Heres the combofix log I didn't see anything about a zip file?
ComboFix 09-04-29.01 - zack 04/29/2009 16:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.593 [GMT -4:00]
Running from: c:\documents and settings\zack.ZACK-5EAFDA744C\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\zack.ZACK-5EAFDA744C\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\winglsetup.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-29 19:16 . 2009-04-29 19:17 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 13:25 . 2009-04-29 19:17 -------- d-----w c:\windows\LastGood
2009-04-29 13:06 . 2009-04-29 13:06 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\IECompatCache
2009-04-29 13:05 . 2009-04-29 13:05 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\PrivacIE
2009-04-29 12:31 . 2009-04-29 12:31 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\IETldCache
2009-04-29 08:28 . 2004-08-04 00:56 24576 ----a-w c:\windows\system32\userinit.exe
2009-04-28 20:54 . 2009-04-28 20:54 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.000\IETldCache
2009-04-28 16:28 . 2009-04-28 16:30 -------- dc-h--w c:\windows\ie8
2009-04-04 16:28 . 2009-04-04 16:28 -------- d-----w c:\program files\MSBuild
2009-04-04 16:27 . 2009-04-04 16:27 89856 ----a-w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-04 16:22 . 2009-04-04 16:22 -------- d-----w c:\windows\system32\XPSViewer
2009-04-04 16:21 . 2009-04-04 16:21 -------- d-----w c:\program files\Reference Assemblies
2009-04-04 16:20 . 2006-06-29 20:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-04 16:16 . 2008-03-05 22:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2009-04-04 16:16 . 2008-02-06 06:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2009-04-04 16:15 . 2008-03-05 22:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-04-04 16:15 . 2007-04-05 01:53 81768 ----a-w c:\windows\system32\xinput1_3.dll
2009-04-04 16:15 . 2009-04-04 16:15 -------- d-----w c:\windows\system32\xlive
2009-04-04 16:15 . 2009-04-04 16:16 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-04-04 16:11 . 2008-04-04 17:41 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Microsoft Games
2009-04-04 15:38 . 2008-04-05 03:38 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Skype
2009-04-04 15:38 . 2007-07-20 01:14 444776 ----a-w c:\windows\system32\d3dx10_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 1358192 ----a-w c:\windows\system32\D3DCompiler_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-04-04 15:38 . 2007-03-12 23:42 3495784 ----a-w c:\windows\system32\d3dx9_33.dll
2009-04-04 15:37 . 2006-09-28 23:05 237848 ----a-w c:\windows\system32\xactengine2_4.dll
2009-04-04 15:37 . 2006-09-28 23:03 15128 ----a-w c:\windows\system32\x3daudio1_1.dll
2009-04-04 15:37 . 2009-04-04 15:37 -------- d-----r c:\program files\Skype
2009-04-04 15:36 . 2009-04-04 15:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-04-04 14:27 . 2009-04-04 14:27 -------- d-----w c:\program files\Elaborate Bytes
2009-04-04 14:10 . 2009-04-04 14:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2009-04-03 21:06 . 2008-04-05 04:09 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\BitZipper
2009-04-03 21:05 . 2008-04-07 10:20 -------- d-----w c:\program files\BitZipper
2009-04-03 16:56 . 2009-04-03 16:56 -------- d-----w c:\program files\Pcsx2
2009-04-03 14:43 . 2008-04-25 15:58 -------- d-----w c:\program files\PeerGuardian2
2009-04-03 14:29 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL
2009-04-03 14:29 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-04-03 14:22 . 2009-04-03 14:22 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Azureus
2009-04-03 14:22 . 2008-04-24 11:59 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Azureus
2009-04-03 14:20 . 2008-04-15 01:59 -------- d-----w c:\program files\Vuze
2009-04-03 13:56 . 2008-04-08 20:40 -------- d-----w c:\program files\Xilisoft
2009-04-02 13:35 . 2008-04-04 18:18 28616 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-02 01:39 . 2009-04-02 01:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 01:39 . 2009-04-02 01:39 -------- d-----w c:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 19:17 . 2009-01-21 00:50 -------- d-----w c:\program files\iTunes
2009-04-29 19:17 . 2009-01-21 00:50 -------- d-----w c:\program files\iPod
2009-04-29 19:15 . 2009-01-21 00:49 -------- d-----w c:\program files\QuickTime
2009-04-29 14:16 . 2008-04-05 04:05 -------- d-----w c:\program files\ViStart
2009-04-29 13:33 . 2009-02-24 19:39 -------- d--h--w c:\program files\BearShare
2009-04-06 19:32 . 2008-04-17 14:36 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-04-17 14:36 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 16:33 . 2009-03-04 01:15 4456 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-04 16:23 . 2009-03-03 02:25 28664 ----a-w c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 14:30 . 2009-01-13 16:57 -------- d-----w c:\program files\Microsoft Games
2009-04-03 14:26 . 2009-03-20 10:46 -------- d-----w c:\program files\Cool Free Music Converter
2009-03-26 16:39 . 2009-01-08 23:39 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-26 04:13 . 2009-03-25 08:21 -------- d-----w c:\program files\EPSON
2009-03-25 07:47 . 2009-03-23 05:51 -------- d-----w c:\program files\Any Video Converter
