0

Hello everyone,excuse me but I have to post this fast becuase of my virus.I own a Compaq
Presario,AMD Anthlon,64 Processor wit windows xp home editon sp2.I am posting this log in hope of getting urgent help.I am working with Netzero dailup and keep getting cut off wit and error message windows has encountered a prob,em.Cannot download or update none of my antivirus tools.I am posting a Highjack 2 log in safe mode if it helps.Thanks all.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:37 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Compaq Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoloadIR.lnk = C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196432466198
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200875322953
O21 - SSODL: asvdnmo - {DDC188D0-0637-4F05-A19C-E263EC1C1ADE} - (no file)
O21 - SSODL: bgntlvo - {CD520798-58B9-4D40-951C-521B3F605A3F} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - Advanced Micro Devices - (no file)
O23 - Service: DirMS_Defragmentation - Unknown owner - C:\Program Files\MATCO\DirmsService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServersCheck Monitoring Service (ServersCheck) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\s-service.exe
O23 - Service: ServersCheck WebServer Service (ServersCheck Configuration) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\server-service.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


--
End of file - 11575 bytes

Thank you

Edited by happygeek: fixed formatting

2
Contributors
4
Replies
5
Views
9 Years
Discussion Span
Last Post by Telmar#
0

Hi and welcome to the Daniweb forums :).

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - Startup: Compaq Organize.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O21 - SSODL: asvdnmo - {DDC188D0-0637-4F05-A19C-E263EC1C1ADE} - (no file)
O21 - SSODL: bgntlvo - {CD520798-58B9-4D40-951C-521B3F605A3F} - (no file)

O23 - Service: AOL Connectivity Service (AOL ACS) - Advanced Micro Devices - (no file)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

0

I am happy to receive a reply so soon.Thanks to anyone that has taken a few moments to help me with my problem.I am posting a SmithFraud & Hijackthis report in hope I can get further assistant to my problem.Hello everyone,excuse me but I have to post this fast becuase of my virus.I own a Compaq Presario,AMD Anthlon,64 Processor wit windows xp home editon sp2,Netzero dailup,spybot and windows live one care.My windows defender is turned off.Also,cannot finish downloading windows one care.Again thank you all so much for your time in helping me:

SmitFraudFix v2.290

Scan done at 15:04:19.57, Mon 02/18/2008
Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ServersCheck_Monitoring\s-service.exe
C:\Program Files\ServersCheck_Monitoring\s-alerts.exe
C:\Program Files\ServersCheck_Monitoring\server-service.exe
C:\Program Files\ServersCheck_Monitoring\s-graphs.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_manager.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_watcher.exe
C:\Program Files\ServersCheck_Monitoring\s-server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Haute Secure\CtPopup.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_rule.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_thread2.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_security.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ServersCheck_Monitoring\agents\memory_check.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

HKLM\SYSTEM\CCS\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:31 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ServersCheck_Monitoring\s-service.exe
C:\Program Files\ServersCheck_Monitoring\s-alerts.exe
C:\Program Files\ServersCheck_Monitoring\server-service.exe
C:\Program Files\ServersCheck_Monitoring\s-graphs.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_manager.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_watcher.exe
C:\Program Files\ServersCheck_Monitoring\s-server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Haute Secure\CtPopup.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_rule.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_thread2.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_security.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ServersCheck_Monitoring\agents\memory_check.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoloadIR.lnk = C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196432466198
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200875322953
O23 - Service: AOL Connectivity Service (AOL ACS) - Advanced Micro Devices - (no file)
O23 - Service: DirMS_Defragmentation - Unknown owner - C:\Program Files\MATCO\DirmsService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServersCheck Monitoring Service (ServersCheck) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\s-service.exe
O23 - Service: ServersCheck WebServer Service (ServersCheck Configuration) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\server-service.exe

--
End of file - 12640 bytes

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Thank you so much for all the people in this forum that continue to give me help.Before I post my logs,I forgot to also speak of an error message I get while attempting to connect to the internet.My internet shows connection but a square box ask me if I want to work on or off line.I followed the instructions I was given to the best of my ability and now no not to let anyone but myself use my computer.I am very grateful for all the help I have received so far.THANKS!

