Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: Nasty Bugger won't let me search or look at web pages.

  1. 2008-08-15, 19:45 #11
    X2FLYA320
    X2FLYA320 is offline
    Junior Member X2FLYA320's Avatar
    Join Date
    Jul 2008
    Location
    Denver
    Posts
    20

    Default

    Ok, here it is Friday, and I am finally home to get to my computer. I thought I could have gotten to it Monday, but got called back to work.
    Thank you for your patience.

    Greg
  2. 2008-08-15, 19:46 #12
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Thank you for update
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  3. 2008-08-16, 06:59 #13
    X2FLYA320
    X2FLYA320 is offline
    Junior Member X2FLYA320's Avatar
    Join Date
    Jul 2008
    Location
    Denver
    Posts
    20

    Arrow Log reports from COMBOFIX and HJT

    Ok, FInally- Here you go. Thank you!



    ComboFix 08-08-14.05 - Greg 2008-08-15 22:39:38.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1169 [GMT -6:00]
    Running from: G:\Documents and Settings\Greg\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\#SharedObjects\A8XULN5P\interclick.com
    G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\#SharedObjects\A8XULN5P\interclick.com\ud.sol
    G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    G:\Documents and Settings\Greg\Cookies\greg@adtrgt[2].txt
    G:\Documents and Settings\Greg\Cookies\greg@delb.opt.fimserve[1].txt
    G:\Documents and Settings\Greg\Cookies\greg@homedepot[1].txt
    G:\Documents and Settings\Greg\Cookies\greg@lawyers[1].txt
    G:\Documents and Settings\Greg\Cookies\greg@safepctool[1].txt
    G:\Documents and Settings\Greg\Cookies\greg@www.partselect[1].txt
    G:\Documents and Settings\Greg\Cookies\greg@yahoo[2].txt
    G:\Documents and Settings\Greg\Cookies\greg@yahoo[3].txt
    G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\#SharedObjects\9PEVZ6H7\interclick.com
    G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\#SharedObjects\9PEVZ6H7\interclick.com\ud.sol
    G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    G:\Documents and Settings\Other\Cookies\other@walmart[1].txt
    G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\#SharedObjects\G54VLJ2K\interclick.com
    G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\#SharedObjects\G54VLJ2K\interclick.com\ud.sol
    G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    G:\Documents and Settings\Tammy\Cookies\tammy@adtrgt[2].txt
    G:\Documents and Settings\Tammy\Cookies\tammy@ehg.fedex[1].txt
    G:\Documents and Settings\Tammy\Cookies\tammy@getmusicfree.aavalue[2].txt
    G:\Documents and Settings\Tammy\Desktop\Antivirus Master.lnk
    G:\Program Files\AVM
    G:\Program Files\AVM\avm.cpl
    G:\Program Files\AVM\avm.exe
    G:\Program Files\AVM\avm0.dat
    G:\Program Files\AVM\avm1.dat
    G:\WINDOWS\BM03bd692b.txt
    G:\WINDOWS\BM03bd692b.xml
    G:\WINDOWS\cookies.ini
    G:\WINDOWS\system32\dvmvgbdw.ini
    G:\WINDOWS\system32\eavfqkbu.exe
    G:\WINDOWS\system32\fmlugyef.exe
    G:\WINDOWS\system32\fykbrvsf.exe
    G:\WINDOWS\system32\HhhhgMoq.ini
    G:\WINDOWS\system32\HhhhgMoq.ini2
    G:\WINDOWS\system32\lbyjjynt.exe
    G:\WINDOWS\system32\mcrh.tmp
    G:\WINDOWS\system32\mmesjfuf.exe
    G:\WINDOWS\system32\nymakkri.exe
    G:\WINDOWS\system32\pybmcjsa.exe
    G:\WINDOWS\system32\qoMghhhH.dll
    G:\WINDOWS\system32\qsrmdbbj.ini
    G:\WINDOWS\system32\roetswsf.exe
    G:\WINDOWS\system32\vlbhgynk.exe
    G:\WINDOWS\system32\wffndmtx.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
    .

