jkenterprises2
2007-06-25, 02:54
I read your info. about posting. M.S. says only update avail. is SP2, I have
all the other hotfixes, except for a couple that related to servers, & people on local intranets, ext. ( I read ALL the info. on the ones I didn't take before deciding not to. My computer is a 650 P3, It is slow so I am real careful about installing anything that is not needed. My registery is 26 meg.s as it is now.) I can't install SP1-a. I have ran into a few trojans in the past, so I read
alot of info. on security. I installed AVG + Firewall, SpywareBlaster, SafeXP, & a-squared HiJackFree, I am going to install a² Anti- Mallware. I had F-prot A.V., Spybot S&D, Spyware Doctor & Reg Mechanic, Trojan Remover, M.S. Malware tool, HJT, Combo-Fix, VundoFix, SmitfraudFix, ext. since I got infected before, when I wasn't even connected to the internet. I used to use the public librarys broadband to download. I used to have the internet 8 years ago.Things are different now! I used to repair computers, they are disposable now. I drove trucks also, & was never home. I now have dialup. I configured the internet zone like the resticted zone, except for a couple of prompts. I disabled everything in the restricted zone. My cookie setting is on High, & I selectively clean them often. I disabled uneeded services, & set the firewall to block or ask me on most everything including applications on my h.d.. The only open ports are my a.v., lsas, windows explorer, svchost, & 4 system ports. The firewall blocks win. explorer, & the rest are set on system setting with many restrictions. I thought I was safe. ( I update all my security programs frequently, & run them regularly.) I have had xpre.exe, & a few winlogin entrys,
2 trojans, & 4 dialers, which I am pretty sure they are all gone. I used my various programs, & HJT to remove them, except for 1 which I booted to a Win.ME startup disc, & removed the .dll from the command prompt. I still am glad I learned DOS along time ago. I have not asked anyone for advice on anything untill now. I feel I now need advice, & will only ask this forum. I use the MVP hosts list, when I use the ping command it always comes back 127.0.0.1, but it has been changed twice, once yesterday. I restore the file &
change the attribute to read only when this happens. Sometimes when I check by entering an entry from the hosts list, it takes me to a domain search
where the entry is spelled www.www.xxx.com.com., which is because of NetZero, & fine. But sometimes it goes right to the website, even after a few
entries work fine. I have tried removing the 2 proxy settings listed in the HJT
log, & re-booting, & then the list does'nt work at all, it always goes straight to
the website,which I leave very quickly! I got the 2 trojans & 4 trojans by clicking on a link, which took me to a website, I didn't click on anything on the
site, I notced my u.s.b. modem was blinking wildly, I couldn't go to my home page which is a .html on my computer, or exit I.E. I pulled the u.s.b. cable from my modem. It couldn't have been more than 20 seconds. Then my A.V.
said I have threats in my temp, "To little to late!". Ha-ha (I can't use a smiley,
except :), no js. enabled.) NetZero knows nothing about anything, or I'd ask them 1st. Spybot said I had virtumonde trojan yesterday. The only entry was a key & extra value in the registery. Spybot fixed that. I re-booted the computer, & re-ran S&D again, & again today, & it was clean, I also manually checked the registery, no entry.
It was on the winlogin notify, a sub-key. I also yesterday checked the notify
.dlls and all were the same exact date as XP install files, & say microsoft xp operating system in the version info. MY computer runs real slow now. It takes a long time to get to the login screen, & to shut down. I have aprox. 190-260 meg.s of virtual memory used, from start, to getting on the internet with GetRight running.(Info. from Task Manager Commit Charge.) I have 384
meg.s of r.a.m., everything is d.d.r. these days. My computer is all the time
accessing the h.d. like it is out of memory. I used to run about 116 meg.s of
v.memory, & it ran fine, before the internet & all the security programs, ext.
