Ok, here it is Friday, and I am finally home to get to my computer. I thought I could have gotten to it Monday, but got called back to work.
Thank you for your patience.
Greg
Ok, here it is Friday, and I am finally home to get to my computer. I thought I could have gotten to it Monday, but got called back to work.
Thank you for your patience.
Greg
Thank you for update
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Ok, FInally- Here you go. Thank you!
ComboFix 08-08-14.05 - Greg 2008-08-15 22:39:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1169 [GMT -6:00]
Running from: G:\Documents and Settings\Greg\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\#SharedObjects\A8XULN5P\interclick.com
G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\#SharedObjects\A8XULN5P\interclick.com\ud.sol
G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Greg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\Documents and Settings\Greg\Cookies\greg@adtrgt[2].txt
G:\Documents and Settings\Greg\Cookies\greg@delb.opt.fimserve[1].txt
G:\Documents and Settings\Greg\Cookies\greg@homedepot[1].txt
G:\Documents and Settings\Greg\Cookies\greg@lawyers[1].txt
G:\Documents and Settings\Greg\Cookies\greg@safepctool[1].txt
G:\Documents and Settings\Greg\Cookies\greg@www.partselect[1].txt
G:\Documents and Settings\Greg\Cookies\greg@yahoo[2].txt
G:\Documents and Settings\Greg\Cookies\greg@yahoo[3].txt
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\#SharedObjects\9PEVZ6H7\interclick.com
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\#SharedObjects\9PEVZ6H7\interclick.com\ud.sol
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Other\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\Documents and Settings\Other\Cookies\other@walmart[1].txt
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\#SharedObjects\G54VLJ2K\interclick.com
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\#SharedObjects\G54VLJ2K\interclick.com\ud.sol
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Tammy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\Documents and Settings\Tammy\Cookies\tammy@adtrgt[2].txt
G:\Documents and Settings\Tammy\Cookies\tammy@ehg.fedex[1].txt
G:\Documents and Settings\Tammy\Cookies\tammy@getmusicfree.aavalue[2].txt
G:\Documents and Settings\Tammy\Desktop\Antivirus Master.lnk
G:\Program Files\AVM
G:\Program Files\AVM\avm.cpl
G:\Program Files\AVM\avm.exe
G:\Program Files\AVM\avm0.dat
G:\Program Files\AVM\avm1.dat
G:\WINDOWS\BM03bd692b.txt
G:\WINDOWS\BM03bd692b.xml
G:\WINDOWS\cookies.ini
G:\WINDOWS\system32\dvmvgbdw.ini
G:\WINDOWS\system32\eavfqkbu.exe
G:\WINDOWS\system32\fmlugyef.exe
G:\WINDOWS\system32\fykbrvsf.exe
G:\WINDOWS\system32\HhhhgMoq.ini
G:\WINDOWS\system32\HhhhgMoq.ini2
G:\WINDOWS\system32\lbyjjynt.exe
G:\WINDOWS\system32\mcrh.tmp
G:\WINDOWS\system32\mmesjfuf.exe
G:\WINDOWS\system32\nymakkri.exe
G:\WINDOWS\system32\pybmcjsa.exe
G:\WINDOWS\system32\qoMghhhH.dll
G:\WINDOWS\system32\qsrmdbbj.ini
G:\WINDOWS\system32\roetswsf.exe
G:\WINDOWS\system32\vlbhgynk.exe
G:\WINDOWS\system32\wffndmtx.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.