    2008-08-06 23:38 . 2008-08-15 05:57 <DIR> d-------- G:\Program Files\Spyware Doctor
    2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\PC Tools
    2008-08-06 23:38 . 2008-06-10 21:22 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
    2008-08-06 23:38 . 2008-06-02 15:19 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
    2008-08-06 23:38 . 2008-06-02 15:19 42,376 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-08-06 23:38 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
    2008-08-06 22:10 . 2008-08-06 22:10 169 --a------ G:\WINDOWS\RtlRack.ini
    2008-08-06 21:01 . 2006-08-01 15:02 49,152 --a------ G:\WINDOWS\system32\ChCfg.exe
    2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\Realtek Sound Manager
    2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\AvRack
    2008-08-06 20:59 . 2006-08-18 13:52 4,017,536 -ra------ G:\WINDOWS\system32\drivers\alcxwdm.sys
    2008-08-06 20:59 . 2004-08-03 23:15 145,792 --a------ G:\WINDOWS\system32\drivers\portcls.sys
    2008-08-06 20:59 . 2004-08-03 23:15 145,792 --a--c--- G:\WINDOWS\system32\dllcache\portcls.sys
    2008-08-06 20:59 . 2004-08-04 00:56 130,048 --a------ G:\WINDOWS\system32\ksproxy.ax
    2008-08-06 20:59 . 2004-08-04 00:56 130,048 --a--c--- G:\WINDOWS\system32\dllcache\ksproxy.ax
    2008-08-06 20:59 . 2004-08-03 23:08 60,288 --a------ G:\WINDOWS\system32\drivers\drmk.sys
    2008-08-06 20:59 . 2004-08-03 23:08 60,288 --a--c--- G:\WINDOWS\system32\dllcache\drmk.sys
    2008-08-06 20:59 . 2004-08-04 00:56 4,096 --a------ G:\WINDOWS\system32\ksuser.dll
    2008-08-06 20:59 . 2004-08-04 00:56 4,096 --a--c--- G:\WINDOWS\system32\dllcache\ksuser.dll
    2008-08-06 20:59 . 2001-07-06 00:19 164 --a------ G:\WINDOWS\avrack.ini
    2008-08-06 20:58 . 2008-08-06 20:58 <DIR> d-------- G:\Program Files\Realtek AC97
    2008-08-06 20:58 . 2006-08-17 08:11 18,804,736 --a------ G:\WINDOWS\system32\alsndmgr.cpl
    2008-08-06 20:58 . 2006-08-10 07:27 10,528,768 --a------ G:\WINDOWS\system32\RTLCPL.exe
    2008-08-06 20:58 . 2006-08-03 05:12 577,536 --a------ G:\WINDOWS\soundman.exe
    2008-08-06 20:58 . 2006-07-31 11:19 315,392 --a------ G:\WINDOWS\alcupd.exe
    2008-08-06 20:58 . 2006-07-31 11:27 217,088 --a------ G:\WINDOWS\Alcrmv.exe
    2008-08-06 20:58 . 2006-08-01 14:58 143,360 --a------ G:\WINDOWS\system32\RtlCPAPI.dll
    2008-08-06 20:58 . 2002-02-05 13:54 141,016 --a------ G:\WINDOWS\system32\alsndmgr.wav
    2008-08-04 03:16 . 2008-08-05 23:34 2,369 --a------ G:\WINDOWS\system32\tblodx32.dll
    2008-08-04 02:08 . 2008-08-04 02:30 <DIR> d-------- G:\Program Files\SpywareBlaster
    2008-08-04 02:08 . 2008-08-15 22:37 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-03 02:21 . 2008-08-03 02:21 18,044 --ah----- G:\WINDOWS\system32\mlfcache.dat
    2008-08-03 02:17 . 2008-08-03 02:17 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\Apple Computer
    2008-08-03 02:11 . 2008-08-03 02:12 <DIR> d-------- G:\Program Files\Safari
    2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Bonjour
    2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Apple Software Update
    2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
    2008-08-03 01:47 . 2008-08-03 01:47 164 --a------ G:\WINDOWS\system32\AddPort.ini
    2008-08-03 01:42 . 2008-08-03 01:47 1,758 --a------ G:\WINDOWS\hpntwksetup.ini
    2008-08-03 01:41 . 2008-08-03 01:47 <DIR> d-------- G:\TEMP
    2008-08-03 01:41 . 2008-07-03 22:17 105,342 --------- G:\WINDOWS\HPFins09.dat.temp
    2008-08-03 01:41 . 2005-11-01 03:29 3,732 --------- G:\WINDOWS\hpfmdl09.dat.temp
    2008-08-03 00:05 . 2008-08-03 00:05 <DIR> d-------- G:\WINDOWS\Sun
    2008-08-03 00:04 . 2008-08-03 00:04 <DIR> d-------- G:\Program Files\Sun
    2008-08-03 00:03 . 2008-06-10 02:32 73,728 --a------ G:\WINDOWS\system32\javacpl.cpl
    2008-08-03 00:02 . 2008-08-03 00:03 <DIR> d-------- G:\Program Files\Java
    2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- G:\Program Files\Common Files\Java
    2008-08-02 23:59 . 2008-08-02 23:59 <DIR> d-------- G:\Program Files\SDM20
    2008-08-02 23:30 . 2008-08-02 23:30 <DIR> d-------- G:\Program Files\Avira
    2008-08-02 23:30 . 2008-08-02 23:30 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Avira
    2008-07-31 12:06 . 2008-07-25 08:14 120,320 --a------ G:\WINDOWS\system32\avm.cpl
    2008-07-31 00:20 . 2008-08-04 00:51 <DIR> d-------- G:\Program Files\Trend Micro
    2008-07-30 22:42 . 2008-07-30 22:42 <DIR> d-------- G:\Program Files\Spybot - Search & Destroy
    2008-07-30 22:42 . 2008-07-30 22:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-23 15:21 . 2008-07-23 15:21 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\MailFrontier
    2008-07-23 13:51 . 2008-08-10 23:54 1,282 --a------ G:\rollback.ini
    2008-07-23 13:48 . 2008-07-23 14:30 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\MailFrontier
    2008-07-23 13:45 . 2008-08-15 22:49 4,696,864 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-23 13:45 . 2008-08-15 22:44 63,476 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-23 13:39 . 2008-07-23 14:18 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- G:\Program Files\Zone Labs
    2008-07-22 19:09 . 2008-06-13 07:10 272,128 --------- G:\WINDOWS\system32\drivers\bthport.sys
    2008-07-22 19:09 . 2008-06-13 07:10 272,128 -----c--- G:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-22 12:33 . 2008-07-22 12:33 <DIR> d-------- G:\WINDOWS\system32\LogFiles
    2008-07-21 21:26 . 2008-07-21 21:26 <DIR> d---s---- G:\Documents and Settings\Tammy\UserData
    2008-07-21 21:22 . 2008-07-21 21:22 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\Lavasoft
    2008-07-21 17:32 . 2008-08-15 22:45 4,212 ---h----- G:\WINDOWS\system32\zllictbl.dat
    2008-07-21 17:31 . 2008-08-15 22:46 <DIR> d-------- G:\WINDOWS\Internet Logs
    2008-07-20 22:38 . 2008-07-23 18:25 <DIR> d-------- G:\WINDOWS\system32\carH18
    2008-07-20 22:38 . 2008-07-20 22:38 77 --a------ G:\Documents and Settings\Tammy\2964.bat
    2008-07-19 19:21 . 2008-07-19 19:21 <DIR> d-------- G:\Program Files\AIM Search
    2008-07-19 19:21 . 2008-07-21 18:37 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-07-19 19:20 . 2008-07-21 15:56 <DIR> d-------- G:\Program Files\Common Files\AOL
    2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL OCP
    2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL
    2008-07-19 19:20 . 2008-07-19 19:21 387 --ah----- G:\IPH.PH

