Nasty Bugger won't let me search or look at web pages.

Hi Noob Here to this forum. What a great place for Malware removal info. My computer just got infected with some crazy stuff. I had just reinstalled windows on a new hard drive and hadn't yet installed my Zone alarm security suite yet. I went on a trip for three days and when I got back. bam.. IE (and Firefox for that matter) wouldn't search anything. Web sites were redirected, now SPybot S&D 1.6 won't run.. When I try to "Check for Problems" it freezes and an Error message comes up "There is no disk in the drive, Please insert a disk in the drive\Device\Harddisk1\DR2" I went and booted to SAFE mode and STILL the exact same problem. I cannot run Spybot. In advance I really appreciate any help I can get to fix this infection. BTW I DO have Zone Alarm installed now, but it doesn't seem to get rid of this problem. It WILL run but doesn't seem to want to find this bugger. Here is the HJT Log file for review. THANKS!!
BTW I am running a Anthlon 64 3800 2GHZ RAM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:23 AM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\WINDOWS\system32\Rundll32.exe
G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [000000af] rundll32.exe "G:\WINDOWS\system32\wdbgvmvd.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LSA Shellu] G:\Documents and Settings\Greg\lsass.exe
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379609671
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4337 bytes

Update

Ok, I downloaded Free Avira, and it found a Trojan called TR/Vundo.Gen, BDS/VB.BOI, TR/Dldr.Agent.kzt and a few others. I selected Avira to just delete them. Was that correct? My Zone Alarm Security failed to detect this (and I ran Spyware and Anti Virus searches like four times!). Hmmmm SO much for paying for an antivirus program huh? Anyway, the new Avira log and HJT Log is as follows. Thank you very much for any help!!!

Avira AntiVir Personal
Report file date: Saturday, August 02, 2008 23:32

Scanning for 1528705 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: GREGG-87DF4AC81

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 16:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 15:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 20:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 15:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 18:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 21:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 7/25/2008 05:31:14
ANTIVIR3.VDF : 7.0.5.205 285696 Bytes 8/1/2008 05:31:15
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 16:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 8/3/2008 05:31:29
AESCN.DLL : 8.1.0.23 119156 Bytes 8/3/2008 05:31:27
AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 16:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 8/3/2008 05:31:26
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 8/3/2008 05:31:24
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 8/3/2008 05:31:23
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 16:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 8/3/2008 05:31:19
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/3/2008 05:31:18
AECORE.DLL : 8.1.1.8 172406 Bytes 8/3/2008 05:31:17
AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 16:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 16:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 17:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 8/3/2008 05:31:16
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 19:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 20:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 01:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 20:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 20:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 21:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 21:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: g:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: G:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: Saturday, August 02, 2008 23:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.
G:\WINDOWS\system32\wdbgvmvd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!

The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'G:\'
G:\ARK14.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
G:\pagefile.sys
[WARNING] The file could not be opened!
G:\Documents and Settings\Greg\Desktop\Data Backup\01134-943934505 06-18 MJG\Program Files\Adobe\Acrobat 7.0\Setup Files\AcroPro\EFG\Data1.cab
[0] Archive type: CAB (Microsoft)
--> Print03.html2
[WARNING] No further files can be extracted from this archive. The archive will be closed
G:\Documents and Settings\Greg\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n7d796z.default\Cache\387E8C81d01
[DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
[NOTE] The file was deleted!
G:\Documents and Settings\Tammy\services.exe
[DETECTION] Is the TR/Dldr.Agent.kzt Trojan
[NOTE] The file was deleted!
G:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\61AP87I7\trace[2].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was deleted!
G:\Documents and Settings\Tammy\Local Settings\Temporary Internet Files\Content.IE5\YBODS16F\kb767887[1]
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP31\A0003561.exe
[DETECTION] Is the TR/Dldr.VB.fen.4 Trojan
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP31\A0003564.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP31\A0003575.exe
[DETECTION] Is the TR/Dldr.VB.fen.4 Trojan
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP31\A0003773.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.BOI back-door program
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP31\A0003774.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.BOI back-door program
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP31\A0003775.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.BOI back-door program
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP43\A0009772.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP43\A0009773.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VDJ worm
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP43\A0009774.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\System Volume Information\_restore{FCC29E91-E646-4D03-862C-2FBAEE76CC20}\RP45\A0009777.exe
[DETECTION] Is the TR/Dldr.Agent.kzt Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\eenostdp.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\eiwave.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\fhkvbu.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\gupcylfq.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\hdkbaura.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\hwnshfvq.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\jkdqvmid.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\jkwgrp.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\liblzd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\ookpkynp.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\ooxxjngc.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\oygpgl.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\pac.txt
[DETECTION] Is the TR/Dldr.VB.VPG Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\qjeaplnj.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\qqyhphao.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\rcgwwomd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\sgaved.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\tqdpubql.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\uqrdqo.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
G:\WINDOWS\system32\xrtcmwnn.VIR
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
G:\WINDOWS\system32\yciwbpjv.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!