ComboFix 08-02-19.2 - Compaq_Owner 2008-02-19 10:41:59.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.106 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf


----- BITS: Possible infected sites -----


hxxp://softworldnetwork.com
hxxp://softworldnetwork2.com
hxxp://onsafepro.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


.
-------\LEGACY_NPF
-------\NPF



(((((((((((((((((((((((((   Files Created from 2008-01-19 to 2008-02-19  )))))))))))))))))))))))))))))))
.


2008-02-18 15:04 . 2008-02-18 15:04 2,130   --a------   C:\WINDOWS\system32\tmp.reg
2008-02-18 15:03 . 2008-02-18 15:02 289,144 --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-02-18 15:03 . 2008-02-18 15:02 288,417 --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-02-18 15:03 . 2008-02-18 15:02 85,504  --a------   C:\WINDOWS\system32\VACFix.exe
2008-02-18 15:03 . 2008-02-18 15:02 82,432  --a------   C:\WINDOWS\system32\IEDFix.exe
2008-02-18 15:03 . 2008-02-18 15:02 53,248  --a------   C:\WINDOWS\system32\Process.exe
2008-02-18 15:03 . 2008-02-18 15:02 51,200  --a------   C:\WINDOWS\system32\dumphive.exe
2008-02-18 15:03 . 2008-02-18 15:02 25,600  --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-02-16 13:46 . 2008-02-16 14:01 <DIR>    d--------   C:\Documents and Settings\Compaq_Owner\.housecall6.6
2008-02-16 12:33 . 2008-02-16 12:45 <DIR>    d--------   C:\Program Files\Windows Live Safety Center
2008-02-16 00:20 . 2007-11-27 22:56 116,416 --a------   C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-02-16 00:20 . 2007-11-27 22:56 91,328  --a------   C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-02-16 00:18 . 2007-07-06 15:09 70,928  --a------   C:\WINDOWS\system32\drivers\MpFilter.sys
2008-02-15 19:26 . 2008-02-16 14:09 <DIR>    d--------   C:\Program Files\Microsoft Windows OneCare Live
2008-02-14 19:05 . 2008-02-14 19:05 <DIR>    d--------   C:\Program Files\Haute Secure
2008-02-14 19:04 . 2008-02-14 19:04 <DIR>    d--------   C:\Program Files\Trend Micro
2008-02-14 09:10 . 2008-02-14 09:10 268 --ah-----   C:\sqmdata19.sqm
2008-02-14 09:10 . 2008-02-14 09:10 244 --ah-----   C:\sqmnoopt19.sqm
2008-02-14 08:59 . 2008-02-14 08:59 268 --ah-----   C:\sqmdata18.sqm
2008-02-14 08:59 . 2008-02-14 08:59 244 --ah-----   C:\sqmnoopt18.sqm
2008-02-14 08:48 . 2008-02-14 08:48 268 --ah-----   C:\sqmdata17.sqm
2008-02-14 08:48 . 2008-02-14 08:48 244 --ah-----   C:\sqmnoopt17.sqm
2008-02-14 08:33 . 2008-02-14 08:33 268 --ah-----   C:\sqmdata16.sqm
2008-02-14 08:33 . 2008-02-14 08:33 244 --ah-----   C:\sqmnoopt16.sqm
2008-02-14 07:57 . 2008-02-14 07:57 268 --ah-----   C:\sqmdata15.sqm
2008-02-14 07:57 . 2008-02-14 07:57 244 --ah-----   C:\sqmnoopt15.sqm
2008-02-13 14:56 . 2008-02-13 14:56 268 --ah-----   C:\sqmdata14.sqm
2008-02-13 14:56 . 2008-02-13 14:56 244 --ah-----   C:\sqmnoopt14.sqm
2008-02-13 14:44 . 2008-02-13 14:44 268 --ah-----   C:\sqmdata13.sqm
2008-02-13 14:44 . 2008-02-13 14:44 244 --ah-----   C:\sqmnoopt13.sqm
2008-02-11 22:02 . 2008-02-11 22:02 244 --ah-----   C:\sqmnoopt12.sqm
2008-02-11 22:02 . 2008-02-11 22:02 232 --ah-----   C:\sqmdata12.sqm
2008-02-10 13:06 . 2008-02-10 13:06 268 --ah-----   C:\sqmdata11.sqm
2008-02-10 13:06 . 2008-02-10 13:06 244 --ah-----   C:\sqmnoopt11.sqm
2008-02-10 12:56 . 2008-02-10 12:56 268 --ah-----   C:\sqmdata10.sqm
2008-02-10 12:56 . 2008-02-10 12:56 244 --ah-----   C:\sqmnoopt10.sqm
2008-02-06 17:15 . 2008-02-06 17:15 411,720 --a------   C:\WINDOWS\system32\drivers\ct.sys
2008-02-06 12:30 . 2008-02-06 12:30 <DIR>    d--------   C:\Documents and Settings\Compaq_Owner\Contacts
2008-02-06 12:02 . 2008-02-06 12:02 <DIR>    d--------   C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
2008-02-05 16:33 . 2008-02-05 16:33 <DIR>    d--------   C:\Program Files\FriendFinder
2008-02-05 15:02 . 2008-02-05 15:02 268 --ah-----   C:\sqmdata09.sqm
2008-02-05 15:02 . 2008-02-05 15:02 244 --ah-----   C:\sqmnoopt09.sqm
2008-02-02 16:20 . 2008-02-02 16:20 268 --ah-----   C:\sqmdata08.sqm
2008-02-02 16:20 . 2008-02-02 16:20 244 --ah-----   C:\sqmnoopt08.sqm
2008-01-31 18:38 . 2008-01-31 18:38 244 --ah-----   C:\sqmnoopt07.sqm