2008-08-06 23:38 . 2008-08-15 05:57 <DIR> d-------- G:\Program Files\Spyware Doctor
2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\PC Tools
2008-08-06 23:38 . 2008-06-10 21:22 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-06 23:38 . 2008-06-02 15:19 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-06 23:38 . 2008-06-02 15:19 42,376 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-06 23:38 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-08-06 22:10 . 2008-08-06 22:10 169 --a------ G:\WINDOWS\RtlRack.ini
2008-08-06 21:01 . 2006-08-01 15:02 49,152 --a------ G:\WINDOWS\system32\ChCfg.exe
2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\Realtek Sound Manager
2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\AvRack
2008-08-06 20:59 . 2006-08-18 13:52 4,017,536 -ra------ G:\WINDOWS\system32\drivers\alcxwdm.sys
2008-08-06 20:59 . 2004-08-03 23:15 145,792 --a------ G:\WINDOWS\system32\drivers\portcls.sys
2008-08-06 20:59 . 2004-08-03 23:15 145,792 --a--c--- G:\WINDOWS\system32\dllcache\portcls.sys
2008-08-06 20:59 . 2004-08-04 00:56 130,048 --a------ G:\WINDOWS\system32\ksproxy.ax
2008-08-06 20:59 . 2004-08-04 00:56 130,048 --a--c--- G:\WINDOWS\system32\dllcache\ksproxy.ax
2008-08-06 20:59 . 2004-08-03 23:08 60,288 --a------ G:\WINDOWS\system32\drivers\drmk.sys
2008-08-06 20:59 . 2004-08-03 23:08 60,288 --a--c--- G:\WINDOWS\system32\dllcache\drmk.sys
2008-08-06 20:59 . 2004-08-04 00:56 4,096 --a------ G:\WINDOWS\system32\ksuser.dll
2008-08-06 20:59 . 2004-08-04 00:56 4,096 --a--c--- G:\WINDOWS\system32\dllcache\ksuser.dll
2008-08-06 20:59 . 2001-07-06 00:19 164 --a------ G:\WINDOWS\avrack.ini
2008-08-06 20:58 . 2008-08-06 20:58 <DIR> d-------- G:\Program Files\Realtek AC97
2008-08-06 20:58 . 2006-08-17 08:11 18,804,736 --a------ G:\WINDOWS\system32\alsndmgr.cpl
2008-08-06 20:58 . 2006-08-10 07:27 10,528,768 --a------ G:\WINDOWS\system32\RTLCPL.exe
2008-08-06 20:58 . 2006-08-03 05:12 577,536 --a------ G:\WINDOWS\soundman.exe
2008-08-06 20:58 . 2006-07-31 11:19 315,392 --a------ G:\WINDOWS\alcupd.exe
2008-08-06 20:58 . 2006-07-31 11:27 217,088 --a------ G:\WINDOWS\Alcrmv.exe
2008-08-06 20:58 . 2006-08-01 14:58 143,360 --a------ G:\WINDOWS\system32\RtlCPAPI.dll
2008-08-06 20:58 . 2002-02-05 13:54 141,016 --a------ G:\WINDOWS\system32\alsndmgr.wav
2008-08-04 03:16 . 2008-08-05 23:34 2,369 --a------ G:\WINDOWS\system32\tblodx32.dll
2008-08-04 02:08 . 2008-08-04 02:30 <DIR> d-------- G:\Program Files\SpywareBlaster
2008-08-04 02:08 . 2008-08-15 22:37 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 02:21 . 2008-08-03 02:21 18,044 --ah----- G:\WINDOWS\system32\mlfcache.dat
2008-08-03 02:17 . 2008-08-03 02:17 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\Apple Computer
2008-08-03 02:11 . 2008-08-03 02:12 <DIR> d-------- G:\Program Files\Safari
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Bonjour
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Apple Software Update
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 01:47 . 2008-08-03 01:47 164 --a------ G:\WINDOWS\system32\AddPort.ini
2008-08-03 01:42 . 2008-08-03 01:47 1,758 --a------ G:\WINDOWS\hpntwksetup.ini
2008-08-03 01:41 . 2008-08-03 01:47 <DIR> d-------- G:\TEMP
2008-08-03 01:41 . 2008-07-03 22:17 105,342 --------- G:\WINDOWS\HPFins09.dat.temp
2008-08-03 01:41 . 2005-11-01 03:29 3,732 --------- G:\WINDOWS\hpfmdl09.dat.temp
2008-08-03 00:05 . 2008-08-03 00:05 <DIR> d-------- G:\WINDOWS\Sun
2008-08-03 00:04 . 2008-08-03 00:04 <DIR> d-------- G:\Program Files\Sun
2008-08-03 00:03 . 2008-06-10 02:32 73,728 --a------ G:\WINDOWS\system32\javacpl.cpl
2008-08-03 00:02 . 2008-08-03 00:03 <DIR> d-------- G:\Program Files\Java
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- G:\Program Files\Common Files\Java