End of the scan: Sunday, August 03, 2008 00:22
Used time: 49:58 Minute(s)

The scan has been done completely.

9679 Scanning directories
488949 Files were scanned
37 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
37 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
488911 Files not concerned
2100 Archives were scanned
6 Warnings
37 Notes



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:04 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\WINDOWS\system32\rundll32.exe
G:\WINDOWS\system32\Rundll32.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
g:\program files\avira\antivir personaledition classic\avcenter.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
G:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\system32\notepad.exe
G:\WINDOWS\system32\notepad.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LSA Shellu] G:\Documents and Settings\Greg\lsass.exe
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\xrtcmwnn.dll",s
O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5468 bytes

3rd update of HJT after Spybot S&D found Virtumonde

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:17 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
G:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LSA Shellu] G:\Documents and Settings\Greg\lsass.exe
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
O4 - HKLM\..\Run: [000000af] rundll32.exe "G:\WINDOWS\system32\wdbgvmvd.dll",b
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5066 bytes

Still can't get rid of TR/Vundo.GEN

Ok, I renamed my HijackThis to iwillforgetthis and ran a new Log. Please if anyone can help I would really appreciate it!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:27 AM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {9410843c-dfcc-0c28-b5a4-f7fff1de94a2} - {2a49ed1f-ff7f-4a5b-82c0-ccfdc3480149} - G:\WINDOWS\system32\ditlep.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72549D86-C9BB-444A-A9F3-DE6BBC54DB91} - G:\WINDOWS\system32\qoMghhhH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {DB036A52-3A88-466B-BD39-05A6D9D9B18A} - G:\WINDOWS\system32\awtqnolI.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LSA Shellu] G:\Documents and Settings\Greg\lsass.exe
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
O4 - HKLM\..\Run: [000000af] rundll32.exe "G:\WINDOWS\system32\wdbgvmvd.dll",b
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O20 - Winlogon Notify: awtqnolI - awtqnolI.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6077 bytes

Bump... Anyone read these? PLEASE HELP!

Can anyone please help. I can't get rid this trojan. Thank you for your time I really appreciate it. If I am posting in the wrong forum or part of this forum please let me know. Thank you!
GG

Hello X2FLYA320,

Apprantly you missed this forum's sticky topics. :

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
Because of the volume of posts to your own topic, helpers would think you were already being assisted as they look for topics with no response.

We ask for one HJT log, there are four in this thread.


The Waiting Room: Post here if waiting for help longer than four days

Regards.

Ouch!

Oh man you are right. I read that way too quickly! Sorry about that. I can see how my post would have been overlooked. I thought I was being helpfull with those HJT logs after I ran some antivirus programs. I will post in the older than 4 day section now. Thank you for responding.
Cheers

GG

Hi X2FLYA320

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Shaba,
Please don't think I am ignoring you, I am out of town until monday. As soon I get home I will run your fixes! Thank you very much!

Greg

Thanks for letting me know

Ok, here it is Friday, and I am finally home to get to my computer. I thought I could have gotten to it Monday, but got called back to work.
Thank you for your patience.

Greg

Thank you for update

Log reports from COMBOFIX and HJT

Ok, FInally- Here you go. Thank you!