2008-01-31 18:38 . 2008-01-31 18:38 232 --ah-----   C:\sqmdata07.sqm
2008-01-31 18:32 . 2008-01-31 18:32 244 --ah-----   C:\sqmnoopt06.sqm
2008-01-31 18:32 . 2008-01-31 18:32 232 --ah-----   C:\sqmdata06.sqm
2008-01-31 18:31 . 2008-01-31 18:31 244 --ah-----   C:\sqmnoopt05.sqm
2008-01-31 18:31 . 2008-01-31 18:31 232 --ah-----   C:\sqmdata05.sqm
2008-01-31 18:19 . 2008-01-31 18:19 268 --ah-----   C:\sqmdata04.sqm
2008-01-31 18:19 . 2008-01-31 18:19 244 --ah-----   C:\sqmnoopt04.sqm
2008-01-30 15:25 . 2008-02-14 09:44 0   --a------   C:\WINDOWS\win.ini
2008-01-30 15:19 . 2008-02-19 10:46 268 --ah-----   C:\sqmdata03.sqm
2008-01-30 15:19 . 2008-02-19 10:46 244 --ah-----   C:\sqmnoopt03.sqm
2008-01-30 14:49 . 2008-01-30 14:49 <DIR>    d--------   C:\Program Files\Genesys Logic
2008-01-30 14:49 . 2001-12-17 17:42 18,690  --a------   C:\WINDOWS\system32\drivers\usbhsb.sys
2008-01-30 14:44 . 2008-02-18 11:15 268 --ah-----   C:\sqmdata02.sqm
2008-01-30 14:44 . 2008-02-18 11:15 244 --ah-----   C:\sqmnoopt02.sqm
2008-01-30 14:20 . 2008-02-16 18:11 244 --ah-----   C:\sqmnoopt01.sqm
2008-01-30 14:20 . 2008-02-16 18:11 232 --ah-----   C:\sqmdata01.sqm
2008-01-29 15:03 . 2008-02-14 12:46 268 --ah-----   C:\sqmdata00.sqm
2008-01-29 15:03 . 2008-02-14 12:46 244 --ah-----   C:\sqmnoopt00.sqm
2008-01-28 22:00 . 2008-01-28 22:00 <DIR>    d--------   C:\Program Files\Windows Live Toolbar
2008-01-28 22:00 . 2008-01-28 22:00 <DIR>    d--------   C:\Program Files\Windows Live Favorites
2008-01-28 21:42 . 2008-01-29 15:02 <DIR>    d--------   C:\Program Files\Windows Live
2008-01-28 21:42 . 2008-01-28 22:00 <DIR>    d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 21:41 . 2008-01-29 14:37 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 21:37 . 2008-01-28 21:37 <DIR>    d--------   C:\Program Files\Common Files\xing shared
2008-01-25 16:30 . 2008-01-25 16:32 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-25 16:09 . 2008-01-25 16:09 <DIR>    d--------   C:\Program Files\MSBuild
2008-01-25 16:08 . 2008-01-25 16:08 <DIR>    d--------   C:\WINDOWS\system32\XPSViewer
2008-01-25 16:08 . 2008-01-25 16:08 <DIR>    d--------   C:\Program Files\Reference Assemblies
2008-01-25 16:07 . 2006-06-29 13:07 14,048  --a------   C:\WINDOWS\system32\spmsg2.dll
2008-01-25 16:05 . 2008-01-25 16:05 <DIR>    d--------   C:\Program Files\MSXML 6.0
2008-01-24 20:55 . 2008-01-24 20:56 <DIR>    d--------   C:\Program Files\NetZero
2008-01-24 20:55 . 2008-01-24 20:55 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\NetZero
2008-01-24 15:12 . 2008-02-19 10:52 <DIR>    d--------   C:\Program Files\ServersCheck_Monitoring
2008-01-24 15:10 . 2008-01-24 15:10 <DIR>    d--------   C:\Program Files\MATCO
2008-01-24 12:19 . 2008-01-24 12:19 3,716   --a------   C:\WINDOWS\system32\OEMINFO.PNF
2008-01-22 04:48 . 2008-01-22 04:48 <DIR>    d--------   C:\WINDOWS\system32\bits
2008-01-22 04:48 . 2007-03-29 07:56 7,168   --a------   C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-22 04:48 . 2007-03-29 07:56 7,168   --a------   C:\WINDOWS\system32\bitsprx4.dll
2008-01-22 00:31 . 2008-01-22 00:31 <DIR>    d--------   C:\Program Files\StumbleUpon
2008-01-22 00:31 . 2008-01-22 00:31 <DIR>    d--------   C:\Documents and Settings\Compaq_Owner\Application Data\StumbleUpon
2008-01-22 00:30 . 2008-01-22 00:30 <DIR>    d--------   C:\Program Files\Microsoft Silverlight
2008-01-21 17:43 . 2008-01-21 17:43 <DIR>    d--------   C:\Program Files\Connection Wizard
2008-01-21 16:34 . 2007-07-30 19:19 271,224 --a------   C:\WINDOWS\system32\mucltui.dll
2008-01-21 16:34 . 2007-07-30 19:19 30,072  --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-01-19 18:21 . 2008-01-19 18:25 4,212   --ah-----   C:\WINDOWS\system32\zllictbl.dat
2008-01-19 18:19 . 2008-01-20 16:57 <DIR>    d--------   C:\WINDOWS\Internet Logs
2008-01-19 18:18 . 2008-01-19 18:18 <DIR>    d--------   C:\Program Files\RoadSide Software
2008-01-19 18:18 . 2002-06-24 11:19 282,624 --a------   C:\WINDOWS\esellerateEngine.dll
2008-01-19 18:18 . 1999-12-17 10:13 86,016  --a------   C:\WINDOWS\unvise32.exe


