Okay, success!!
The folder is created in C:\SDFix ....interestingly, the folder is only there when running combofix. I can't find it after the program runs or if I want to run it again, I get the same error and the folder 'appears' in this directory.
Either way, I ran it. The first time took longer, did a reboot, but did not produce a log. I ran it again and that time it completed properly. I have included the log file for that created below as well as a new HJT log. I believe the first run through did more 'work', but I do not have anything to show from it.
As far as your antivirus question, I am not paying for a subscription. So, its probably wise to run a new anti-virus program. I have AVG installed, but I have rarely used it if that is one you think I should update and run with.
Let me know what you think of these logs and where to go next:
ComboFix 08-01-30.1 - Smith 2008-01-31 20:27:30.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.585 [GMT -5:00]
Running from: C:\Documents and Settings\Smith\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mljhiih.dll
C:\WINDOWS\system32\nokbmpqv.dll
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Application Data\NetMon
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService.NT AUTHORITY.014\Application Data\NetMon
C:\Documents and Settings\NetworkService.NT AUTHORITY.014\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService.NT AUTHORITY.014\Application Data\NetMon\log.txt
C:\Documents and Settings\Smith\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Smith\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Smith\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\EPSON\profsydyb.html
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080130-231519-826.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\c3JzMTc4\
C:\WINDOWS\c3JzMTc4\\asappsrv.dll
C:\WINDOWS\c3JzMTc4\\command.exe
C:\WINDOWS\c3JzMTc4\\waLWgnwb.vbs
C:\WINDOWS\c3JzMTc4\command.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\nokbmpqv.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_MP32
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-01-31 20:28 . 2008-01-31 20:28 <DIR> d-------- C:\TEMP\tn3
2008-01-30 22:38 . 2008-01-31 19:10 <DIR> d-------- C:\VundoFix Backups
2008-01-30 22:36 . 2008-01-30 22:36 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-29 20:00 . 2008-01-29 20:00 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-29 19:54 . 2008-01-29 19:54 <DIR> d-------- C:\WINDOWS\system32\wts1
2008-01-29 19:54 . 2008-01-29 19:54 <DIR> d-------- C:\WINDOWS\system32\vip4
2008-01-29 19:54 . 2008-01-31 03:14 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-29 19:54 . 2008-01-30 03:09 <DIR> d-------- C:\WINDOWS\system32\knis6
2008-01-29 19:54 . 2008-01-30 17:36 <DIR> d-------- C:\WINDOWS\system32\comg9
2008-01-29 19:54 . 2008-01-29 19:54 <DIR> d-------- C:\TEMP\gTiis19
2008-01-29 19:54 . 2008-01-29 19:54 <DIR> d-------- C:\TEMP\cXzz9
2008-01-29 19:54 . 2008-01-29 19:54 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-29 19:29 . 2008-01-29 19:29 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-29 07:09 . 2008-01-29 07:09 <DIR> d-------- C:\Deckard
2008-01-28 20:28 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 19:50 . 2008-01-28 19:51 <DIR> d-------- C:\Documents and Settings\Smith\.SunDownloadManager
2008-01-27 18:34 . 2008-01-27 18:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-27 18:34 . 2008-01-27 18:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-01-15 18:59 . 2008-01-28 23:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 18:59 . 2008-01-15 18:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-14 06:51 . 2008-01-14 06:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-13 15:52 . 2008-01-28 05:08 4,194,474 --a------ C:\piplog.log.old
2008-01-13 08:22 . 2008-01-13 08:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-01-13 08:21 . 2008-01-14 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-13 08:21 . 2008-01-13 08:21 <DIR> d-------- C:\Documents and Settings\Smith\Application Data\SUPERAntiSpyware.com
2008-01-13 08:20 . 2008-01-13 08:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 22:17 . 2008-01-12 22:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 19:59 . 2008-01-12 20:59 317 --a------ C:\WINDOWS\wininit.ini
2008-01-12 11:52 . 2008-01-28 23:05 <DIR> d-------- C:\Program Files\CCleaner
2008-01-12 11:51 . 2008-01-12 19:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-12 10:40 . 2008-01-12 21:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio
2008-01-12 10:15 . 2008-01-12 10:15 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2008-01-12 10:13 . 2008-01-12 10:13 <DIR> d-------- C:\TEMP\Ryuan1
2008-01-12 10:13 . 2008-01-12 10:13 86,016 --a------ C:\WINDOWS\system32\drivers\streamm.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 00:23 --------- d-----w C:\Program Files\EPSON
2008-01-31 04:15 --------- d-----w C:\Program Files\Adaptec
2008-01-31 02:33 --------- d-----w C:\Program Files\Google
2008-01-29 01:28 --------- d-----w C:\Program Files\Java
2008-01-27 22:49 --------- d-----w C:\Program Files\Viewpoint
2008-01-27 22:49 --------- d-----w C:\Documents and Settings\Smith\Application Data\Viewpoint
2008-01-27 22:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-01-15 12:10 --------- d-----w C:\Documents and Settings\Smith\Application Data\tunebite
2008-01-13 23:17 4,154 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-13 00:40 --------- d-----w C:\Program Files\AIM6
2007-07-08 12:34 25,032 ----a-w C:\Documents and Settings\Smith\Application Data\GDIPFONTCACHEV1.DAT