ComboFix 08-08-14.05 - Greg 2008-08-15 22:39:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1169 [GMT -6:00]
Running from: G:\Documents and Settings\Greg\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\#SharedObjects\A8XULN5P\interclick.com
G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\#SharedObjects\A8XULN5P\interclick.com\ud.sol
G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\Documents and Settings\Greg\Cookies\greg@adtrgt[2].txt
G:\Documents and Settings\Greg\Cookies\greg@delb.opt.fimserve[1].txt
G:\Documents and Settings\Greg\Cookies\greg@homedepot[1].txt
G:\Documents and Settings\Greg\Cookies\greg@lawyers[1].txt
G:\Documents and Settings\Greg\Cookies\greg@safepctool[1].txt
G:\Documents and Settings\Greg\Cookies\greg@www.partselect[1].txt
G:\Documents and Settings\Greg\Cookies\greg@yahoo[2].txt
G:\Documents and Settings\Greg\Cookies\greg@yahoo[3].txt
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\#SharedObjects\9PEVZ6H7\interclick.com
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\#SharedObjects\9PEVZ6H7\interclick.com\ud.sol
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\Documents and Settings\Other\Cookies\other@walmart[1].txt
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\#SharedObjects\G54VLJ2K\interclick.com
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\#SharedObjects\G54VLJ2K\interclick.com\ud.sol
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\Documents and Settings\Tammy\Cookies\tammy@adtrgt[2].txt
G:\Documents and Settings\Tammy\Cookies\tammy@ehg.fedex[1].txt
G:\Documents and Settings\Tammy\Cookies\tammy@getmusicfree.aavalue[2].txt
G:\Documents and Settings\Tammy\Desktop\Antivirus Master.lnk
G:\Program Files\AVM
G:\Program Files\AVM\avm.cpl
G:\Program Files\AVM\avm.exe
G:\Program Files\AVM\avm0.dat
G:\Program Files\AVM\avm1.dat
G:\WINDOWS\BM03bd692b.txt
G:\WINDOWS\BM03bd692b.xml
G:\WINDOWS\cookies.ini
G:\WINDOWS\system32\dvmvgbdw.ini
G:\WINDOWS\system32\eavfqkbu.exe
G:\WINDOWS\system32\fmlugyef.exe
G:\WINDOWS\system32\fykbrvsf.exe
G:\WINDOWS\system32\HhhhgMoq.ini
G:\WINDOWS\system32\HhhhgMoq.ini2
G:\WINDOWS\system32\lbyjjynt.exe
G:\WINDOWS\system32\mcrh.tmp
G:\WINDOWS\system32\mmesjfuf.exe
G:\WINDOWS\system32\nymakkri.exe
G:\WINDOWS\system32\pybmcjsa.exe
G:\WINDOWS\system32\qoMghhhH.dll
G:\WINDOWS\system32\qsrmdbbj.ini
G:\WINDOWS\system32\roetswsf.exe
G:\WINDOWS\system32\vlbhgynk.exe
G:\WINDOWS\system32\wffndmtx.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-06 23:38 . 2008-08-15 05:57 <DIR> d-------- G:\Program Files\Spyware Doctor
2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\PC Tools
2008-08-06 23:38 . 2008-06-10 21:22 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-06 23:38 . 2008-06-02 15:19 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-06 23:38 . 2008-06-02 15:19 42,376 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-06 23:38 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-08-06 22:10 . 2008-08-06 22:10 169 --a------ G:\WINDOWS\RtlRack.ini
2008-08-06 21:01 . 2006-08-01 15:02 49,152 --a------ G:\WINDOWS\system32\ChCfg.exe
2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\Realtek Sound Manager
2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\AvRack
2008-08-06 20:59 . 2006-08-18 13:52 4,017,536 -ra------ G:\WINDOWS\system32\drivers\alcxwdm.sys
2008-08-06 20:59 . 2004-08-03 23:15 145,792 --a------ G:\WINDOWS\system32\drivers\portcls.sys
2008-08-06 20:59 . 2004-08-03 23:15 145,792 --a--c--- G:\WINDOWS\system32\dllcache\portcls.sys
2008-08-06 20:59 . 2004-08-04 00:56 130,048 --a------ G:\WINDOWS\system32\ksproxy.ax
2008-08-06 20:59 . 2004-08-04 00:56 130,048 --a--c--- G:\WINDOWS\system32\dllcache\ksproxy.ax
2008-08-06 20:59 . 2004-08-03 23:08 60,288 --a------ G:\WINDOWS\system32\drivers\drmk.sys
2008-08-06 20:59 . 2004-08-03 23:08 60,288 --a--c--- G:\WINDOWS\system32\dllcache\drmk.sys
2008-08-06 20:59 . 2004-08-04 00:56 4,096 --a------ G:\WINDOWS\system32\ksuser.dll
2008-08-06 20:59 . 2004-08-04 00:56 4,096 --a--c--- G:\WINDOWS\system32\dllcache\ksuser.dll
2008-08-06 20:59 . 2001-07-06 00:19 164 --a------ G:\WINDOWS\avrack.ini
2008-08-06 20:58 . 2008-08-06 20:58 <DIR> d-------- G:\Program Files\Realtek AC97