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:19    3,649   ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-15 01:38    ---------   d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 23:44    ---------   d-----w C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug
2008-02-13 21:09    ---------   d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Internet Download Accelerator
2008-02-02 21:34    ---------   d-----w C:\Program Files\music_now
2008-01-30 02:48    ---------   d-----w C:\Program Files\SpywareBlaster
2008-01-29 02:37    ---------   d-----w C:\Program Files\Real
2008-01-29 02:37    ---------   d-----w C:\Program Files\Common Files\Real
2008-01-27 16:09    ---------   d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2008-01-25 22:31    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-25 21:14    ---------   d-----w C:\Program Files\Yahoo!
2008-01-19 22:16    ---------   d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-01-19 20:55    ---------   d-----w C:\Program Files\IDA
2008-01-18 22:10    ---------   d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
2008-01-18 17:23    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-01-18 16:36    ---------   d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-01-17 23:35    ---------   d-----w C:\Documents and Settings\Compaq_Owner\Application Data\CheckPoint
2008-01-17 14:38    ---------   d-----w C:\Program Files\Windows Defender
2008-01-16 19:03    ---------   d-----w C:\Program Files\Common Files\InstallShield
2008-01-16 16:05    ---------   d-----w C:\Program Files\Microsoft Works
2008-01-16 16:04    ---------   d-----w C:\Program Files\IncrediMail
2008-01-15 21:50    ---------   d-----w C:\Program Files\HP
2008-01-12 16:15    ---------   d-----w C:\Program Files\Oberon Media
2008-01-12 16:14    ---------   d-----w C:\Program Files\HP Games
2008-01-11 21:24    ---------   d-----w C:\Program Files\DIFX
2008-01-11 21:24    ---------   d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-01-11 20:19    ---------   d-----w C:\Program Files\PortQryV2
2008-01-11 05:53    44,544  ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01    347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-19 15:58    ---------   d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2007-12-18 09:51    179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21    3,592,192   ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01    625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00    70,656  ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00    13,824  ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59    161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38    550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38    550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-09-14 18:58    0   ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2006-08-10 23:58    774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 17:28    12,288  ----a-w C:\WINDOWS\Fonts\RandFont.dll
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-02-06 17:15    71880   --a------   C:\Program Files\Haute Secure\CtBho.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{F14AABDD-0232-4E5A-9B52-4178AC0A62B5}
{5093EB4C-3E93-40AB-9266-B607BA87BDC8}
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{7792546F-70AE-4ABC-B2B6-BE68E9410002}