2009-03-23 05:49 . 2009-03-23 05:48 -------- d-----w c:\program files\AIM6
2009-03-23 05:34 . 2009-03-23 05:34 -------- d-----w c:\program files\Opera
2009-03-21 14:24 . 2009-01-13 04:11 -------- d-----w c:\program files\Common Files\Adobe
2009-03-20 10:46 . 2009-03-20 10:46 34 ---ha-w c:\windows\system32\Converter_sysquict.dat
2009-03-20 10:45 . 2009-03-20 10:45 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-19 20:32 . 2009-03-03 16:23 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 18:58 . 2009-03-19 18:58 -------- d-----w c:\program files\Safari
2009-03-19 18:56 . 2009-01-21 00:50 -------- d-----w c:\program files\Bonjour
2009-03-18 20:52 . 2009-01-21 01:24 -------- d-----w c:\program files\iDump
2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\program files\Microsoft Works
2009-03-18 19:18 . 2009-03-18 19:18 -------- d-----w c:\program files\Microsoft.NET
2009-03-18 14:13 . 2009-03-18 14:13 225 ----a-w c:\windows\PowerReg.dat
2009-03-18 14:12 . 2009-03-18 14:12 -------- d-----w c:\program files\Atari
2009-03-16 13:36 . 2009-03-16 13:36 -------- d-----w c:\program files\MSXML 4.0
2009-03-11 15:52 . 2009-01-08 19:26 -------- d-----w c:\program files\Common Files\LightScribe
2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 10:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 10:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 10:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 10:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 10:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 10:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 10:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 10:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-04 10:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 16:37 . 2009-03-07 16:37 -------- d-----w c:\program files\LG Electronics
2009-03-07 14:30 . 2009-03-07 14:30 -------- d-----w c:\program files\BitPim
2009-03-06 15:38 . 2009-03-04 23:00 -------- d-----w c:\program files\SearchSpy
2009-03-06 06:59 . 2009-03-19 19:04 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2009-03-03 16:21 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 18:50 . 2009-03-05 18:49 -------- d-----w c:\program files\ManyCam 2.3
2009-03-05 17:30 . 2004-08-04 10:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-04 22:26 . 2009-03-04 22:26 -------- d-----w c:\program files\Common Files\AOL
2009-03-04 00:56 . 2009-03-04 00:56 0 ----a-w c:\windows\nsreg.dat
2009-03-04 00:41 . 2009-03-03 23:44 -------- d-----w c:\program files\ATI Technologies
2009-03-03 14:46 . 2009-03-03 02:17 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 02:18 . 2004-08-04 10:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-03 02:15 . 2009-03-03 02:15 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-03 01:47 . 2009-03-03 01:47 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-03 00:15 . 2009-03-03 00:15 -------- d-----w c:\program files\Avira
2009-03-02 11:41 . 2009-03-02 11:41 29184 ----a-w c:\windows\system32\drivers\VClone.sys
2009-02-25 19:36 . 2009-01-21 00:36 13104 ----a-w c:\documents and settings\Zack.ZACK-16DDB60A75\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-29_12.42.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 19:17 . 2009-03-19 20:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661F F3FFD\x86\GEARAspiWDM.sys
+ 2009-04-29 19:17 . 2009-01-15 19:19 23848 c:\windows\LastGood\system32\DRIVERS\GEARAspiWDM.sys
+ 2009-03-03 16:23 . 2008-04-17 16:12 107368 c:\windows\system32\GEARAspi.dll
- 2009-03-03 16:23 . 2008-04-17 19:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-04-29 19:17 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661F F3FFD\x86\GEARAspi.dll
+ 2009-04-29 19:17 . 2008-04-17 19:12 107368 c:\windows\LastGood\system32\GEARAspi.dll
+ 2009-04-29 19:17 . 2009-04-29 19:17 102400 c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
"Google Update"="c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-04-04 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-21 113664]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0SsiEfr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 86413a42;86413a42; [x]
S2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPOD_SERVICE
*Deregistered* - PROCEXP113
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{aa78490c-04ef-11dd-9c0b-0011437e697f}]
\Shell\AutoRun\command - Z:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2009-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-839522115-1004.job
- c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-04-04 18:18]
2009-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{6FBEDDAF-A5DE-4513-901E-44E9D0306577}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-29 16:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-29 16:41
ComboFix-quarantined-files.txt 2009-04-29 20:41
ComboFix2.txt 2009-04-29 12:44
Pre-Run: 184,943,308,800 bytes free
Post-Run: 185,034,113,024 bytes free
224 --- E O F --- 2009-04-29 13:25
and heres the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:55 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10RN1.EXE
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/res...scbase5483.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 7023 bytes
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
Malware Removal & HijackThis Logs 
Search 