2008-08-02 23:59 . 2008-08-02 23:59 <DIR> d-------- G:\Program Files\SDM20
2008-08-02 23:30 . 2008-08-02 23:30 <DIR> d-------- G:\Program Files\Avira
2008-08-02 23:30 . 2008-08-02 23:30 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Avira
2008-07-31 12:06 . 2008-07-25 08:14 120,320 --a------ G:\WINDOWS\system32\avm.cpl
2008-07-31 00:20 . 2008-08-04 00:51 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-30 22:42 . 2008-07-30 22:42 <DIR> d-------- G:\Program Files\Spybot - Search & Destroy
2008-07-30 22:42 . 2008-07-30 22:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 15:21 . 2008-07-23 15:21 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\MailFrontier
2008-07-23 13:51 . 2008-08-10 23:54 1,282 --a------ G:\rollback.ini
2008-07-23 13:48 . 2008-07-23 14:30 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\MailFrontier
2008-07-23 13:45 . 2008-08-15 22:49 4,696,864 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
2008-07-23 13:45 . 2008-08-15 22:44 63,476 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
2008-07-23 13:39 . 2008-07-23 14:18 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- G:\Program Files\Zone Labs
2008-07-22 19:09 . 2008-06-13 07:10 272,128 --------- G:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 19:09 . 2008-06-13 07:10 272,128 -----c--- G:\WINDOWS\system32\dllcache\bthport.sys
2008-07-22 12:33 . 2008-07-22 12:33 <DIR> d-------- G:\WINDOWS\system32\LogFiles
2008-07-21 21:26 . 2008-07-21 21:26 <DIR> d---s---- G:\Documents and Settings\Tammy\UserData
2008-07-21 21:22 . 2008-07-21 21:22 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\Lavasoft
2008-07-21 17:32 . 2008-08-15 22:45 4,212 ---h----- G:\WINDOWS\system32\zllictbl.dat
2008-07-21 17:31 . 2008-08-15 22:46 <DIR> d-------- G:\WINDOWS\Internet Logs
2008-07-20 22:38 . 2008-07-23 18:25 <DIR> d-------- G:\WINDOWS\system32\carH18
2008-07-20 22:38 . 2008-07-20 22:38 77 --a------ G:\Documents and Settings\Tammy\2964.bat
2008-07-19 19:21 . 2008-07-19 19:21 <DIR> d-------- G:\Program Files\AIM Search
2008-07-19 19:21 . 2008-07-21 18:37 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-19 19:20 . 2008-07-21 15:56 <DIR> d-------- G:\Program Files\Common Files\AOL
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL
2008-07-19 19:20 . 2008-07-19 19:21 387 --ah----- G:\IPH.PH
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 04:38 1,469,952 ----a-w G:\WINDOWS\Internet Logs\xDBB.tmp
2008-08-11 20:29 4,073,605 ----a-w G:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-11 06:11 1,470,464 ----a-w G:\WINDOWS\Internet Logs\xDBA.tmp
2008-08-07 17:09 1,468,416 ----a-w G:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-07 02:58 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-08-07 02:58 --------- d-----w G:\Program Files\Common Files\InstallShield
2008-08-03 07:57 1,378,816 ----a-w G:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-03 07:47 --------- d-----w G:\Documents and Settings\All Users\Application Data\HP
2008-07-31 05:36 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-31 05:18 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-31 04:53 1,824,768 ----a-w G:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-31 04:21 1,814,016 ----a-w G:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-30 08:11 1,810,432 ----a-w G:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-30 02:20 1,808,384 ----a-w G:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-29 07:04 1,805,824 ----a-w G:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-28 23:08 1,357,824 ----a-w G:\WINDOWS\Internet Logs\xDB1B.tmp
2008-07-09 15:05 75,248 ----a-w G:\WINDOWS\zllsputility.exe
2008-07-09 15:05 1,086,952 ----a-w G:\WINDOWS\system32\zpeng24.dll
2008-07-04 04:18 --------- d-----w G:\Documents and Settings\Greg\Application Data\HP