If I run Spyware Dr. while on internet it is aprox. 500 meg.s, & my computer is
almost unusable, so I don't. I just want to ask if you think I might have some
unresolved or new trojan, ext. (Also my a.v. has complained twice about the boot sector being changed, but I don't see how it can access an nt. boot sector while nt., (xp), is running. Both times I immediatly booted to DOS & ran my F-Prot a.v.,(I have the DOS version), & it said the sectors & the m.b.r. were fine, & no problems elsewhere including the files which can not be
checked while windows is running. I really trust F-Prot, I have used it sinse I
got on the internet years ago, & was the only program I had untill the 1st trojan I picked up. I type with 1 finger, it is taking forever to type this, & I forgot to add this site to trusted, & by the time I remrmbered I had typed a bunch, & didn't want to lose it by refeshing the page, so I have no javascript
running, & thus no spell checker. Please forgive the grammar! I am going to d.l. SP2, which the update said was aprox. 75 meg.s because I have all the critical updates untill SP2. After I can assure myself, I dont have any malware problems, it & the criical updates after SP2 are going to be the very
next things I will get installed. I can't thank you enough for taking the time to
help people like me. There are some good people left in this world. I am diabled now, and living on S.S.I. I am going to donate to S&D when I can. I
know it doesn't make any difference to them as far as support goes. They give the same level to everyone. I think they should charge for S&D. It works as good as the commercial ones! (Unfortunately though, no single program can detect all the viruses, trojans, & the *wares,ext.) HJT follows, if you haven't checked out a-squared HiJackFree, it's worth checking out,( http://www.emsisoft.com/en/ ). THANK YOU for everything !!!
(The new beta
doesn't show it but I have MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) , from old HJT log.)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:07:42 PM, on 6/24/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
E:\VIRUS & TROJAN Utils\HijackThis\Security TEST!!!.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/J.K.%20Bookmarks!!!!!!.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by J. K. ENTERPRISES ® !!!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900 (Port 7900 is NetZero, info. added by J.K., not in HJT log.)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.2mdn.net;cf.netzero.net;qs.netzero.net;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll (NZ=NetZero,J.K.)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Getright\xx2gr.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (Nvidia video card,J.K.)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: README1ST!!!JK!!!.lnk = E:\README1ST!!!JK!!!.txt
O4 - Startup: AnyDVD.lnk = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\Getright\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\Getright\GRbrowse.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll (came with m.s. power tweaks,J.K.)
O15 - Trusted Zone: http://www.cmszone.org
O15 - Trusted Zone: http://*.depositfiles.com
O15 - Trusted Zone: http://www.filefactory.com
O15 - Trusted Zone: http://www.megaupload.com
O15 - Trusted Zone: http://www.mvps.org
O15 - Trusted Zone: http://webmail.netzero.net
O15 - Trusted Zone: http://webmailb.netzero.net
O15 - Trusted Zone: http://*.rapidshare.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.xeem.to
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178088075763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182713399495
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe (My modem,J.K.)
--
End of file - 9101 bytes
all the other hotfixes, except for a couple that related to servers, & people on local intranets, ext. ( I read ALL the info. on the ones I didn't take before deciding not to. My computer is a 650 P3, It is slow so I am real careful about installing anything that is not needed. My registery is 26 meg.s as it is now.) I can't install SP1-a. I have ran into a few trojans in the past, so I read
alot of info. on security. I installed AVG + Firewall, SpywareBlaster, SafeXP, & a-squared HiJackFree, I am going to install a² Anti- Mallware. I had F-prot A.V., Spybot S&D, Spyware Doctor & Reg Mechanic, Trojan Remover, M.S. Malware tool, HJT, Combo-Fix, VundoFix, SmitfraudFix, ext. since I got infected before, when I wasn't even connected to the internet. I used to use the public librarys broadband to download. I used to have the internet 8 years ago.Things are different now! I used to repair computers, they are disposable now. I drove trucks also, & was never home. I now have dialup. I configured the internet zone like the resticted zone, except for a couple of prompts. I disabled everything in the restricted zone. My cookie setting is on High, & I selectively clean them often. I disabled uneeded services, & set the firewall to block or ask me on most everything including applications on my h.d.. The only open ports are my a.v., lsas, windows explorer, svchost, & 4 system ports. The firewall blocks win. explorer, & the rest are set on system setting with many restrictions. I thought I was safe. ( I update all my security programs frequently, & run them regularly.) I have had xpre.exe, & a few winlogin entrys,
2 trojans, & 4 dialers, which I am pretty sure they are all gone. I used my various programs, & HJT to remove them, except for 1 which I booted to a Win.ME startup disc, & removed the .dll from the command prompt. I still am glad I learned DOS along time ago. I have not asked anyone for advice on anything untill now. I feel I now need advice, & will only ask this forum. I use the MVP hosts list, when I use the ping command it always comes back 127.0.0.1, but it has been changed twice, once yesterday. I restore the file &
change the attribute to read only when this happens. Sometimes when I check by entering an entry from the hosts list, it takes me to a domain search
where the entry is spelled www.www.xxx.com.com., which is because of NetZero, & fine. But sometimes it goes right to the website, even after a few
entries work fine. I have tried removing the 2 proxy settings listed in the HJT
log, & re-booting, & then the list does'nt work at all, it always goes straight to
the website,which I leave very quickly! I got the 2 trojans & 4 trojans by clicking on a link, which took me to a website, I didn't click on anything on the
site, I notced my u.s.b. modem was blinking wildly, I couldn't go to my home page which is a .html on my computer, or exit I.E. I pulled the u.s.b. cable from my modem. It couldn't have been more than 20 seconds. Then my A.V.
