-04 08:24:42 0 d-------- C:\Program Files\HP
2008-04-04 08:16:30 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-03 22:50:28 61678 --a------ C:\Documents and Settings\libc1\Application Data\PFP100JPR.{PB
2008-03-03 22:50:28 12358 --a------ C:\Documents and Settings\libc1\Application Data\PFP100JCM.{PB
2008-02-26 17:57:32 117089 --a------ C:\WINDOWS\hpoins11.dat
2008-02-20 14:21:43 28672 --a------ C:\WINDOWS\system32\qttask.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [07/19/2006 09:42 AM C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [12/21/2005 03:02 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/13/2006 09:57 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/13/2006 09:57 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/13/2006 09:57 AM]
"RTHDCPL"="RTHDCPL.EXE" [03/14/2006 05:01 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/29/2006 06:13 AM]
"AGRSMMSG"="AGRSMMSG.exe" [03/16/2006 05:24 PM C:\WINDOWS\AGRSMMSG.exe]
"INPROCOMMWireless"="C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"hpbdfawep"="C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe" [12/23/2007 09:47 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/04/2008 08:51 PM]
"dbar_starter"="C:\Documents and Settings\libc1\Application Data\Deskbar_{380C73FA-F65D-49d1-95D5-C938579255FE}\starter.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [10/20/2007 8:17:26 PM]
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [7/11/2007 5:25:20 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 8:56:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNggfC

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53831a-066e-11dd-a6a6-00197e72468e}]
AutoRun\command- D:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-05-20 09:46:55 ------------

Welcome to GTG.

Please do not create duplicate topics for the same issue. Your other topic is now closed.

