and spybot is the only one of 3 malware detection programs to report it. Good Job! I would appreciate you kind assistance. I have backed up my registry.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:16 AM, on 8/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5287\ULiRaid.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\DU Meter\DUMETER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DU Meter] D:\DU Meter\DUMETER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [SpybotDeletingA8093] command.com /c del "C:\WINDOWS\system32\drivers\hjgruikdmixfqh.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9862] cmd.exe /c del "C:\WINDOWS\system32\drivers\hjgruikdmixfqh.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA477] command.com /c del "C:\WINDOWS\system32\hjgruibqvdlllx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3334] cmd.exe /c del "C:\WINDOWS\system32\hjgruibqvdlllx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9286] command.com /c del "C:\WINDOWS\system32\hjgruiwqkswlnt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2500] cmd.exe /c del "C:\WINDOWS\system32\hjgruiwqkswlnt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4589] command.com /c del "C:\WINDOWS\system32\hjgruidmlwblto.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1249] cmd.exe /c del "C:\WINDOWS\system32\hjgruidmlwblto.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2587] command.com /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1980] cmd.exe /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1333] command.com /c del "C:\WINDOWS\system32\drivers\hjgruikdmixfqh.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD981] cmd.exe /c del "C:\WINDOWS\system32\drivers\hjgruikdmixfqh.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6806] command.com /c del "C:\WINDOWS\system32\hjgruibqvdlllx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD611] cmd.exe /c del "C:\WINDOWS\system32\hjgruibqvdlllx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5285] command.com /c del "C:\WINDOWS\system32\hjgruiwqkswlnt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5856] cmd.exe /c del "C:\WINDOWS\system32\hjgruiwqkswlnt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3703] command.com /c del "C:\WINDOWS\system32\hjgruidmlwblto.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8655] cmd.exe /c del "C:\WINDOWS\system32\hjgruidmlwblto.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3225] command.com /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2589] cmd.exe /c del "C:\WINDOWS\system32\hjgruilog.dat"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1250327666185
O18 - Protocol: mcataloguer - {FECF9894-CCCF-4DE3-B994-AEE32E70B341} - C:\Program Files\MCataloguer\MCatProt.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6592 bytes