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-14 04:38 1,469,952 ----a-w G:\WINDOWS\Internet Logs\xDBB.tmp
    2008-08-11 20:29 4,073,605 ----a-w G:\WINDOWS\Internet Logs\tvDebug.zip
    2008-08-11 06:11 1,470,464 ----a-w G:\WINDOWS\Internet Logs\xDBA.tmp
    2008-08-07 17:09 1,468,416 ----a-w G:\WINDOWS\Internet Logs\xDB9.tmp
    2008-08-07 02:58 --------- d--h--w G:\Program Files\InstallShield Installation Information
    2008-08-07 02:58 --------- d-----w G:\Program Files\Common Files\InstallShield
    2008-08-03 07:57 1,378,816 ----a-w G:\WINDOWS\Internet Logs\xDB8.tmp
    2008-08-03 07:47 --------- d-----w G:\Documents and Settings\All Users\Application Data\HP
    2008-07-31 05:36 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB6.tmp
    2008-07-31 05:18 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB7.tmp
    2008-07-31 04:53 1,824,768 ----a-w G:\WINDOWS\Internet Logs\xDB5.tmp
    2008-07-31 04:21 1,814,016 ----a-w G:\WINDOWS\Internet Logs\xDB4.tmp
    2008-07-30 08:11 1,810,432 ----a-w G:\WINDOWS\Internet Logs\xDB3.tmp
    2008-07-30 02:20 1,808,384 ----a-w G:\WINDOWS\Internet Logs\xDB2.tmp
    2008-07-29 07:04 1,805,824 ----a-w G:\WINDOWS\Internet Logs\xDB1.tmp
    2008-07-28 23:08 1,357,824 ----a-w G:\WINDOWS\Internet Logs\xDB1B.tmp
    2008-07-09 15:05 75,248 ----a-w G:\WINDOWS\zllsputility.exe
    2008-07-09 15:05 1,086,952 ----a-w G:\WINDOWS\system32\zpeng24.dll
    2008-07-04 04:18 --------- d-----w G:\Documents and Settings\Greg\Application Data\HP
    2008-07-04 04:06 --------- d-----w G:\Program Files\HP
    2008-06-30 17:39 --------- d-----w G:\Program Files\Common Files\Adobe
    2008-06-26 03:26 --------- d-----w G:\Program Files\Microsoft ActiveSync
    2008-06-25 08:06 --------- d-----w G:\Program Files\Common Files\LightScribe
    2008-06-25 08:06 --------- d-----w G:\Program Files\Ahead
    2008-06-25 08:05 --------- d-----w G:\Program Files\Common Files\Nero
    2008-06-25 08:03 --------- d-----w G:\Program Files\Common Files\Ahead
    2008-06-25 08:03 --------- d-----w G:\Documents and Settings\All Users\Application Data\Ahead
    2008-06-25 07:57 --------- d-----w G:\Program Files\Lavasoft
    2008-06-25 07:57 --------- d-----w G:\Documents and Settings\Greg\Application Data\Lavasoft
    2008-06-25 07:51 --------- d-----w G:\Program Files\MGI
    2008-06-25 07:51 --------- d-----w G:\Program Files\Common Files\MGI Shared
    2008-06-25 07:51 --------- d-----w G:\Documents and Settings\Greg\Application Data\MGI
    2008-06-25 07:50 --------- d-----w G:\Program Files\Hewlett-Packard
    2008-06-25 07:20 --------- d-----w G:\Program Files\microsoft frontpage
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AWMON"="G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2005-05-25 12:12 517632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
    "HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
    "DeviceDiscovery"="G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
    "Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "ZoneAlarm Client"="G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
    "NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "srePostpone"="g:\windows\system32\zonelabs\srescan.dll" [2008-02-27 03:10 1504736]