[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-02-06 17:15 1381576]


[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2005-06-07 12:58 1339392]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-08-28 12:27 1629184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 21:36 185896]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 12:43 98304]
"nwiz"="nwiz.exe" [2006-01-24 21:15 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 21:15 7311360]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-02-05 11:38 143360]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 15:30 188416]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 00:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 08:11 49152]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 20:08 451896]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-02-06 17:15 98504]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
--a------ 2008-01-14 12:14 4053102 C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


R0 Ct;Ct;C:\WINDOWS\system32\DRIVERS\ct.sys [2008-02-06 17:15]
R2 CtServ;CtServ;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
R2 ServersCheck Configuration;ServersCheck WebServer Service;C:\Program Files\ServersCheck_Monitoring\server-service.exe [2007-10-14 20:16]
R2 ServersCheck;ServersCheck Monitoring Service;C:\Program Files\ServersCheck_Monitoring\s-service.exe [2007-07-18 19:42]
R3 acfva;acfva;C:\WINDOWS\system32\DRIVERS\ACFVA32.sys [2007-06-29 06:39]
R3 dgcfltr;DGC Filter Driver;C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys [2007-07-10 04:14]
S2 USBHSB;GeneLink File Transfer Driver;C:\WINDOWS\system32\Drivers\usbhsb.sys [2001-12-17 17:42]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ  REG_MULTI_SZ    CtServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 15:01:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************


catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 10:51:57
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ServersCheck_Monitoring\s-alerts.exe
C:\Program Files\ServersCheck_Monitoring\s-graphs.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_manager.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_watcher.exe
C:\Program Files\ServersCheck_Monitoring\s-server.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_rule.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_thread2.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_security.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
.
**************************************************************************
.
Completion time: 2008-02-19 10:54:48 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-19 15:54:39
.
2008-02-16 05:14:53 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:15 AM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ServersCheck_Monitoring\s-service.exe
C:\Program Files\ServersCheck_Monitoring\s-alerts.exe
C:\Program Files\ServersCheck_Monitoring\server-service.exe
C:\Program Files\ServersCheck_Monitoring\s-graphs.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_manager.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_watcher.exe
C:\Program Files\ServersCheck_Monitoring\s-server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_rule.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_thread2.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_security.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Haute Secure\CtPopup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\explorer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoloadIR.lnk = C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196432466198
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200875322953
O23 - Service: AOL Connectivity Service (AOL ACS) - Advanced Micro Devices - (no file)
O23 - Service: DirMS_Defragmentation - Unknown owner - C:\Program Files\MATCO\DirmsService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServersCheck Monitoring Service (ServersCheck) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\s-service.exe
O23 - Service: ServersCheck WebServer Service (ServersCheck Configuration) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\server-service.exe--
End of file - 12249 bytes
Thank You

Edited by happygeek: fixed formatting

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.