2008-07-04 04:06 --------- d-----w G:\Program Files\HP
2008-06-30 17:39 --------- d-----w G:\Program Files\Common Files\Adobe
2008-06-26 03:26 --------- d-----w G:\Program Files\Microsoft ActiveSync
2008-06-25 08:06 --------- d-----w G:\Program Files\Common Files\LightScribe
2008-06-25 08:06 --------- d-----w G:\Program Files\Ahead
2008-06-25 08:05 --------- d-----w G:\Program Files\Common Files\Nero
2008-06-25 08:03 --------- d-----w G:\Program Files\Common Files\Ahead
2008-06-25 08:03 --------- d-----w G:\Documents and Settings\All Users\Application Data\Ahead
2008-06-25 07:57 --------- d-----w G:\Program Files\Lavasoft
2008-06-25 07:57 --------- d-----w G:\Documents and Settings\Greg\Application Data\Lavasoft
2008-06-25 07:51 --------- d-----w G:\Program Files\MGI
2008-06-25 07:51 --------- d-----w G:\Program Files\Common Files\MGI Shared
2008-06-25 07:51 --------- d-----w G:\Documents and Settings\Greg\Application Data\MGI
2008-06-25 07:50 --------- d-----w G:\Program Files\Hewlett-Packard
2008-06-25 07:20 --------- d-----w G:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2005-05-25 12:12 517632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
"DeviceDiscovery"="G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"srePostpone"="g:\windows\system32\zonelabs\srescan.dll" [2008-02-27 03:10 1504736]
G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=G:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\WINDOWS\\system32\\spoolsv.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ced62ee-5eb8-11dd-90c5-001485358c6b}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-13 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{2a49ed1f-ff7f-4a5b-82c0-ccfdc3480149} - G:\WINDOWS\system32\ditlep.dll
HKLM-Run-BM03bd692b - G:\WINDOWS\system32\qqyhphao.dll
HKLM-Run-000000af - G:\WINDOWS\system32\wdbgvmvd.dll
HKLM-Run-LSA Shellu - G:\Documents and Settings\Greg\lsass.exe
Notify-awtqnolI - awtqnolI.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - G:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\1n7d796z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - G:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 22:48:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\WINDOWS\system32\ati2evxx.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\ati2evxx.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
G:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\update\update.exe
.
**************************************************************************
.
Completion time: 2008-08-15 22:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 04:54:26
Pre-Run: 258,097,811,456 bytes free
Post-Run: 257,590,329,344 bytes free
251 --- E O F --- 2008-07-23 09:02:48
-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:46 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\internet explorer\iexplore.exe
G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=23100
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5951 bytes
Not sure if it's related. but I think it is. I keep getting an error message at windows startup saying.
Error Loading G:\windows\system32\qqyhphao.dll
would you happen to know what this might be or how to fix it? Thank you!
Cheers,
Greg
Yes, it happened because Ad-Watch is on.
See here how to disable it.
After that:
Open HijackThis, click do a system scan only and checkmark this:
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
Close all windows including browser and press fix checked.
Reboot.
Post back a fresh HijackThis log.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Ok, Here is a Fresh HJT log page. Thge error message has dissapeared, and I don't appear to have any more trojans! Amazing!! Thank you sooooo much!!!!