2008-08-06 20:58 . 2006-08-17 08:11 18,804,736 --a------ G:\WINDOWS\system32\alsndmgr.cpl
2008-08-06 20:58 . 2006-08-10 07:27 10,528,768 --a------ G:\WINDOWS\system32\RTLCPL.exe
2008-08-06 20:58 . 2006-08-03 05:12 577,536 --a------ G:\WINDOWS\soundman.exe
2008-08-06 20:58 . 2006-07-31 11:19 315,392 --a------ G:\WINDOWS\alcupd.exe
2008-08-06 20:58 . 2006-07-31 11:27 217,088 --a------ G:\WINDOWS\Alcrmv.exe
2008-08-06 20:58 . 2006-08-01 14:58 143,360 --a------ G:\WINDOWS\system32\RtlCPAPI.dll
2008-08-06 20:58 . 2002-02-05 13:54 141,016 --a------ G:\WINDOWS\system32\alsndmgr.wav
2008-08-04 03:16 . 2008-08-05 23:34 2,369 --a------ G:\WINDOWS\system32\tblodx32.dll
2008-08-04 02:08 . 2008-08-04 02:30 <DIR> d-------- G:\Program Files\SpywareBlaster
2008-08-04 02:08 . 2008-08-15 22:37 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 02:21 . 2008-08-03 02:21 18,044 --ah----- G:\WINDOWS\system32\mlfcache.dat
2008-08-03 02:17 . 2008-08-03 02:17 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\Apple Computer
2008-08-03 02:11 . 2008-08-03 02:12 <DIR> d-------- G:\Program Files\Safari
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Bonjour
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Apple Software Update
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 01:47 . 2008-08-03 01:47 164 --a------ G:\WINDOWS\system32\AddPort.ini
2008-08-03 01:42 . 2008-08-03 01:47 1,758 --a------ G:\WINDOWS\hpntwksetup.ini
2008-08-03 01:41 . 2008-08-03 01:47 <DIR> d-------- G:\TEMP
2008-08-03 01:41 . 2008-07-03 22:17 105,342 --------- G:\WINDOWS\HPFins09.dat.temp
2008-08-03 01:41 . 2005-11-01 03:29 3,732 --------- G:\WINDOWS\hpfmdl09.dat.temp
2008-08-03 00:05 . 2008-08-03 00:05 <DIR> d-------- G:\WINDOWS\Sun
2008-08-03 00:04 . 2008-08-03 00:04 <DIR> d-------- G:\Program Files\Sun
2008-08-03 00:03 . 2008-06-10 02:32 73,728 --a------ G:\WINDOWS\system32\javacpl.cpl
2008-08-03 00:02 . 2008-08-03 00:03 <DIR> d-------- G:\Program Files\Java
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- G:\Program Files\Common Files\Java
2008-08-02 23:59 . 2008-08-02 23:59 <DIR> d-------- G:\Program Files\SDM20
2008-08-02 23:30 . 2008-08-02 23:30 <DIR> d-------- G:\Program Files\Avira
2008-08-02 23:30 . 2008-08-02 23:30 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Avira
2008-07-31 12:06 . 2008-07-25 08:14 120,320 --a------ G:\WINDOWS\system32\avm.cpl
2008-07-31 00:20 . 2008-08-04 00:51 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-30 22:42 . 2008-07-30 22:42 <DIR> d-------- G:\Program Files\Spybot - Search & Destroy
2008-07-30 22:42 . 2008-07-30 22:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 15:21 . 2008-07-23 15:21 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\MailFrontier
2008-07-23 13:51 . 2008-08-10 23:54 1,282 --a------ G:\rollback.ini
2008-07-23 13:48 . 2008-07-23 14:30 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\MailFrontier
2008-07-23 13:45 . 2008-08-15 22:49 4,696,864 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
2008-07-23 13:45 . 2008-08-15 22:44 63,476 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
2008-07-23 13:39 . 2008-07-23 14:18 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- G:\Program Files\Zone Labs
2008-07-22 19:09 . 2008-06-13 07:10 272,128 --------- G:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 19:09 . 2008-06-13 07:10 272,128 -----c--- G:\WINDOWS\system32\dllcache\bthport.sys
2008-07-22 12:33 . 2008-07-22 12:33 <DIR> d-------- G:\WINDOWS\system32\LogFiles
2008-07-21 21:26 . 2008-07-21 21:26 <DIR> d---s---- G:\Documents and Settings\Tammy\UserData
2008-07-21 21:22 . 2008-07-21 21:22 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\Lavasoft
2008-07-21 17:32 . 2008-08-15 22:45 4,212 ---h----- G:\WINDOWS\system32\zllictbl.dat
2008-07-21 17:31 . 2008-08-15 22:46 <DIR> d-------- G:\WINDOWS\Internet Logs
2008-07-20 22:38 . 2008-07-23 18:25 <DIR> d-------- G:\WINDOWS\system32\carH18
2008-07-20 22:38 . 2008-07-20 22:38 77 --a------ G:\Documents and Settings\Tammy\2964.bat
2008-07-19 19:21 . 2008-07-19 19:21 <DIR> d-------- G:\Program Files\AIM Search
2008-07-19 19:21 . 2008-07-21 18:37 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-19 19:20 . 2008-07-21 15:56 <DIR> d-------- G:\Program Files\Common Files\AOL
