I continue to have problems and have Netzero Dailup.It seems nothing works to fix it.
.Before I post my logs,I forgot to also speak of an error message I get while attempting to connect to the internet.My internet shows connection but a square box ask me if I want to work on or off line.I would appreciate any help I can get.Just tired of this infection.
ComboFix 08-02-19.2 - Compaq_Owner 2008-02-19 10:41:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.106 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://softworldnetwork.com
hxxp://softworldnetwork2.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.
2008-02-18 15:04 . 2008-02-18 15:04 2,130 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-18 15:03 . 2008-02-18 15:02 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-18 15:03 . 2008-02-18 15:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-18 15:03 . 2008-02-18 15:02 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-18 15:03 . 2008-02-18 15:02 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-18 15:03 . 2008-02-18 15:02 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-18 15:03 . 2008-02-18 15:02 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-18 15:03 . 2008-02-18 15:02 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-16 13:46 . 2008-02-16 14:01 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2008-02-16 12:33 . 2008-02-16 12:45 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-16 00:20 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-02-16 00:20 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-02-16 00:18 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-02-15 19:26 . 2008-02-16 14:09 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-02-14 19:05 . 2008-02-14 19:05 <DIR> d-------- C:\Program Files\Haute Secure
2008-02-14 19:04 . 2008-02-14 19:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 09:10 . 2008-02-14 09:10 268 --ah----- C:\sqmdata19.sqm
2008-02-14 09:10 . 2008-02-14 09:10 244 --ah----- C:\sqmnoopt19.sqm
2008-02-14 08:59 . 2008-02-14 08:59 268 --ah----- C:\sqmdata18.sqm
2008-02-14 08:59 . 2008-02-14 08:59 244 --ah----- C:\sqmnoopt18.sqm
2008-02-14 08:48 . 2008-02-14 08:48 268 --ah----- C:\sqmdata17.sqm
2008-02-14 08:48 . 2008-02-14 08:48 244 --ah----- C:\sqmnoopt17.sqm
2008-02-14 08:33 . 2008-02-14 08:33 268 --ah----- C:\sqmdata16.sqm
2008-02-14 08:33 . 2008-02-14 08:33 244 --ah----- C:\sqmnoopt16.sqm
2008-02-14 07:57 . 2008-02-14 07:57 268 --ah----- C:\sqmdata15.sqm
2008-02-14 07:57 . 2008-02-14 07:57 244 --ah----- C:\sqmnoopt15.sqm
2008-02-13 14:56 . 2008-02-13 14:56 268 --ah----- C:\sqmdata14.sqm
2008-02-13 14:56 . 2008-02-13 14:56 244 --ah----- C:\sqmnoopt14.sqm
2008-02-13 14:44 . 2008-02-13 14:44 268 --ah----- C:\sqmdata13.sqm
2008-02-13 14:44 . 2008-02-13 14:44 244 --ah----- C:\sqmnoopt13.sqm
2008-02-11 22:02 . 2008-02-11 22:02 244 --ah----- C:\sqmnoopt12.sqm
2008-02-11 22:02 . 2008-02-11 22:02 232 --ah----- C:\sqmdata12.sqm
2008-02-10 13:06 . 2008-02-10 13:06 268 --ah----- C:\sqmdata11.sqm
2008-02-10 13:06 . 2008-02-10 13:06 244 --ah----- C:\sqmnoopt11.sqm
2008-02-10 12:56 . 2008-02-10 12:56 268 --ah----- C:\sqmdata10.sqm
2008-02-10 12:56 . 2008-02-10 12:56 244 --ah----- C:\sqmnoopt10.sqm
2008-02-06 17:15 . 2008-02-06 17:15 411,720 --a------ C:\WINDOWS\system32\drivers\ct.sys
2008-02-06 12:30 . 2008-02-06 12:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Contacts
2008-02-06 12:02 . 2008-02-06 12:02 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
2008-02-05 16:33 . 2008-02-05 16:33 <DIR> d-------- C:\Program Files\FriendFinder
2008-02-05 15:02 . 2008-02-05 15:02 268 --ah----- C:\sqmdata09.sqm
2008-02-05 15:02 . 2008-02-05 15:02 244 --ah----- C:\sqmnoopt09.sqm
2008-02-02 16:20 . 2008-02-02 16:20 268 --ah----- C:\sqmdata08.sqm
2008-02-02 16:20 . 2008-02-02 16:20 244 --ah----- C:\sqmnoopt08.sqm
2008-01-31 18:38 . 2008-01-31 18:38 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 18:38 . 2008-01-31 18:38 232 --ah----- C:\sqmdata07.sqm
2008-01-31 18:32 . 2008-01-31 18:32 244 --ah----- C:\sqmnoopt06.sqm
2008-01-31 18:32 . 2008-01-31 18:32 232 --ah----- C:\sqmdata06.sqm
2008-01-31 18:31 . 2008-01-31 18:31 244 --ah----- C:\sqmnoopt05.sqm
2008-01-31 18:31 . 2008-01-31 18:31 232 --ah----- C:\sqmdata05.sqm
2008-01-31 18:19 . 2008-01-31 18:19 268 --ah----- C:\sqmdata04.sqm
2008-01-31 18:19 . 2008-01-31 18:19 244 --ah----- C:\sqmnoopt04.sqm
2008-01-30 15:25 . 2008-02-14 09:44 0 --a------ C:\WINDOWS\win.ini
2008-01-30 15:19 . 2008-02-19 10:46 268 --ah----- C:\sqmdata03.sqm
2008-01-30 15:19 . 2008-02-19 10:46 244 --ah----- C:\sqmnoopt03.sqm
2008-01-30 14:49 . 2008-01-30 14:49 <DIR> d-------- C:\Program Files\Genesys Logic
2008-01-30 14:49 . 2001-12-17 17:42 18,690 --a------ C:\WINDOWS\system32\drivers\usbhsb.sys
2008-01-30 14:44 . 2008-02-18 11:15 268 --ah----- C:\sqmdata02.sqm
2008-01-30 14:44 . 2008-02-18 11:15 244 --ah----- C:\sqmnoopt02.sqm
2008-01-30 14:20 . 2008-02-16 18:11 244 --ah----- C:\sqmnoopt01.sqm
2008-01-30 14:20 . 2008-02-16 18:11 232 --ah----- C:\sqmdata01.sqm
2008-01-29 15:03 . 2008-02-14 12:46 268 --ah----- C:\sqmdata00.sqm
2008-01-29 15:03 . 2008-02-14 12:46 244 --ah----- C:\sqmnoopt00.sqm
2008-01-28 22:00 . 2008-01-28 22:00 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-28 22:00 . 2008-01-28 22:00 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-28 21:42 . 2008-01-29 15:02 <DIR> d-------- C:\Program Files\Windows Live
2008-01-28 21:42 . 2008-01-28 22:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 21:41 . 2008-01-29 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 21:37 . 2008-01-28 21:37 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-25 16:30 . 2008-01-25 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-25 16:09 . 2008-01-25 16:09 <DIR> d-------- C:\Program Files\MSBuild
2008-01-25 16:08 . 2008-01-25 16:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-25 16:08 . 2008-01-25 16:08 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-25 16:07 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-25 16:05 . 2008-01-25 16:05 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-24 20:55 . 2008-01-24 20:56 <DIR> d-------- C:\Program Files\NetZero
2008-01-24 20:55 . 2008-01-24 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NetZero
2008-01-24 15:12 . 2008-02-19 10:52 <DIR> d-------- C:\Program Files\ServersCheck_Monitoring
2008-01-24 15:10 . 2008-01-24 15:10 <DIR> d-------- C:\Program Files\MATCO
2008-01-24 12:19 . 2008-01-24 12:19 3,716 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-01-22 04:48 . 2008-01-22 04:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-22 04:48 . 2007-03-29 07:56 7,168 --a------ C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-22 04:48 . 2007-03-29 07:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-01-22 00:31 . 2008-01-22 00:31 <DIR> d-------- C:\Program Files\StumbleUpon
2008-01-22 00:31 . 2008-01-22 00:31 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\StumbleUpon
2008-01-22 00:30 . 2008-01-22 00:30 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-21 17:43 . 2008-01-21 17:43 <DIR> d-------- C:\Program Files\Connection Wizard
2008-01-21 16:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-21 16:34 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-19 18:21 . 2008-01-19 18:25 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-01-19 18:19 . 2008-01-20 16:57 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-19 18:18 . 2008-01-19 18:18 <DIR> d-------- C:\Program Files\RoadSide Software
2008-01-19 18:18 . 2002-06-24 11:19 282,624 --a------ C:\WINDOWS\esellerateEngine.dll
2008-01-19 18:18 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:19 3,649 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-15 01:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 23:44 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug
2008-02-13 21:09 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Internet Download Accelerator
2008-02-02 21:34 --------- d-----w C:\Program Files\music_now
2008-01-30 02:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-29 02:37 --------- d-----w C:\Program Files\Real
2008-01-29 02:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 16:09 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2008-01-25 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-25 21:14 --------- d-----w C:\Program Files\Yahoo!
2008-01-19 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-01-19 20:55 --------- d-----w C:\Program Files\IDA
2008-01-18 22:10 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
2008-01-18 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-01-18 16:36 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-01-17 23:35 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\CheckPoint
2008-01-17 14:38 --------- d-----w C:\Program Files\Windows Defender
2008-01-16 19:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-16 16:05 --------- d-----w C:\Program Files\Microsoft Works
2008-01-16 16:04 --------- d-----w C:\Program Files\IncrediMail
2008-01-15 21:50 --------- d-----w C:\Program Files\HP
2008-01-12 16:15 --------- d-----w C:\Program Files\Oberon Media
2008-01-12 16:14 --------- d-----w C:\Program Files\HP Games
2008-01-11 21:24 --------- d-----w C:\Program Files\DIFX
2008-01-11 21:24 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-01-11 20:19 --------- d-----w C:\Program Files\PortQryV2
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-19 15:58 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-09-14 18:58 0 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2006-08-10 23:58 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-02-06 17:15 71880 --a------ C:\Program Files\Haute Secure\CtBho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{F14AABDD-0232-4E5A-9B52-4178AC0A62B5}
{5093EB4C-3E93-40AB-9266-B607BA87BDC8}
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{7792546F-70AE-4ABC-B2B6-BE68E9410002}
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-02-06 17:15 1381576]
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2005-06-07 12:58 1339392]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-08-28 12:27 1629184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 21:36 185896]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 12:43 98304]
"nwiz"="nwiz.exe" [2006-01-24 21:15 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 21:15 7311360]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-02-05 11:38 143360]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 15:30 188416]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 00:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 08:11 49152]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 20:08 451896]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-02-06 17:15 98504]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
--a------ 2008-01-14 12:14 4053102 C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
R0 Ct;Ct;C:\WINDOWS\system32\DRIVERS\ct.sys [2008-02-06 17:15]
R2 CtServ;CtServ;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
R2 ServersCheck Configuration;ServersCheck WebServer Service;C:\Program Files\ServersCheck_Monitoring\server-service.exe [2007-10-14 20:16]
R2 ServersCheck;ServersCheck Monitoring Service;C:\Program Files\ServersCheck_Monitoring\s-service.exe [2007-07-18 19:42]
R3 acfva;acfva;C:\WINDOWS\system32\DRIVERS\ACFVA32.sys [2007-06-29 06:39]
R3 dgcfltr;DGC Filter Driver;C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys [2007-07-10 04:14]
S2 USBHSB;GeneLink File Transfer Driver;C:\WINDOWS\system32\Drivers\usbhsb.sys [2001-12-17 17:42]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 15:01:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 10:51:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ServersCheck_Monitoring\s-alerts.exe
C:\Program Files\ServersCheck_Monitoring\s-graphs.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_manager.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_watcher.exe
C:\Program Files\ServersCheck_Monitoring\s-server.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_rule.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_thread2.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_security.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
.
**************************************************************************
.
Completion time: 2008-02-19 10:54:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 15:54:39
.
2008-02-16 05:14:53 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:15 AM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ServersCheck_Monitoring\s-service.exe
C:\Program Files\ServersCheck_Monitoring\s-alerts.exe
C:\Program Files\ServersCheck_Monitoring\server-service.exe
C:\Program Files\ServersCheck_Monitoring\s-graphs.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_manager.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_watcher.exe
C:\Program Files\ServersCheck_Monitoring\s-server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_rule.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_thread2.exe
C:\Program Files\ServersCheck_Monitoring\monitoring_security.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Haute Secure\CtPopup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\explorer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoloadIR.lnk = C:\Program Files\RoadSide Software\Internet Rocket\RSSAD.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196432466198
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1200875322953
O23 - Service: AOL Connectivity Service (AOL ACS) - Advanced Micro Devices - (no file)
O23 - Service: DirMS_Defragmentation - Unknown owner - C:\Program Files\MATCO\DirmsService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServersCheck Monitoring Service (ServersCheck) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\s-service.exe
O23 - Service: ServersCheck WebServer Service (ServersCheck Configuration) - ServersCheck BVBA - C:\Program Files\ServersCheck_Monitoring\server-service.exe--
End of file - 12249 bytes
Thank You