Greg
Anything else I need to do?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:09 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LSA Shellu] G:\Documents and Settings\Greg\lsass.exe
O4 - HKLM\..\Run: [000000af] rundll32.exe "G:\WINDOWS\system32\wdbgvmvd.dll",b
O4 - HKLM\..\Run: [BM03bd692b] Rundll32.exe "G:\WINDOWS\system32\qqyhphao.dll",s
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe g:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [AWMON] "G:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=23100
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6153 bytes
There are other bad entries left.
Please disable Ad-Watch and keep it disabled.
Open notepad and copy/paste the text in the codebox below into it:
Save this as "CFScript"Code:File:: G:\Documents and Settings\Greg\lsass.exe G:\WINDOWS\system32\wdbgvmvd.dl G:\WINDOWS\system32\qqyhphao.dll Folder:: G:\WINDOWS\system32\carH18 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LSA Shellu"=- "000000af"=- "BM03bd692b"=-
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Shaba,
I hope I didn't screw anything up, but after I thought everything was fixed I ran a windows update to SP3. So if things are different or I screwed something up I apologize!
Here is the Combofix and HJT logs.
ComboFix 08-08-17.03 - Greg 2008-08-18 11:49:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1146 [GMT -6:00]
Running from: G:\Documents and Settings\Greg\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-17 23:02 . 2008-08-18 11:09 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\LimeWire
2008-08-17 23:01 . 2008-08-17 23:01 <DIR> d-------- G:\Program Files\LimeWire
2008-08-17 22:51 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\iTunes
2008-08-17 22:51 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\iPod
2008-08-17 22:50 . 2008-08-17 22:50 <DIR> d----c--- G:\WINDOWS\system32\DRVSTORE
2008-08-17 22:50 . 2008-08-17 22:51 <DIR> d-------- G:\Program Files\QuickTime
2008-08-17 22:50 . 2008-08-17 22:51 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-17 22:49 . 2008-08-17 22:49 <DIR> d-------- G:\Program Files\Common Files\Apple
2008-08-17 22:02 . 2008-04-13 10:39 142,592 --a------ G:\WINDOWS\system32\drivers\aec.sys
2008-08-17 22:02 . 2008-04-13 10:39 142,592 --a--c--- G:\WINDOWS\system32\dllcache\aec.sys
2008-08-17 22:02 . 2008-04-13 13:17 83,072 --a------ G:\WINDOWS\system32\drivers\wdmaud.sys
2008-08-17 22:02 . 2008-04-13 13:17 83,072 --a--c--- G:\WINDOWS\system32\dllcache\wdmaud.sys
2008-08-17 22:02 . 2008-04-13 12:45 56,576 --a------ G:\WINDOWS\system32\drivers\swmidi.sys
2008-08-17 22:02 . 2008-04-13 12:45 56,576 --a--c--- G:\WINDOWS\system32\dllcache\swmidi.sys
2008-08-17 22:02 . 2008-04-13 12:45 52,864 --a------ G:\WINDOWS\system32\drivers\DMusic.sys
2008-08-17 22:02 . 2008-04-13 12:45 52,864 --a--c--- G:\WINDOWS\system32\dllcache\dmusic.sys
2008-08-17 22:02 . 2008-04-13 12:45 6,272 --a------ G:\WINDOWS\system32\drivers\splitter.sys
2008-08-17 22:02 . 2008-04-13 12:45 6,272 --a--c--- G:\WINDOWS\system32\dllcache\splitter.sys
2008-08-17 22:01 . 2008-08-17 22:01 <DIR> d-------- G:\Program Files\Realtek AC97
2008-08-17 21:39 . 2008-08-17 21:39 <DIR> d-------- G:\Program Files\Windows Media Connect 2
2008-08-17 21:38 . 2008-08-17 21:39 <DIR> d-------- G:\WINDOWS\system32\drivers\UMDF
2008-08-17 21:31 . 2008-04-13 18:12 221,184 --a------ G:\WINDOWS\system32\wmpns.dll
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\scripting
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\en
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\system32\bits
2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- G:\WINDOWS\l2schemas