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-06-21 16:37 61,440 ----a-w C:\Program Files\Registered.dll
2002-06-21 16:33 24,576 ----a-w C:\Program Files\EnDeCrypt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:41 13312]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2000-07-19 08:00 176178]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-06-10 19:10 1003520]
"AnyDVD"="D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-10-28 12:51 1600448]
"tunebite.exe"="D:\Program Files\tunebite\tunebite.exe" [2006-02-15 14:16 350720]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-07-28 21:50 684032]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 08:50 28672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-25 14:03 180269]
"HGTXPEI"="C:\WINDOWS\EndInstall.exe" [ ]
"SoundFusion"="hercplgs.cpl" [2001-10-04 14:05 1761280 C:\WINDOWS\system32\hercplgs.cpl]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 15:00 99840]
"POEngine"="D:\Program Files\PokerOffice\POEngine.exe" [2005-07-13 09:17 18944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NapsterShell"="D:\Program Files\Napster\napster.exe" [2007-11-08 17:58 323216]
"vptray"="D:\Program Files\NavNT\vptray.exe" [2001-09-24 06:59 73728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"VF0060 STISvc"="V0060Pin.dll" [2004-10-31 20:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
"hp Update 3300C"="C:\sj650\hpupdate.exe" [2002-01-31 09:38 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
C:\Documents and Settings\Smith\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 12:57:16 2913584]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= D:\IAccess\Qualcomm\Eudora\EuShlExt.dll [2001-04-12 18:05 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RunOnceVolume"= {c86a8dc8-6016-4295-a603-e16ac3e5d4c0} - C:\WINDOWS\Installer\{c86a8dc8-6016-4295-a603-e16ac3e5d4c0}\RunOnceVolume.dll [ ]
"DriveRom"= {725997bc-47cd-436f-ac43-48eed75b2e3c} - C:\WINDOWS\Installer\{725997bc-47cd-436f-ac43-48eed75b2e3c}\DriveRom.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
R0 Hpt3xxNT;Hpt3xxNT;C:\WINDOWS\System32\DRIVERS\Hpt3xxNT.sys [2001-10-17 20:37]
R1 streamm;streamm;C:\WINDOWS\System32\drivers\streamm.sys [2008-01-12 10:13]
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-05-04 02:24]
R2 CPDNService;CPDNService;D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE [2004-02-09 15:17]
R2 TimeSync;TimeSync;C:\WINDOWS\SYSTEM32\timesync.exe [2002-10-16 22:33]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys []
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 07:12]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\lgatbus.sys [2006-05-20 01:00]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\System32\DRIVERS\lgatmdm.sys [2006-05-20 01:00]
S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\System32\DRIVERS\V0060Vid.sys [2005-02-02 03:15]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 02:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-31 09:45:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-31 20:31:19
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> D:\Program Files\PokerOffice\bin\pnhimp.Dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
D:\Program Files\NavNT\defwatch.exe
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\WINDOWS\System32\wdfmgr.exe
D:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\Napster\napster.exe
D:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\locator.exe
.
**************************************************************************
.
Completion time: 2008-01-31 20:32:37 - machine was rebooted [Smith]
ComboFix-quarantined-files.txt 2008-02-01 01:32:34
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35, on 2008-01-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
D:\Program Files\NavNT\defwatch.exe
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
D:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\Napster\napster.exe
D:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\noname.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: Yahoo! Blackjack -
http://download.games.yahoo.com/games/c ... /jt0_x.cabO16 - DPF: Yahoo! Fleet -
http://download.games.yahoo.com/games/c ... ltt1_x.cabO16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/c ... /tt2_x.cabO16 - DPF: Yahoo! MLB StatTracker -
http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cabO16 - DPF: Yahoo! NBA StatTracker -
http://aud3.sports.yahoo.com/java/y/nbast8264_x.cabO16 - DPF: Yahoo! NFL StatTracker -
http://aud4.sports.yahoo.com/java/y/nflst8226_x.cabO16 - DPF: Yahoo! NHL StatTracker -
http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cabO16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/games/c ... /pt0_x.cabO16 - DPF: Yahoo! Word Racer -
http://download.games.yahoo.com/games/c ... /wt0_x.cabO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -
http://support.f-secure.com/ols/fscax.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/200 ... taller.exeO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.c ... i_0727.dllO16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
http://www.verizon.net/checkmypc/includ ... reQual.cabO16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) -
http://www.atlas.lsu.edu/acgm/acgm.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: RunOnceVolume - {c86a8dc8-6016-4295-a603-e16ac3e5d4c0} - C:\WINDOWS\Installer\{c86a8dc8-6016-4295-a603-e16ac3e5d4c0}\RunOnceVolume.dll (file missing)
O21 - SSODL: DriveRom - {725997bc-47cd-436f-ac43-48eed75b2e3c} - C:\WINDOWS\Installer\{725997bc-47cd-436f-ac43-48eed75b2e3c}\DriveRom.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe
--
End of file - 11268 bytes