    G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NeroFilterCheck"=G:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "G:\\WINDOWS\\system32\\spoolsv.exe"=
    "G:\\Program Files\\Bonjour\\mDNSResponder.exe"=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ced62ee-5eb8-11dd-90c5-001485358c6b}]
    \Shell\AutoRun\command - H:\setupSNK.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-13 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{2a49ed1f-ff7f-4a5b-82c0-ccfdc3480149} - G:\WINDOWS\system32\ditlep.dll
    HKLM-Run-BM03bd692b - G:\WINDOWS\system32\qqyhphao.dll
    HKLM-Run-000000af - G:\WINDOWS\system32\wdbgvmvd.dll
    HKLM-Run-LSA Shellu - G:\Documents and Settings\Greg\lsass.exe
    Notify-awtqnolI - awtqnolI.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - G:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\1n7d796z.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
    FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    FF -: plugin - G:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-15 22:48:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    G:\WINDOWS\system32\ati2evxx.exe
    G:\WINDOWS\system32\ZoneLabs\vsmon.exe
    G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    G:\Program Files\Bonjour\mDNSResponder.exe
    G:\Program Files\Common Files\LightScribe\LSSrvc.exe
    G:\WINDOWS\system32\HPZipm12.exe
    G:\WINDOWS\system32\ati2evxx.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
    G:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\update\update.exe
    .
    **************************************************************************
    .
    Completion time: 2008-08-15 22:54:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-16 04:54:26

    Pre-Run: 258,097,811,456 bytes free
    Post-Run: 257,590,329,344 bytes free

    251 --- E O F --- 2008-07-23 09:02:48





    -------------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:46 PM, on 8/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    G:\Program Files\Bonjour\mDNSResponder.exe
    G:\Program Files\Common Files\LightScribe\LSSrvc.exe
    G:\WINDOWS\system32\HPZipm12.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\wuauclt.exe
    G:\WINDOWS\system32\wuauclt.exe
    G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
    G:\WINDOWS\System32\svchost.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    G:\WINDOWS\explorer.exe
    G:\WINDOWS\system32\wscntfy.exe
    G:\Program Files\internet explorer\iexplore.exe
    G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
    O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
    O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379609671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=23100
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5951 bytes
  4. 2008-08-16, 07:11 #14
    X2FLYA320
    X2FLYA320 is offline
    Junior Member X2FLYA320's Avatar
    Join Date
    Jul 2008
    Location
    Denver
    Posts
    20

    Default

    Not sure if it's related. but I think it is. I keep getting an error message at windows startup saying.

    Error Loading G:\windows\system32\qqyhphao.dll


    would you happen to know what this might be or how to fix it? Thank you!
    Cheers,
    Greg
  5. 2008-08-16, 10:43 #15
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Yes, it happened because Ad-Watch is on.

    See here how to disable it.

    After that:

    Open HijackThis, click do a system scan only and checkmark this:

    O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s

    Close all windows including browser and press fix checked.

    Reboot.