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL
2008-07-19 19:20 . 2008-07-19 19:21 387 --ah----- G:\IPH.PH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 04:38 1,469,952 ----a-w G:\WINDOWS\Internet Logs\xDBB.tmp
2008-08-11 20:29 4,073,605 ----a-w G:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-11 06:11 1,470,464 ----a-w G:\WINDOWS\Internet Logs\xDBA.tmp
2008-08-07 17:09 1,468,416 ----a-w G:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-07 02:58 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-08-07 02:58 --------- d-----w G:\Program Files\Common Files\InstallShield
2008-08-03 07:57 1,378,816 ----a-w G:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-03 07:47 --------- d-----w G:\Documents and Settings\All Users\Application Data\HP
2008-07-31 05:36 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-31 05:18 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-31 04:53 1,824,768 ----a-w G:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-31 04:21 1,814,016 ----a-w G:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-30 08:11 1,810,432 ----a-w G:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-30 02:20 1,808,384 ----a-w G:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-29 07:04 1,805,824 ----a-w G:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-28 23:08 1,357,824 ----a-w G:\WINDOWS\Internet Logs\xDB1B.tmp
2008-07-09 15:05 75,248 ----a-w G:\WINDOWS\zllsputility.exe
2008-07-09 15:05 1,086,952 ----a-w G:\WINDOWS\system32\zpeng24.dll
2008-07-04 04:18 --------- d-----w G:\Documents and Settings\Greg\Application Data\HP
2008-07-04 04:06 --------- d-----w G:\Program Files\HP
2008-06-30 17:39 --------- d-----w G:\Program Files\Common Files\Adobe
2008-06-26 03:26 --------- d-----w G:\Program Files\Microsoft ActiveSync
2008-06-25 08:06 --------- d-----w G:\Program Files\Common Files\LightScribe
2008-06-25 08:06 --------- d-----w G:\Program Files\Ahead
2008-06-25 08:05 --------- d-----w G:\Program Files\Common Files\Nero
2008-06-25 08:03 --------- d-----w G:\Program Files\Common Files\Ahead
2008-06-25 08:03 --------- d-----w G:\Documents and Settings\All Users\Application Data\Ahead
2008-06-25 07:57 --------- d-----w G:\Program Files\Lavasoft
2008-06-25 07:57 --------- d-----w G:\Documents and Settings\Greg\Application Data\Lavasoft
2008-06-25 07:51 --------- d-----w G:\Program Files\MGI
2008-06-25 07:51 --------- d-----w G:\Program Files\Common Files\MGI Shared
2008-06-25 07:51 --------- d-----w G:\Documents and Settings\Greg\Application Data\MGI
2008-06-25 07:50 --------- d-----w G:\Program Files\Hewlett-Packard
2008-06-25 07:20 --------- d-----w G:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2005-05-25 12:12 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
"DeviceDiscovery"="G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"srePostpone"="g:\windows\system32\zonelabs\srescan.dll" [2008-02-27 03:10 1504736]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=G:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\WINDOWS\\system32\\spoolsv.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ced62ee-5eb8-11dd-90c5-001485358c6b}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2a49ed1f-ff7f-4a5b-82c0-ccfdc3480149} - G:\WINDOWS\system32\ditlep.dll
HKLM-Run-BM03bd692b - G:\WINDOWS\system32\qqyhphao.dll
HKLM-Run-000000af - G:\WINDOWS\system32\wdbgvmvd.dll
HKLM-Run-LSA Shellu - G:\Documents and Settings\Greg\lsass.exe
Notify-awtqnolI - awtqnolI.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - G:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\1n7d796z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - G:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 22:48:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\WINDOWS\system32\ati2evxx.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\ati2evxx.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
G:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\update\update.exe
.
**************************************************************************
.
Completion time: 2008-08-15 22:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 04:54:26