2008-08-17 21:16 . 2008-08-17 21:20 <DIR> d-------- G:\WINDOWS\ServicePackFiles
2008-08-15 22:56 . 2008-04-11 13:04 691,712 -----c--- G:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-06 23:38 . 2008-08-15 05:57 <DIR> d-------- G:\Program Files\Spyware Doctor
2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\PC Tools
2008-08-06 23:38 . 2008-06-10 21:22 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-06 23:38 . 2008-06-02 15:19 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-06 23:38 . 2008-06-02 15:19 42,376 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-06 23:38 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-08-06 22:10 . 2008-08-06 22:10 169 --a------ G:\WINDOWS\RtlRack.ini
2008-08-06 21:01 . 2006-08-01 15:02 49,152 --a------ G:\WINDOWS\system32\ChCfg.exe
2008-08-06 20:59 . 2008-08-06 20:59 <DIR> d-------- G:\Program Files\Realtek Sound Manager
2008-08-06 20:59 . 2008-08-17 22:01 <DIR> d-------- G:\Program Files\AvRack
2008-08-06 20:59 . 2006-08-18 13:52 4,017,536 -ra------ G:\WINDOWS\system32\drivers\alcxwdm.sys
2008-08-06 20:59 . 2008-04-13 13:19 146,048 --a------ G:\WINDOWS\system32\drivers\portcls.sys
2008-08-06 20:59 . 2008-04-13 13:19 146,048 --a--c--- G:\WINDOWS\system32\dllcache\portcls.sys
2008-08-06 20:59 . 2008-04-13 18:12 129,536 --a------ G:\WINDOWS\system32\ksproxy.ax
2008-08-06 20:59 . 2008-04-13 18:12 129,536 --a--c--- G:\WINDOWS\system32\dllcache\ksproxy.ax
2008-08-06 20:59 . 2008-04-13 12:45 60,160 --a------ G:\WINDOWS\system32\drivers\drmk.sys
2008-08-06 20:59 . 2008-04-13 12:45 60,160 --a--c--- G:\WINDOWS\system32\dllcache\drmk.sys
2008-08-06 20:59 . 2008-04-13 18:11 4,096 --a------ G:\WINDOWS\system32\ksuser.dll
2008-08-06 20:59 . 2008-04-13 18:11 4,096 --a--c--- G:\WINDOWS\system32\dllcache\ksuser.dll
2008-08-06 20:58 . 2006-08-17 08:11 18,804,736 --a------ G:\WINDOWS\system32\alsndmgr.cpl
2008-08-06 20:58 . 2006-08-10 07:27 10,528,768 --a------ G:\WINDOWS\system32\RTLCPL.exe
2008-08-06 20:58 . 2006-08-03 05:12 577,536 --a------ G:\WINDOWS\soundman.exe
2008-08-06 20:58 . 2006-07-31 11:19 315,392 --a------ G:\WINDOWS\alcupd.exe
2008-08-06 20:58 . 2006-07-31 11:27 217,088 --a------ G:\WINDOWS\Alcrmv.exe
2008-08-06 20:58 . 2006-08-01 14:58 143,360 --a------ G:\WINDOWS\system32\RtlCPAPI.dll
2008-08-06 20:58 . 2002-02-05 13:54 141,016 --a------ G:\WINDOWS\system32\alsndmgr.wav
2008-08-04 03:16 . 2008-08-05 23:34 2,369 --a------ G:\WINDOWS\system32\tblodx32.dll
2008-08-04 02:08 . 2008-08-17 22:56 <DIR> d-------- G:\Program Files\SpywareBlaster
2008-08-04 02:08 . 2008-08-15 22:37 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 02:21 . 2008-08-03 02:21 18,044 --ah----- G:\WINDOWS\system32\mlfcache.dat
2008-08-03 02:17 . 2008-08-18 01:03 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\Apple Computer
2008-08-03 02:11 . 2008-08-03 02:12 <DIR> d-------- G:\Program Files\Safari
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Bonjour
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Program Files\Apple Software Update
2008-08-03 02:11 . 2008-08-03 02:11 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 01:47 . 2008-08-03 01:47 164 --a------ G:\WINDOWS\system32\AddPort.ini
2008-08-03 01:42 . 2008-08-03 01:47 1,758 --a------ G:\WINDOWS\hpntwksetup.ini
2008-08-03 01:41 . 2008-08-03 01:47 <DIR> d-------- G:\TEMP
2008-08-03 01:41 . 2008-07-03 22:17 105,342 --------- G:\WINDOWS\HPFins09.dat.temp
2008-08-03 01:41 . 2005-11-01 03:29 3,732 --------- G:\WINDOWS\hpfmdl09.dat.temp
2008-08-03 00:05 . 2008-08-03 00:05 <DIR> d-------- G:\WINDOWS\Sun
2008-08-03 00:04 . 2008-08-03 00:04 <DIR> d-------- G:\Program Files\Sun
2008-08-03 00:03 . 2008-06-10 02:32 73,728 --a------ G:\WINDOWS\system32\javacpl.cpl