    Post back a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  6. 2008-08-18, 04:49 #16
    X2FLYA320
    X2FLYA320 is offline
    Junior Member X2FLYA320's Avatar
    Join Date
    Jul 2008
    Location
    Denver
    Posts
    20

    Default OK, Awesoem! Here is a Fresh HJT Log

    Ok, Here is a Fresh HJT log page. Thge error message has dissapeared, and I don't appear to have any more trojans! Amazing!! Thank you sooooo much!!!!
    Greg

    Anything else I need to do?



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:47:09 PM, on 8/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\ZoneLabs\vsmon.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    G:\Program Files\Bonjour\mDNSResponder.exe
    G:\Program Files\Common Files\LightScribe\LSSrvc.exe
    G:\WINDOWS\system32\HPZipm12.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\Explorer.EXE
    G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    G:\WINDOWS\system32\wuauclt.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\WINDOWS\system32\wuauclt.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LSA Shellu] G:\Documents and Settings\Greg\lsass.exe
    O4 - HKLM\..\Run: [000000af] rundll32.exe "G:\WINDOWS\system32\wdbgvmvd.dll",b
    O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
    O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
    O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379609671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=23100
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6153 bytes
  7. 2008-08-18, 10:28 #17
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    There are other bad entries left.

    Please disable Ad-Watch and keep it disabled.

    Open notepad and copy/paste the text in the codebox below into it:

    Code:
    File::
G:\Documents and Settings\Greg\lsass.exe
G:\WINDOWS\system32\wdbgvmvd.dl
G:\WINDOWS\system32\qqyhphao.dll

Folder::
G:\WINDOWS\system32\carH18

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LSA Shellu"=-
"000000af"=-
"BM03bd692b"=-
    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  8. 2008-08-18, 19:55 #18
    X2FLYA320
    X2FLYA320 is offline
    Junior Member X2FLYA320's Avatar
    Join Date
    Jul 2008
    Location
    Denver
    Posts
    20

    Default Ok, fresh HJT and Combofix

    Shaba,
    I hope I didn't screw anything up, but after I thought everything was fixed I ran a windows update to SP3. So if things are different or I screwed something up I apologize!
    Here is the Combofix and HJT logs.

    ComboFix 08-08-17.03 - Greg 2008-08-18 11:49:49.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1146 [GMT -6:00]
    Running from: G:\Documents and Settings\Greg\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
    .