Pre-Run: 258,097,811,456 bytes free
Post-Run: 257,590,329,344 bytes free

251 --- E O F --- 2008-07-23 09:02:48





-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:46 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\internet explorer\iexplore.exe
G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5951 bytes

Not sure if it's related. but I think it is. I keep getting an error message at windows startup saying.

Error Loading G:\windows\system32\qqyhphao.dll


would you happen to know what this might be or how to fix it? Thank you!
Cheers,
Greg

Yes, it happened because Ad-Watch is on.

See here how to disable it.

After that:

Open HijackThis, click do a system scan only and checkmark this:

O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s

Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log.

OK, Awesoem! Here is a Fresh HJT Log

Ok, Here is a Fresh HJT log page. Thge error message has dissapeared, and I don't appear to have any more trojans! Amazing!! Thank you sooooo much!!!!
Greg

Anything else I need to do?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:09 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LSA Shellu] G:\Documents and Settings\Greg\lsass.exe
O4 - HKLM\..\Run: [000000af] rundll32.exe "G:\WINDOWS\system32\wdbgvmvd.dll",b
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6153 bytes

There are other bad entries left.

Please disable Ad-Watch and keep it disabled.

Open notepad and copy/paste the text in the codebox below into it:


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Ok, fresh HJT and Combofix

Shaba,
I hope I didn't screw anything up, but after I thought everything was fixed I ran a windows update to SP3. So if things are different or I screwed something up I apologize!
Here is the Combofix and HJT logs.