1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

ComboFix 08-05-20.4 - libc1 2008-05-21 0:49:50.1 - NTFSx86
Running from: C:\Documents and Settings\libc1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\system32\CfggNXyb.ini
C:\WINDOWS\system32\CfggNXyb.ini2
C:\WINDOWS\system32\Desktop_.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\uubnully.ini
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-19 22:32 . 2008-05-19 22:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 22:32 . 2008-05-19 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 21:28 . 2008-05-19 21:29 <DIR> d-------- C:\Program Files\Panda Security
2008-05-19 17:58 . 2008-05-19 17:58 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\Malwarebytes
2008-05-19 17:57 . 2008-05-19 19:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 17:57 . 2008-05-19 17:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-19 17:57 . 2008-05-19 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-19 17:57 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-19 17:57 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-19 14:26 . 2008-05-19 14:26 <DIR> d-------- C:\Deckard
2008-05-19 06:41 . 2008-05-19 06:41 <DIR> d-------- C:\Documents and Settings\libc1\DoctorWeb
2008-05-19 06:39 . 2008-05-19 06:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 06:26 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-05-19 06:26 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-05-19 06:26 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-05-19 06:12 . 2008-05-19 06:12 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\Symantec
2008-05-19 02:43 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DL1
2008-05-19 02:16 . 2008-05-19 10:03 <DIR> d-------- C:\Program Files\Norton 360
2008-05-19 02:15 . 2008-05-19 02:40 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-19 02:15 . 2008-05-19 02:40 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-19 02:15 . 2008-05-19 02:40 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-19 02:15 . 2008-05-19 02:40 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-19 02:13 . 2008-05-19 02:40 <DIR> d-------- C:\Program Files\Symantec
2008-05-19 02:13 . 2008-05-20 12:56 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-19 02:13 . 2008-05-20 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-18 21:21 . 2008-05-18 21:21 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-18 20:18 . 2008-05-18 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 20:17 . 2008-05-18 20:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 20:17 . 2008-05-18 20:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 20:17 . 2008-05-18 20:17 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\SUPERAntiSpyware.com
2008-05-18 19:47 . 2008-05-18 22:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-18 18:56 . 2008-05-18 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 18:55 . 2008-05-18 18:59 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-18 18:31 . 2008-05-18 18:31 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-05-18 18:30 . 2008-05-18 18:30 <DIR> d-------- C:\WINDOWS\Sun
2008-05-18 18:28 . 2008-05-18 20:33 <DIR> d--hs---- C:\WINDOWS\QUhT
2008-05-18 18:27 . 2008-05-19 19:01 <DIR> d-------- C:\WINDOWS\system32\polX
2008-05-18 18:27 . 2008-05-19 07:54 <DIR> d-------- C:\WINDOWS\system32\logXv18
2008-05-18 18:27 . 2008-05-18 20:31 <DIR> d-------- C:\WINDOWS\system32\GUI2
2008-05-18 18:27 . 2008-05-18 20:31 <DIR> d-------- C:\WINDOWS\system32\binR
2008-05-18 18:27 . 2008-05-18 20:31 <DIR> d-------- C:\WINDOWS\system32\3036a
2008-05-18 18:27 . 2008-05-18 18:27 <DIR> d-------- C:\TEMP\dmpxp32
2008-05-18 18:25 . 2008-05-18 20:33 <DIR> d-------- C:\Program Files\SurfingProgram
2008-05-18 18:21 . 2008-05-18 19:09 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\LimeWire
2008-05-18 18:15 . 2008-05-18 18:34 <DIR> d-------- C:\Program Files\LimeWire
2008-05-10 08:28 . 2008-05-19 06:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-09 13:36 . 2008-05-19 21:28 2,550 --a------ C:\WINDOWS\mozver.dat
2008-05-01 08:38 . 2008-05-01 08:38 934 --a------ C:\Amazon Unbox.lnk
2008-05-01 08:36 . 2008-05-01 08:36 <DIR> d-------- C:\Program Files\Amazon
2008-05-01 08:36 . 2008-05-01 08:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Amazon
2008-05-01 08:30 . 2008-05-01 08:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-28 10:47 . 2008-05-18 00:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-28 10:47 . 2008-04-28 10:47 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 20:33 --------- d-----w C:\Documents and Settings\libc1\Application Data\U3
2008-04-09 19:54 --------- d--h--w C:\Program Files\Zenographics
2008-04-09 19:54 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-05 01:51 --------- d-----w C:\Program Files\Real
2008-04-05 01:51 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-05 01:51 --------- d-----w C:\Program Files\Common Files\Real
2008-04-04 13:24 --------- d-----w C:\Program Files\HP
2008-04-04 13:16 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-01 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 09:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 09:57 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 09:57 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 17:01 16010752 C:\WINDOWS\RTHDCPL.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 06:13 766041]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"INPROCOMMWireless"="C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpbdfawep"="C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-23 21:47 618496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 20:51 185896]
"dbar_starter"="C:\Documents and Settings\libc1\Application Data\Deskbar_{380C73FA-F65D-49d1-95D5-C938579255FE}\starter.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-10-20 20:17:26 45056]
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2007-07-11 17:25:20 97320]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
S1 nikedrvv;nikedrvv;C:\WINDOWS\system32\drivers\nikedrvv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53831a-066e-11dd-a6a6-00197e72468e}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 01:01:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-05-21 1:04:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 06:04:23

Pre-Run: 50,490,429,440 bytes free
Post-Run: 53,616,091,136 bytes free

201 --- E O F --- 2008-05-18 13:49:37

I don't recommend using file sharing programs like Limewire as they can help contribute to malware infections.

Uninstall Deskbar and SurfingProgram via the Add/Remove Programs panel if found.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

I removed surfing program, could not find deskbar.

Thank you so much for helping me. You don't know how much I appreciate your knowledge.

Here is my log:

ComboFix 08-05-20.4 - libc1 2008-05-22 9:57:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.369 [GMT -5:00]
Running from: C:\Documents and Settings\libc1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\libc1\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\TEMP\dmpxp32
C:\TEMP\dmpxp32\sakldsr.log
C:\WINDOWS\QUhT
C:\WINDOWS\system32\3036a
C:\WINDOWS\system32\binR
C:\WINDOWS\system32\GUI2
C:\WINDOWS\system32\logXv18
C:\WINDOWS\system32\polX

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NIKEDRVV
-------\Service_nikedrvv


((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-19 22:32 . 2008-05-19 22:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 22:32 . 2008-05-19 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 21:28 . 2008-05-19 21:29 <DIR> d-------- C:\Program Files\Panda Security
2008-05-19 17:58 . 2008-05-19 17:58 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\Malwarebytes
2008-05-19 17:57 . 2008-05-19 19:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 17:57 . 2008-05-19 17:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-19 17:57 . 2008-05-19 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-19 17:57 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-19 17:57 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-19 14:26 . 2008-05-19 14:26 <DIR> d-------- C:\Deckard
2008-05-19 06:41 . 2008-05-19 06:41 <DIR> d-------- C:\Documents and Settings\libc1\DoctorWeb
2008-05-19 06:39 . 2008-05-19 06:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 06:26 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-05-19 06:26 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-05-19 06:26 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-05-19 06:12 . 2008-05-19 06:12 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\Symantec
2008-05-19 02:43 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DL1
2008-05-19 02:16 . 2008-05-19 10:03 <DIR> d-------- C:\Program Files\Norton 360
2008-05-19 02:15 . 2008-05-19 02:40 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-19 02:15 . 2008-05-19 02:40 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-19 02:15 . 2008-05-19 02:40 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-19 02:15 . 2008-05-19 02:40 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-19 02:13 . 2008-05-19 02:40 <DIR> d-------- C:\Program Files\Symantec
2008-05-19 02:13 . 2008-05-22 10:04 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-19 02:13 . 2008-05-21 07:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-18 21:21 . 2008-05-18 21:21 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-18 20:18 . 2008-05-18 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 20:17 . 2008-05-18 20:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 20:17 . 2008-05-18 20:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 20:17 . 2008-05-18 20:17 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\SUPERAntiSpyware.com
2008-05-18 19:47 . 2008-05-18 22:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-18 18:56 . 2008-05-18 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 18:55 . 2008-05-18 18:59 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-18 18:31 . 2008-05-18 18:31 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-05-18 18:30 . 2008-05-18 18:30 <DIR> d-------- C:\WINDOWS\Sun
2008-05-18 18:21 . 2008-05-18 19:09 <DIR> d-------- C:\Documents and Settings\libc1\Application Data\LimeWire
2008-05-18 18:15 . 2008-05-18 18:34 <DIR> d-------- C:\Program Files\LimeWire
2008-05-10 08:28 . 2008-05-19 06:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-09 13:36 . 2008-05-19 21:28 2,550 --a------ C:\WINDOWS\mozver.dat
2008-05-01 08:38 . 2008-05-01 08:38 934 --a------ C:\Amazon Unbox.lnk
2008-05-01 08:36 . 2008-05-01 08:36 <DIR> d-------- C:\Program Files\Amazon
2008-05-01 08:36 . 2008-05-01 08:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Amazon
2008-05-01 08:30 . 2008-05-01 08:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-28 10:47 . 2008-05-18 00:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-28 10:47 . 2008-04-28 10:47 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 20:33 --------- d-----w C:\Documents and Settings\libc1\Application Data\U3
2008-04-09 19:54 --------- d--h--w C:\Program Files\Zenographics
2008-04-09 19:54 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-05 01:51 --------- d-----w C:\Program Files\Real
2008-04-05 01:51 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-05 01:51 --------- d-----w C:\Program Files\Common Files\Real
2008-04-04 13:24 --------- d-----w C:\Program Files\HP
2008-04-04 13:16 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-01 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
.

((((((((((((((((((((((((((((( snapshot@2008-05-21_ 1.04.09.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 05:55:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 15:01:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 15:02:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_618.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 09:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 09:57 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 09:57 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 17:01 16010752 C:\WINDOWS\RTHDCPL.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 06:13 766041]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"INPROCOMMWireless"="C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpbdfawep"="C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-23 21:47 618496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 20:51 185896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-10-20 20:17:26 45056]
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2007-07-11 17:25:20 97320]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53831a-066e-11dd-a6a6-00197e72468e}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 10:03:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-05-22 10:07:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 15:07:07
ComboFix2.txt 2008-05-21 06:04:29

Pre-Run: 53,612,666,880 bytes free
Post-Run: 53,601,226,752 bytes free

192 --- E O F --- 2008-05-18 13:49:37

No problem. Glad to help out

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

Everything seems to be fine. Thank you so much!

I don't quite understand what you mean by "go to Start->Run, copy/paste in combofix /u and hit OK to remove it"