    2008-08-17 23:02 . 2008-08-18 11:09 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\LimeWire
    2008-08-17 23:01 . 2008-08-17 23:01 <DIR> d-------- G:\Program Files\LimeWire
    2008-08-17 22:51 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\iTunes
    2008-08-17 22:51 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\iPod
    2008-08-17 22:50 . 2008-08-17 22:50 <DIR> d----c--- G:\WINDOWS\system32\DRVSTORE
    2008-08-17 22:50 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\QuickTime
    2008-08-17 22:50 . 2008-08-17 22:51 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-17 22:49 . 2008-08-17 22:49 <DIR> d-------- G:\Program Files\Common Files\Apple
    2008-08-17 22:02 . 2008-04-13 10:39 142,592 --a------ G:\WINDOWS\system32\drivers\aec.sys
    2008-08-17 22:02 . 2008-04-13 10:39 142,592 --a--c--- G:\WINDOWS\system32\dllcache\aec.sys
    2008-08-17 22:02 . 2008-04-13 13:17 83,072 --a------ G:\WINDOWS\system32\drivers\wdmaud.sys
    2008-08-17 22:02 . 2008-04-13 13:17 83,072 --a--c--- G:\WINDOWS\system32\dllcache\wdmaud.sys
    2008-08-17 22:02 . 2008-04-13 12:45 56,576 --a------ G:\WINDOWS\system32\drivers\swmidi.sys
    2008-08-17 22:02 . 2008-04-13 12:45 56,576 --a--c--- G:\WINDOWS\system32\dllcache\swmidi.sys
    2008-08-17 22:02 . 2008-04-13 12:45 52,864 --a------ G:\WINDOWS\system32\drivers\DMusic.sys
    2008-08-17 22:02 . 2008-04-13 12:45 52,864 --a--c--- G:\WINDOWS\system32\dllcache\dmusic.sys
    2008-08-17 22:02 . 2008-04-13 12:45 6,272 --a------ G:\WINDOWS\system32\drivers\splitter.sys
    2008-08-17 22:02 . 2008-04-13 12:45 6,272 --a--c--- G:\WINDOWS\system32\dllcache\splitter.sys
    2008-08-17 22:01 . 2008-08-17 22:01 <DIR> d-------- G:\Program Files\Realtek AC97
    2008-08-17 21:39 . 2008-08-17 21:39 <DIR> d-------- G:\Program Files\Windows Media Connect 2
    2008-08-17 21:38 . 2008-08-17 21:39 <DIR> d-------- G:\WINDOWS\system32\drivers\UMDF
    2008-08-17 21:31 . 2008-04-13 18:12 221,184 --a------ G:\WINDOWS\system32\wmpns.dll
    2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\scripting
    2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\en
    2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\bits
    2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\l2schemas
    2008-08-17 21:16 . 2008-08-17 21:20 <DIR> d-------- G:\WINDOWS\ServicePackFiles
    2008-08-15 22:56 . 2008-04-11 13:04 691,712 -----c--- G:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-06 23:38 . 2008-08-15 05:57 <DIR> d-------- G:\Program Files\Spyware Doctor
    2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\PC Tools
    2008-08-06 23:38 . 2008-06-10 21:22 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
    2008-08-06 23:38 . 2008-06-02 15:19 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
    2008-08-06 23:38 . 2008-06-02 15:19 42,376 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-08-06 23:38 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
    2008-08-06 22:10 . 2008-08-06 22:10 169 --a------ G:\WINDOWS\RtlRack.ini
    2008-08-06 21:01 . 2006-08-01 15:02 49,152 --a------ G:\WINDOWS\system32\ChCfg.exe
    2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\Realtek Sound Manager
    2008-08-06 20:59 . 2008-08-17 22:01 <DIR> d-------- G:\Program Files\AvRack
    2008-08-06 20:59 . 2006-08-18 13:52 4,017,536 -ra------ G:\WINDOWS\system32\drivers\alcxwdm.sys
    2008-08-06 20:59 . 2008-04-13 13:19 146,048 --a------ G:\WINDOWS\system32\drivers\portcls.sys
    2008-08-06 20:59 . 2008-04-13 13:19 146,048 --a--c--- G:\WINDOWS\system32\dllcache\portcls.sys
    2008-08-06 20:59 . 2008-04-13 18:12 129,536 --a------ G:\WINDOWS\system32\ksproxy.ax
    2008-08-06 20:59 . 2008-04-13 18:12 129,536 --a--c--- G:\WINDOWS\system32\dllcache\ksproxy.ax
    2008-08-06 20:59 . 2008-04-13 12:45 60,160 --a------ G:\WINDOWS\system32\drivers\drmk.sys
    2008-08-06 20:59 . 2008-04-13 12:45 60,160 --a--c--- G:\WINDOWS\system32\dllcache\drmk.sys
    2008-08-06 20:59 . 2008-04-13 18:11 4,096 --a------ G:\WINDOWS\system32\ksuser.dll
    2008-08-06 20:59 . 2008-04-13 18:11 4,096 --a--c--- G:\WINDOWS\system32\dllcache\ksuser.dll
    2008-08-06 20:58 . 2006-08-17 08:11 18,804,736 --a------ G:\WINDOWS\system32\alsndmgr.cpl
    2008-08-06 20:58 . 2006-08-10 07:27 10,528,768 --a------ G:\WINDOWS\system32\RTLCPL.exe
    2008-08-06 20:58 . 2006-08-03 05:12 577,536 --a------ G:\WINDOWS\soundman.exe
    2008-08-06 20:58 . 2006-07-31 11:19 315,392 --a------ G:\WINDOWS\alcupd.exe
    2008-08-06 20:58 . 2006-07-31 11:27 217,088 --a------ G:\WINDOWS\Alcrmv.exe
    2008-08-06 20:58 . 2006-08-01 14:58 143,360 --a------ G:\WINDOWS\system32\RtlCPAPI.dll
    2008-08-06 20:58 . 2002-02-05 13:54 141,016 --a------ G:\WINDOWS\system32\alsndmgr.wav
    2008-08-04 03:16 . 2008-08-05 23:34 2,369 --a------ G:\WINDOWS\system32\tblodx32.dll
    2008-08-04 02:08 . 2008-08-17 22:56 <DIR> d-------- G:\Program Files\SpywareBlaster
    2008-08-04 02:08 . 2008-08-15 22:37 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-03 02:21 . 2008-08-03 02:21 18,044 --ah----- G:\WINDOWS\system32\mlfcache.dat
    2008-08-03 02:17 . 2008-08-18 01:03 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\Apple Computer
    2008-08-03 02:11 . 2008-08-03 02:12 <DIR> d-------- G:\Program Files\Safari
    2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Bonjour
    2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Apple Software Update
    2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
    2008-08-03 01:47 . 2008-08-03 01:47 164 --a------ G:\WINDOWS\system32\AddPort.ini
    2008-08-03 01:42 . 2008-08-03 01:47 1,758 --a------ G:\WINDOWS\hpntwksetup.ini
    2008-08-03 01:41 . 2008-08-03 01:47 <DIR> d-------- G:\TEMP
    2008-08-03 01:41 . 2008-07-03 22:17 105,342 --------- G:\WINDOWS\HPFins09.dat.temp
    2008-08-03 01:41 . 2005-11-01 03:29 3,732 --------- G:\WINDOWS\hpfmdl09.dat.temp
    2008-08-03 00:05 . 2008-08-03 00:05 <DIR> d-------- G:\WINDOWS\Sun
    2008-08-03 00:04 . 2008-08-03 00:04 <DIR> d-------- G:\Program Files\Sun
    2008-08-03 00:03 . 2008-06-10 02:32 73,728 --a------ G:\WINDOWS\system32\javacpl.cpl
    2008-08-03 00:02 . 2008-08-03 00:03 <DIR> d-------- G:\Program Files\Java
    2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- G:\Program Files\Common Files\Java
    2008-08-02 23:59 . 2008-08-02 23:59 <DIR> d-------- G:\Program Files\SDM20
    2008-07-31 12:06 . 2008-07-25 08:14 120,320 --a------ G:\WINDOWS\system32\avm.cpl
    2008-07-31 00:20 . 2008-08-04 00:51 <DIR> d-------- G:\Program Files\Trend Micro
    2008-07-30 22:42 . 2008-07-30 22:42 <DIR> d-------- G:\Program Files\Spybot - Search & Destroy
    2008-07-30 22:42 . 2008-07-30 22:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-23 15:21 . 2008-07-23 15:21 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\MailFrontier
    2008-07-23 13:51 . 2008-08-18 08:54 1,276 --a------ G:\rollback.ini
    2008-07-23 13:48 . 2008-07-23 14:30 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\MailFrontier
    2008-07-23 13:45 . 2008-08-18 11:50 5,831,200 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-23 13:45 . 2008-08-18 11:13 78,788 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-23 13:39 . 2008-07-23 14:18 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- G:\Program Files\Zone Labs
    2008-07-22 19:09 . 2008-06-13 05:05 272,128 --------- G:\WINDOWS\system32\drivers\bthport.sys
    2008-07-22 19:09 . 2008-06-13 05:05 272,128 -----c--- G:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-22 19:08 . 2008-05-08 08:02 203,136 -----c--- G:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-22 12:33 . 2008-08-17 21:38 <DIR> d-------- G:\WINDOWS\system32\LogFiles
    2008-07-21 21:22 . 2008-07-21 21:22 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\Lavasoft
    2008-07-21 17:32 . 2008-08-17 21:48 4,212 ---h----- G:\WINDOWS\system32\zllictbl.dat
    2008-07-21 17:31 . 2008-08-18 11:33 <DIR> d-------- G:\WINDOWS\Internet Logs
    2008-07-20 22:38 . 2008-07-20 22:38 77 --a------ G:\Documents and Settings\Tammy\2964.bat
    2008-07-19 19:21 . 2008-07-19 19:21 <DIR> d-------- G:\Program Files\AIM Search
    2008-07-19 19:21 . 2008-07-21 18:37 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-07-19 19:20 . 2008-07-21 15:56 <DIR> d-------- G:\Program Files\Common Files\AOL
    2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL OCP
    2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL
    2008-07-19 19:20 . 2008-07-19 19:21 387 --ah----- G:\IPH.PH