ComboFix 08-08-17.03 - Greg 2008-08-18 11:49:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1146 [GMT -6:00]
Running from: G:\Documents and Settings\Greg\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-17 23:02 . 2008-08-18 11:09 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\LimeWire
2008-08-17 23:01 . 2008-08-17 23:01 <DIR> d-------- G:\Program Files\LimeWire
2008-08-17 22:51 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\iTunes
2008-08-17 22:51 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\iPod
2008-08-17 22:50 . 2008-08-17 22:50 <DIR> d----c--- G:\WINDOWS\system32\DRVSTORE
2008-08-17 22:50 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\QuickTime
2008-08-17 22:50 . 2008-08-17 22:51 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-17 22:49 . 2008-08-17 22:49 <DIR> d-------- G:\Program Files\Common Files\Apple
2008-08-17 22:02 . 2008-04-13 10:39 142,592 --a------ G:\WINDOWS\system32\drivers\aec.sys
2008-08-17 22:02 . 2008-04-13 10:39 142,592 --a--c--- G:\WINDOWS\system32\dllcache\aec.sys
2008-08-17 22:02 . 2008-04-13 13:17 83,072 --a------ G:\WINDOWS\system32\drivers\wdmaud.sys
2008-08-17 22:02 . 2008-04-13 13:17 83,072 --a--c--- G:\WINDOWS\system32\dllcache\wdmaud.sys
2008-08-17 22:02 . 2008-04-13 12:45 56,576 --a------ G:\WINDOWS\system32\drivers\swmidi.sys
2008-08-17 22:02 . 2008-04-13 12:45 56,576 --a--c--- G:\WINDOWS\system32\dllcache\swmidi.sys
2008-08-17 22:02 . 2008-04-13 12:45 52,864 --a------ G:\WINDOWS\system32\drivers\DMusic.sys
2008-08-17 22:02 . 2008-04-13 12:45 52,864 --a--c--- G:\WINDOWS\system32\dllcache\dmusic.sys
2008-08-17 22:02 . 2008-04-13 12:45 6,272 --a------ G:\WINDOWS\system32\drivers\splitter.sys
2008-08-17 22:02 . 2008-04-13 12:45 6,272 --a--c--- G:\WINDOWS\system32\dllcache\splitter.sys
2008-08-17 22:01 . 2008-08-17 22:01 <DIR> d-------- G:\Program Files\Realtek AC97
2008-08-17 21:39 . 2008-08-17 21:39 <DIR> d-------- G:\Program Files\Windows Media Connect 2
2008-08-17 21:38 . 2008-08-17 21:39 <DIR> d-------- G:\WINDOWS\system32\drivers\UMDF
2008-08-17 21:31 . 2008-04-13 18:12 221,184 --a------ G:\WINDOWS\system32\wmpns.dll
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\scripting
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\en
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\bits
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\l2schemas
2008-08-17 21:16 . 2008-08-17 21:20 <DIR> d-------- G:\WINDOWS\ServicePackFiles
2008-08-15 22:56 . 2008-04-11 13:04 691,712 -----c--- G:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-06 23:38 . 2008-08-15 05:57 <DIR> d-------- G:\Program Files\Spyware Doctor
2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\PC Tools
2008-08-06 23:38 . 2008-06-10 21:22 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-06 23:38 . 2008-06-02 15:19 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-06 23:38 . 2008-06-02 15:19 42,376 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-06 23:38 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-08-06 22:10 . 2008-08-06 22:10 169 --a------ G:\WINDOWS\RtlRack.ini
2008-08-06 21:01 . 2006-08-01 15:02 49,152 --a------ G:\WINDOWS\system32\ChCfg.exe
2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\Realtek Sound Manager
2008-08-06 20:59 . 2008-08-17 22:01 <DIR> d-------- G:\Program Files\AvRack
2008-08-06 20:59 . 2006-08-18 13:52 4,017,536 -ra------ G:\WINDOWS\system32\drivers\alcxwdm.sys
2008-08-06 20:59 . 2008-04-13 13:19 146,048 --a------ G:\WINDOWS\system32\drivers\portcls.sys
2008-08-06 20:59 . 2008-04-13 13:19 146,048 --a--c--- G:\WINDOWS\system32\dllcache\portcls.sys
2008-08-06 20:59 . 2008-04-13 18:12 129,536 --a------ G:\WINDOWS\system32\ksproxy.ax
2008-08-06 20:59 . 2008-04-13 18:12 129,536 --a--c--- G:\WINDOWS\system32\dllcache\ksproxy.ax
2008-08-06 20:59 . 2008-04-13 12:45 60,160 --a------ G:\WINDOWS\system32\drivers\drmk.sys
2008-08-06 20:59 . 2008-04-13 12:45 60,160 --a--c--- G:\WINDOWS\system32\dllcache\drmk.sys
2008-08-06 20:59 . 2008-04-13 18:11 4,096 --a------ G:\WINDOWS\system32\ksuser.dll
2008-08-06 20:59 . 2008-04-13 18:11 4,096 --a--c--- G:\WINDOWS\system32\dllcache\ksuser.dll
2008-08-06 20:58 . 2006-08-17 08:11 18,804,736 --a------ G:\WINDOWS\system32\alsndmgr.cpl
2008-08-06 20:58 . 2006-08-10 07:27 10,528,768 --a------ G:\WINDOWS\system32\RTLCPL.exe
2008-08-06 20:58 . 2006-08-03 05:12 577,536 --a------ G:\WINDOWS\soundman.exe
2008-08-06 20:58 . 2006-07-31 11:19 315,392 --a------ G:\WINDOWS\alcupd.exe
2008-08-06 20:58 . 2006-07-31 11:27 217,088 --a------ G:\WINDOWS\Alcrmv.exe
2008-08-06 20:58 . 2006-08-01 14:58 143,360 --a------ G:\WINDOWS\system32\RtlCPAPI.dll
2008-08-06 20:58 . 2002-02-05 13:54 141,016 --a------ G:\WINDOWS\system32\alsndmgr.wav
2008-08-04 03:16 . 2008-08-05 23:34 2,369 --a------ G:\WINDOWS\system32\tblodx32.dll
2008-08-04 02:08 . 2008-08-17 22:56 <DIR> d-------- G:\Program Files\SpywareBlaster
2008-08-04 02:08 . 2008-08-15 22:37 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 02:21 . 2008-08-03 02:21 18,044 --ah----- G:\WINDOWS\system32\mlfcache.dat
2008-08-03 02:17 . 2008-08-18 01:03 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\Apple Computer
2008-08-03 02:11 . 2008-08-03 02:12 <DIR> d-------- G:\Program Files\Safari
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Bonjour
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Apple Software Update
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 01:47 . 2008-08-03 01:47 164 --a------ G:\WINDOWS\system32\AddPort.ini
2008-08-03 01:42 . 2008-08-03 01:47 1,758 --a------ G:\WINDOWS\hpntwksetup.ini
2008-08-03 01:41 . 2008-08-03 01:47 <DIR> d-------- G:\TEMP
2008-08-03 01:41 . 2008-07-03 22:17 105,342 --------- G:\WINDOWS\HPFins09.dat.temp
2008-08-03 01:41 . 2005-11-01 03:29 3,732 --------- G:\WINDOWS\hpfmdl09.dat.temp
2008-08-03 00:05 . 2008-08-03 00:05 <DIR> d-------- G:\WINDOWS\Sun
2008-08-03 00:04 . 2008-08-03 00:04 <DIR> d-------- G:\Program Files\Sun
2008-08-03 00:03 . 2008-06-10 02:32 73,728 --a------ G:\WINDOWS\system32\javacpl.cpl
2008-08-03 00:02 . 2008-08-03 00:03 <DIR> d-------- G:\Program Files\Java
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- G:\Program Files\Common Files\Java
2008-08-02 23:59 . 2008-08-02 23:59 <DIR> d-------- G:\Program Files\SDM20
2008-07-31 12:06 . 2008-07-25 08:14 120,320 --a------ G:\WINDOWS\system32\avm.cpl
2008-07-31 00:20 . 2008-08-04 00:51 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-30 22:42 . 2008-07-30 22:42 <DIR> d-------- G:\Program Files\Spybot - Search & Destroy