said I have threats in my temp, "To little to late!". Ha-ha (I can't use a smiley,
except :), no js. enabled.) NetZero knows nothing about anything, or I'd ask them 1st. Spybot said I had virtumonde trojan yesterday. The only entry was a key & extra value in the registery. Spybot fixed that. I re-booted the computer, & re-ran S&D again, & again today, & it was clean, I also manually checked the registery, no entry.
It was on the winlogin notify, a sub-key. I also yesterday checked the notify
.dlls and all were the same exact date as XP install files, & say microsoft xp operating system in the version info. MY computer runs real slow now. It takes a long time to get to the login screen, & to shut down. I have aprox. 190-260 meg.s of virtual memory used, from start, to getting on the internet with GetRight running.(Info. from Task Manager Commit Charge.) I have 384
meg.s of r.a.m., everything is d.d.r. these days. My computer is all the time
accessing the h.d. like it is out of memory. I used to run about 116 meg.s of
v.memory, & it ran fine, before the internet & all the security programs, ext.
If I run Spyware Dr. while on internet it is aprox. 500 meg.s, & my computer is
almost unusable, so I don't. I just want to ask if you think I might have some
unresolved or new trojan, ext. (Also my a.v. has complained twice about the boot sector being changed, but I don't see how it can access an nt. boot sector while nt., (xp), is running. Both times I immediatly booted to DOS & ran my F-Prot a.v.,(I have the DOS version), & it said the sectors & the m.b.r. were fine, & no problems elsewhere including the files which can not be
checked while windows is running. I really trust F-Prot, I have used it sinse I
got on the internet years ago, & was the only program I had untill the 1st trojan I picked up. I type with 1 finger, it is taking forever to type this, & I forgot to add this site to trusted, & by the time I remrmbered I had typed a bunch, & didn't want to lose it by refeshing the page, so I have no javascript
running, & thus no spell checker. Please forgive the grammar! I am going to d.l. SP2, which the update said was aprox. 75 meg.s because I have all the critical updates untill SP2. After I can assure myself, I dont have any malware problems, it & the criical updates after SP2 are going to be the very
next things I will get installed. I can't thank you enough for taking the time to
help people like me. There are some good people left in this world. I am diabled now, and living on S.S.I. I am going to donate to S&D when I can. I
know it doesn't make any difference to them as far as support goes. They give the same level to everyone. I think they should charge for S&D. It works as good as the commercial ones! (Unfortunately though, no single program can detect all the viruses, trojans, & the *wares,ext.) HJT follows, if you haven't checked out a-squared HiJackFree, it's worth checking out,( http://www.emsisoft.com/en/ ). THANK YOU for everything !!!
(The new beta
doesn't show it but I have MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) , from old HJT log.)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:07:42 PM, on 6/24/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
E:\VIRUS & TROJAN Utils\HijackThis\Security TEST!!!.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/J.K.%20Bookmarks!!!!!!.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by J. K. ENTERPRISES ® !!!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900 (Port 7900 is NetZero, info. added by J.K., not in HJT log.)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.2mdn.net;cf.netzero.net;qs.netzero.net;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll (NZ=NetZero,J.K.)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Getright\xx2gr.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (Nvidia video card,J.K.)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: README1ST!!!JK!!!.lnk = E:\README1ST!!!JK!!!.txt
O4 - Startup: AnyDVD.lnk = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\Getright\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\Getright\GRbrowse.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll (came with m.s. power tweaks,J.K.)
O15 - Trusted Zone: http://www.cmszone.org
O15 - Trusted Zone: http://*.depositfiles.com
O15 - Trusted Zone: http://www.filefactory.com
O15 - Trusted Zone: http://www.megaupload.com
O15 - Trusted Zone: http://www.mvps.org
O15 - Trusted Zone: http://webmail.netzero.net
O15 - Trusted Zone: http://webmailb.netzero.net
O15 - Trusted Zone: http://*.rapidshare.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.xeem.to
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178088075763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182713399495
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe (My modem,J.K.)
--
End of file - 9101 bytes