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-14 04:38 1,469,952 ----a-w G:\WINDOWS\Internet Logs\xDBB.tmp
    2008-08-11 20:29 4,073,605 ----a-w G:\WINDOWS\Internet Logs\tvDebug.zip
    2008-08-11 06:11 1,470,464 ----a-w G:\WINDOWS\Internet Logs\xDBA.tmp
    2008-08-07 17:09 1,468,416 ----a-w G:\WINDOWS\Internet Logs\xDB9.tmp
    2008-08-07 02:58 --------- d--h--w G:\Program Files\InstallShield Installation Information
    2008-08-07 02:58 --------- d-----w G:\Program Files\Common Files\InstallShield
    2008-08-03 07:57 1,378,816 ----a-w G:\WINDOWS\Internet Logs\xDB8.tmp
    2008-08-03 07:47 --------- d-----w G:\Documents and Settings\All Users\Application Data\HP
    2008-07-31 05:36 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB6.tmp
    2008-07-31 05:18 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB7.tmp
    2008-07-31 04:53 1,824,768 ----a-w G:\WINDOWS\Internet Logs\xDB5.tmp
    2008-07-31 04:21 1,814,016 ----a-w G:\WINDOWS\Internet Logs\xDB4.tmp
    2008-07-30 08:11 1,810,432 ----a-w G:\WINDOWS\Internet Logs\xDB3.tmp
    2008-07-30 02:20 1,808,384 ----a-w G:\WINDOWS\Internet Logs\xDB2.tmp
    2008-07-29 07:04 1,805,824 ----a-w G:\WINDOWS\Internet Logs\xDB1.tmp
    2008-07-28 23:08 1,357,824 ----a-w G:\WINDOWS\Internet Logs\xDB1B.tmp
    2008-07-09 15:05 75,248 ----a-w G:\WINDOWS\zllsputility.exe
    2008-07-09 15:05 1,086,952 ----a-w G:\WINDOWS\system32\zpeng24.dll
    2008-07-07 20:26 253,952 ----a-w G:\WINDOWS\system32\es.dll
    2008-07-04 04:18 --------- d-----w G:\Documents and Settings\Greg\Application Data\HP
    2008-07-04 04:06 --------- d-----w G:\Program Files\HP
    2008-06-30 17:39 --------- d-----w G:\Program Files\Common Files\Adobe
    2008-06-26 03:26 --------- d-----w G:\Program Files\Microsoft ActiveSync
    2008-06-25 08:06 --------- d-----w G:\Program Files\Common Files\LightScribe
    2008-06-25 08:06 --------- d-----w G:\Program Files\Ahead
    2008-06-25 08:05 --------- d-----w G:\Program Files\Common Files\Nero
    2008-06-25 08:03 --------- d-----w G:\Program Files\Common Files\Ahead
    2008-06-25 08:03 --------- d-----w G:\Documents and Settings\All Users\Application Data\Ahead
    2008-06-25 07:57 --------- d-----w G:\Program Files\Lavasoft
    2008-06-25 07:57 --------- d-----w G:\Documents and Settings\Greg\Application Data\Lavasoft
    2008-06-25 07:51 --------- d-----w G:\Program Files\MGI
    2008-06-25 07:51 --------- d-----w G:\Program Files\Common Files\MGI Shared
    2008-06-25 07:51 --------- d-----w G:\Documents and Settings\Greg\Application Data\MGI
    2008-06-25 07:50 --------- d-----w G:\Program Files\Hewlett-Packard
    2008-06-25 07:20 --------- d-----w G:\Program Files\microsoft frontpage
    2008-06-24 16:43 74,240 ----a-w G:\WINDOWS\system32\mscms.dll
    2008-06-23 16:57 826,368 ----a-w G:\WINDOWS\system32\wininet.dll
    2008-06-20 17:46 245,248 ----a-w G:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:51 361,600 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w G:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-08-18_11.17.17.87 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-18 17:14:02 672,572 ----a-w G:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
    + 2008-08-18 17:35:11 673,328 ----a-w G:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
    "HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
    "DeviceDiscovery"="G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
    "Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "ZoneAlarm Client"="G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
    "NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
    "AppleSyncNotifier"="G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
    "QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 G:\WINDOWS\soundman.exe]