2008-07-30 22:42 . 2008-07-30 22:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 15:21 . 2008-07-23 15:21 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\MailFrontier
2008-07-23 13:51 . 2008-08-18 08:54 1,276 --a------ G:\rollback.ini
2008-07-23 13:48 . 2008-07-23 14:30 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\MailFrontier
2008-07-23 13:45 . 2008-08-18 11:50 5,831,200 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
2008-07-23 13:45 . 2008-08-18 11:13 78,788 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
2008-07-23 13:39 . 2008-07-23 14:18 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- G:\Program Files\Zone Labs
2008-07-22 19:09 . 2008-06-13 05:05 272,128 --------- G:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 19:09 . 2008-06-13 05:05 272,128 -----c--- G:\WINDOWS\system32\dllcache\bthport.sys
2008-07-22 19:08 . 2008-05-08 08:02 203,136 -----c--- G:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-22 12:33 . 2008-08-17 21:38 <DIR> d-------- G:\WINDOWS\system32\LogFiles
2008-07-21 21:22 . 2008-07-21 21:22 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\Lavasoft
2008-07-21 17:32 . 2008-08-17 21:48 4,212 ---h----- G:\WINDOWS\system32\zllictbl.dat
2008-07-21 17:31 . 2008-08-18 11:33 <DIR> d-------- G:\WINDOWS\Internet Logs
2008-07-20 22:38 . 2008-07-20 22:38 77 --a------ G:\Documents and Settings\Tammy\2964.bat
2008-07-19 19:21 . 2008-07-19 19:21 <DIR> d-------- G:\Program Files\AIM Search
2008-07-19 19:21 . 2008-07-21 18:37 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-19 19:20 . 2008-07-21 15:56 <DIR> d-------- G:\Program Files\Common Files\AOL
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL
2008-07-19 19:20 . 2008-07-19 19:21 387 --ah----- G:\IPH.PH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 04:38 1,469,952 ----a-w G:\WINDOWS\Internet Logs\xDBB.tmp
2008-08-11 20:29 4,073,605 ----a-w G:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-11 06:11 1,470,464 ----a-w G:\WINDOWS\Internet Logs\xDBA.tmp
2008-08-07 17:09 1,468,416 ----a-w G:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-07 02:58 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-08-07 02:58 --------- d-----w G:\Program Files\Common Files\InstallShield
2008-08-03 07:57 1,378,816 ----a-w G:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-03 07:47 --------- d-----w G:\Documents and Settings\All Users\Application Data\HP
2008-07-31 05:36 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-31 05:18 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-31 04:53 1,824,768 ----a-w G:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-31 04:21 1,814,016 ----a-w G:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-30 08:11 1,810,432 ----a-w G:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-30 02:20 1,808,384 ----a-w G:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-29 07:04 1,805,824 ----a-w G:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-28 23:08 1,357,824 ----a-w G:\WINDOWS\Internet Logs\xDB1B.tmp
2008-07-09 15:05 75,248 ----a-w G:\WINDOWS\zllsputility.exe
2008-07-09 15:05 1,086,952 ----a-w G:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:26 253,952 ----a-w G:\WINDOWS\system32\es.dll
2008-07-04 04:18 --------- d-----w G:\Documents and Settings\Greg\Application Data\HP
2008-07-04 04:06 --------- d-----w G:\Program Files\HP
2008-06-30 17:39 --------- d-----w G:\Program Files\Common Files\Adobe
2008-06-26 03:26 --------- d-----w G:\Program Files\Microsoft ActiveSync
2008-06-25 08:06 --------- d-----w G:\Program Files\Common Files\LightScribe
2008-06-25 08:06 --------- d-----w G:\Program Files\Ahead
2008-06-25 08:05 --------- d-----w G:\Program Files\Common Files\Nero
2008-06-25 08:03 --------- d-----w G:\Program Files\Common Files\Ahead
2008-06-25 08:03 --------- d-----w G:\Documents and Settings\All Users\Application Data\Ahead
2008-06-25 07:57 --------- d-----w G:\Program Files\Lavasoft
2008-06-25 07:57 --------- d-----w G:\Documents and Settings\Greg\Application Data\Lavasoft
2008-06-25 07:51 --------- d-----w G:\Program Files\MGI
2008-06-25 07:51 --------- d-----w G:\Program Files\Common Files\MGI Shared
2008-06-25 07:51 --------- d-----w G:\Documents and Settings\Greg\Application Data\MGI
2008-06-25 07:50 --------- d-----w G:\Program Files\Hewlett-Packard
2008-06-25 07:20 --------- d-----w G:\Program Files\microsoft frontpage
2008-06-24 16:43 74,240 ----a-w G:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w G:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w G:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w G:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( snapshot_2008-08-18_11.17.17.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 17:14:02 672,572 ----a-w G:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-08-18 17:35:11 673,328 ----a-w G:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
"DeviceDiscovery"="G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"AppleSyncNotifier"="G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 G:\WINDOWS\soundman.exe]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=G:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\WINDOWS\\system32\\spoolsv.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ced62ee-5eb8-11dd-90c5-001485358c6b}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - G:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\1n7d796z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - G:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 11:51:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-18 11:51:50
ComboFix-quarantined-files.txt 2008-08-18 17:51:48
ComboFix2.txt 2008-08-18 17:18:15
ComboFix3.txt 2008-08-16 04:54:53

Pre-Run: 252,972,765,184 bytes free
Post-Run: 252,961,972,224 bytes free

219 --- E O F --- 2008-08-18 03:25:30




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:34 AM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\notepad.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6281 bytes

Well you could have screwed up but luckily not this time

Where has AntiVir gone?

Whew. Good. Well, I had like three antivirus programs running I think, (Zone alarm, Adaware, and Antivir), so I uninstalled AntiVir, since it was the free one. SHould that be the one to keep? Oh I also had/have spyware doctor 6.0 . What would you reccomend from now on?
Thanks!
Greg