2008-08-03 00:02 . 2008-08-03 00:03 <DIR> d-------- G:\Program Files\Java
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- G:\Program Files\Common Files\Java
2008-08-02 23:59 . 2008-08-02 23:59 <DIR> d-------- G:\Program Files\SDM20
2008-07-31 12:06 . 2008-07-25 08:14 120,320 --a------ G:\WINDOWS\system32\avm.cpl
2008-07-31 00:20 . 2008-08-04 00:51 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-30 22:42 . 2008-07-30 22:42 <DIR> d-------- G:\Program Files\Spybot - Search & Destroy
2008-07-30 22:42 . 2008-07-30 22:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 15:21 . 2008-07-23 15:21 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\MailFrontier
2008-07-23 13:51 . 2008-08-18 08:54 1,276 --a------ G:\rollback.ini
2008-07-23 13:48 . 2008-07-23 14:30 <DIR> d-------- G:\Documents and Settings\Greg\Application Data\MailFrontier
2008-07-23 13:45 . 2008-08-18 11:50 5,831,200 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
2008-07-23 13:45 . 2008-08-18 11:13 78,788 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
2008-07-23 13:39 . 2008-07-23 14:18 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- G:\Program Files\Zone Labs
2008-07-22 19:09 . 2008-06-13 05:05 272,128 --------- G:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 19:09 . 2008-06-13 05:05 272,128 -----c--- G:\WINDOWS\system32\dllcache\bthport.sys
2008-07-22 19:08 . 2008-05-08 08:02 203,136 -----c--- G:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-22 12:33 . 2008-08-17 21:38 <DIR> d-------- G:\WINDOWS\system32\LogFiles
2008-07-21 21:22 . 2008-07-21 21:22 <DIR> d-------- G:\Documents and Settings\Tammy\Application Data\Lavasoft
2008-07-21 17:32 . 2008-08-17 21:48 4,212 ---h----- G:\WINDOWS\system32\zllictbl.dat
2008-07-21 17:31 . 2008-08-18 11:33 <DIR> d-------- G:\WINDOWS\Internet Logs
2008-07-20 22:38 . 2008-07-20 22:38 77 --a------ G:\Documents and Settings\Tammy\2964.bat
2008-07-19 19:21 . 2008-07-19 19:21 <DIR> d-------- G:\Program Files\AIM Search
2008-07-19 19:21 . 2008-07-21 18:37 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-19 19:20 . 2008-07-21 15:56 <DIR> d-------- G:\Program Files\Common Files\AOL
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-19 19:20 . 2008-07-19 19:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\AOL
2008-07-19 19:20 . 2008-07-19 19:21 387 --ah----- G:\IPH.PH
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 04:38 1,469,952 ----a-w G:\WINDOWS\Internet Logs\xDBB.tmp
2008-08-11 20:29 4,073,605 ----a-w G:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-11 06:11 1,470,464 ----a-w G:\WINDOWS\Internet Logs\xDBA.tmp
2008-08-07 17:09 1,468,416 ----a-w G:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-07 02:58 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-08-07 02:58 --------- d-----w G:\Program Files\Common Files\InstallShield
2008-08-03 07:57 1,378,816 ----a-w G:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-03 07:47 --------- d-----w G:\Documents and Settings\All Users\Application Data\HP
2008-07-31 05:36 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-31 05:18 1,826,816 ----a-w G:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-31 04:53 1,824,768 ----a-w G:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-31 04:21 1,814,016 ----a-w G:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-30 08:11 1,810,432 ----a-w G:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-30 02:20 1,808,384 ----a-w G:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-29 07:04 1,805,824 ----a-w G:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-28 23:08 1,357,824 ----a-w G:\WINDOWS\Internet Logs\xDB1B.tmp
2008-07-09 15:05 75,248 ----a-w G:\WINDOWS\zllsputility.exe
2008-07-09 15:05 1,086,952 ----a-w G:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:26 253,952 ----a-w G:\WINDOWS\system32\es.dll
2008-07-04 04:18 --------- d-----w G:\Documents and Settings\Greg\Application Data\HP
2008-07-04 04:06 --------- d-----w G:\Program Files\HP
2008-06-30 17:39 --------- d-----w G:\Program Files\Common Files\Adobe
2008-06-26 03:26 --------- d-----w G:\Program Files\Microsoft ActiveSync
2008-06-25 08:06 --------- d-----w G:\Program Files\Common Files\LightScribe
2008-06-25 08:06 --------- d-----w G:\Program Files\Ahead
2008-06-25 08:05 --------- d-----w G:\Program Files\Common Files\Nero
2008-06-25 08:03 --------- d-----w G:\Program Files\Common Files\Ahead
2008-06-25 08:03 --------- d-----w G:\Documents and Settings\All Users\Application Data\Ahead
2008-06-25 07:57 --------- d-----w G:\Program Files\Lavasoft
2008-06-25 07:57 --------- d-----w G:\Documents and Settings\Greg\Application Data\Lavasoft
2008-06-25 07:51 --------- d-----w G:\Program Files\MGI
2008-06-25 07:51 --------- d-----w G:\Program Files\Common Files\MGI Shared
2008-06-25 07:51 --------- d-----w G:\Documents and Settings\Greg\Application Data\MGI
2008-06-25 07:50 --------- d-----w G:\Program Files\Hewlett-Packard
2008-06-25 07:20 --------- d-----w G:\Program Files\microsoft frontpage
2008-06-24 16:43 74,240 ----a-w G:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w G:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w G:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w G:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( snapshot_2008-08-18_11.17.17.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 17:14:02 672,572 ----a-w G:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-08-18 17:35:11 673,328 ----a-w G:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 04:08 172032]
"DeviceDiscovery"="G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"AppleSyncNotifier"="G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 G:\WINDOWS\soundman.exe]
G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=G:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\WINDOWS\\system32\\spoolsv.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ced62ee-5eb8-11dd-90c5-001485358c6b}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-13 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - G:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\1n7d796z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - G:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 11:51:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-18 11:51:50
ComboFix-quarantined-files.txt 2008-08-18 17:51:48
ComboFix2.txt 2008-08-18 17:18:15
ComboFix3.txt 2008-08-16 04:54:53
Pre-Run: 252,972,765,184 bytes free
Post-Run: 252,961,972,224 bytes free
219 --- E O F --- 2008-08-18 03:25:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:34 AM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\notepad.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\iwillforgetthis\iwillforgetthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - G:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379609671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=23100
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6281 bytes
Well you could have screwed up but luckily not this time
Where has AntiVir gone?
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Whew. Good. Well, I had like three antivirus programs running I think, (Zone alarm, Adaware, and Antivir), so I uninstalled AntiVir, since it was the free one. SHould that be the one to keep? Oh I also had/have spyware doctor 6.0 . What would you reccomend from now on?
Thanks!
Greg