    G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NeroFilterCheck"=G:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "G:\\WINDOWS\\system32\\spoolsv.exe"=
    "G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "G:\\Program Files\\iTunes\\iTunes.exe"=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ced62ee-5eb8-11dd-90c5-001485358c6b}]
    \Shell\AutoRun\command - H:\setupSNK.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-13 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - G:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\1n7d796z.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
    FF -: plugin - G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    FF -: plugin - G:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-18 11:51:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-18 11:51:50
    ComboFix-quarantined-files.txt 2008-08-18 17:51:48
    ComboFix2.txt 2008-08-18 17:18:15
    ComboFix3.txt 2008-08-16 04:54:53

    Pre-Run: 252,972,765,184 bytes free
    Post-Run: 252,961,972,224 bytes free

    219 --- E O F --- 2008-08-18 03:25:30




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:55:34 AM, on 8/18/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    G:\Program Files\Bonjour\mDNSResponder.exe
    G:\Program Files\Common Files\LightScribe\LSSrvc.exe
    G:\WINDOWS\system32\HPZipm12.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\SOUNDMAN.EXE
    G:\Program Files\iTunes\iTunesHelper.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    G:\Program Files\iPod\bin\iPodService.exe
    G:\WINDOWS\system32\wscntfy.exe
    G:\WINDOWS\explorer.exe
    G:\WINDOWS\system32\notepad.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379609671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=23100
    O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6281 bytes
  9. 2008-08-18, 19:59 #19
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Well you could have screwed up but luckily not this time

    Where has AntiVir gone?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  10. 2008-08-18, 21:43 #20
    X2FLYA320
    X2FLYA320 is offline
    Junior Member X2FLYA320's Avatar
    Join Date
    Jul 2008
    Location
    Denver
    Posts
    20

    Default

    Whew. Good. Well, I had like three antivirus programs running I think, (Zone alarm, Adaware, and Antivir), so I uninstalled AntiVir, since it was the free one. SHould that be the one to keep? Oh I also had/have spyware doctor 6.0 . What would you reccomend from now on?
    Thanks!
    Greg
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules