Authentium does not show in the add/remove folder and the .exe properties does not give me any other name that shows up in add/remove either.
[Edit]
But it does show in the hijackthis log you asked me to do.... I am learning something from this process, and am starting to like hijackthis more if it has the potential I think it does.
Here are the logs:
Uninstall listAdobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 8.1.1
America Online (Choose which version to remove)
AOL Deskbar
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
ArcSoft Picture Software
Authentium AntiVirus SDK - 2
DivX
DivX Player
Dora Fairytale Adventure
DVD Shrink 3.2
Ghost Recon
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 9.0
hp deskjet 3420 series (Remove only)
hp deskjet 940c series (Remove only)
HP Deskjet Printer Driver Software 9.0
HP Deskjet printer preloaded drivers
HP Digital Imaging Album Printing 1.0
HP Imaging Device Functions 9.0
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.2 - Photosmart Cameras
HP Photosmart Essential 2.01
HP Photosmart printers preloaded drivers
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
InCD (Ahead Software)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Lernout & Hauspie TruVoice American English TTS Engine
Linksys EasyLink Advisor 1.5 (1044)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.12)
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
MUSICMATCH® Jukebox
Nero
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PC-Doctor for Windows
PhotoParade Player
PS2
Quicken 2003 New User Edition
QuickTime
RealArcade
RealPlayer
Recorder
RecordNow
Registry Mechanic 5.0
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
ShowBiz DVD
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
SpeedFan (remove only)
Spybot - Search & Destroy 1.5.2.20
Throne of Darkness
toolkit
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Weblink
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
WordPerfect Productivity Pack
WordPerfect Productivity Pack
ComboFix 08-02-17.2 - Owner 2008-02-17 15:02:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.214 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\Fonts\4yeothanks.zip
C:\WINDOWS\Fonts\abode.zip
C:\WINDOWS\Fonts\ajaxsurealfreak.zip
C:\WINDOWS\Fonts\anfa.zip
C:\WINDOWS\Fonts\angelica.zip
C:\WINDOWS\Fonts\angry[bleep].zip
C:\WINDOWS\Fonts\bloodomen.zip
C:\WINDOWS\Fonts\claw.zip
C:\WINDOWS\Fonts\clrv.zip
C:\WINDOWS\Fonts\crma.zip
C:\WINDOWS\Fonts\darkgarden.zip
C:\WINDOWS\Fonts\LMSPPHats.zip
C:\WINDOWS\Fonts\Pffall.zip
C:\WINDOWS\Fonts\teazer.zip
C:\WINDOWS\Fonts\techclastic.zip
C:\WINDOWS\Fonts\thirteenoclock.zip
C:\WINDOWS\Fonts\toxicwaist.zip
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Fonts\4yeothanks.zip
C:\WINDOWS\Fonts\abode.zip
C:\WINDOWS\Fonts\ajaxsurealfreak.zip
C:\WINDOWS\Fonts\anfa.zip
C:\WINDOWS\Fonts\angelica.zip
C:\WINDOWS\Fonts\angry[bleep].zip
C:\WINDOWS\Fonts\bloodomen.zip
C:\WINDOWS\Fonts\claw.zip
C:\WINDOWS\Fonts\clrv.zip
C:\WINDOWS\Fonts\crma.zip
C:\WINDOWS\Fonts\darkgarden.zip
C:\WINDOWS\Fonts\LMSPPHats.zip
C:\WINDOWS\Fonts\Pffall.zip
C:\WINDOWS\Fonts\teazer.zip
C:\WINDOWS\Fonts\techclastic.zip
C:\WINDOWS\Fonts\thirteenoclock.zip
C:\WINDOWS\Fonts\toxicwaist.zip
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-17 07:15 . 2008-02-17 06:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 07:15 . 2008-02-17 07:15 3,443 --a------ C:\WINDOWS\unins000.dat
2008-02-17 06:24 . 2008-02-17 06:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Business Logic
2008-02-12 21:28 . 2008-02-12 21:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-02-12 21:20 . 2008-02-12 21:20 <DIR> d-------- C:\Program Files\Atari
2008-01-22 18:10 . 2008-01-22 18:11 30,600 --a------ C:\WINDOWS\System32YG6U.SHD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 11:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-16 03:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\HPAppData
2008-02-13 02:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 19:59 --------- d-----w C:\Program Files\America Online 9.0
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-12-02 15:45 229,704 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-05-25 14:40 5,115,704 ----a-w C:\Program Files\Firefox Setup 1.5.0.3.exe
2005-10-31 12:13 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2003-07-22 21:09 178 -c--a-w C:\Program Files\INSTALL.LOG
2003-07-18 19:57 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 15:52 1298024 -ra------ C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 15:52 177768 -ra------ C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-03 13:44 831557 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01 392832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 19:11 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 13:44 4595712]
"nwiz"="nwiz.exe" [2003-03-03 13:44 323584 C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 00:28 188416]
"HostManager"="C:\Program Files\Common Files\AOL\1124477354\ee\AOLHostManager.exe" [2005-08-02 14:33 159832]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 19:03 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Dora Fairytale Adventures Registration.lnk - E:\ATR1.exe [2007-03-09 15:24:00 4943872]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2002-05-10 00:24 1011712 C:\Program Files\ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-09-19 18:10 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]
C:\Program Files\Microangelo\muamgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 03:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 09:54 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBHC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-05-01 11:05]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-05-10 00:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
"2004-06-15 08:10:00 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2003-07-21 12:00:20 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-17 15:07:53
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwQuerySystemInformation
scanning hidden processes ...
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [1472]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-02-17 15:09:24
ComboFix-quarantined-files.txt 2008-02-17 20:09:14
ComboFix2.txt 2008-02-17 18:51:06
ComboFix3.txt 2008-02-17 17:19:13
.
2008-02-13 10:09:53 --- E O F ---
Edited by Cygnus, 17 February 2008 - 02:14 PM.