View Full Version : Boot Loop
javamama
2009-07-02, 02:52
My daughter was using Mozilla Firefox. She was listening to some music on imeem.com. She had loaded bulletproof FTP so she could upload a photo to her website. She may have had winamp open and she was in the process of loading Cool Edit Pro when the computer rebooted itself. From that time on it was in a boot loop. It would load windows and get into the desktop. Just when it seems that it had completely booted, it reboots. We were able to get into Safe Mode where we ran HijackThis. I don't know if there is malware. Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:20 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {74FA5D99-38CD-4E3E-B765-54FAD4BDA166} - C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft Games\nietsm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - C:\WINDOWS\system32\yetodiho.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - C:\WINDOWS\system32\iifdcBSm.dll (file missing)
O2 - BHO: {d06bef43-84af-f4eb-d174-bc2dca31fdac} - {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - C:\WINDOWS\system32\ylwumy.dll (file missing)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Movies Extractor Scout LITE - {8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - C:\Program Files\Movies Extractor Scout LITE\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: ylwumy C:\WINDOWS\system32\ c:\windows\system32\
O20 - Winlogon Notify: nietsm - C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft Games\nietsm.dll (file missing)
O20 - Winlogon Notify: rqRJaApo - rqRJaApo.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Compaq Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c98a22b1dd8258) (gupdate1c98a22b1dd8258) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: mysqlmain - Unknown owner - C:\devel\mysql\bin\mysqld.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10873 bytes
Hi,
There are traces of infection at least. Not sure if active and causing the issue but it won't hurt to investigate a bit.
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
javamama
2009-07-03, 20:27
Thanks. Here are the logs. One is attached per instructions from DDS.scr.
DDS (Ver_09-06-26.01) - NTFSx86 MINIMAL
Run by cheshire cat at 13:12:21.26 on Fri 07/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.138 [GMT -4:00]
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\gcd1\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {74fa5d99-38cd-4e3e-b765-54fad4bda166} - c:\documents and settings\compaq_owner\application data\microsoft games\nietsm.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - c:\windows\system32\yetodiho.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {b977fe3a-c5cf-4719-a69f-8c5c8a5b482f} - c:\windows\system32\iifdcBSm.dll
BHO: {d06bef43-84af-f4eb-d174-bc2dca31fdac}: {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - c:\windows\system32\ylwumy.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PE2CKFNT SE] c:\program files\ulead systems\ulead photo express 2 se\ChkFont.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\cheshi~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\movies extractor scout lite\flashextract.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: nietsm - c:\documents and settings\compaq_owner\application data\microsoft games\nietsm.dll
Notify: rqRJaApo - rqRJaApo.dll
AppInit_DLLs: ylwumy c:\windows\system32\ c:\windows\system32\
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\iifdcBSm
LSA: Notification Packages = scecli c:\windows\system32\vitayafi.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cheshi~1\applic~1\mozilla\firefox\profiles\06943amm.default\
FF - component: c:\program files\google\google gears\firefox\components\gears_ff2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-13 11608]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-21 353672]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-13 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-13 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-24 55640]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-4-16 16512]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-21 464264]
S4 NNServ;NNServ;"c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart --> c:\program files\newdotnet\nnrun.exe [?]
=============== Created Last 30 ================
2009-07-01 20:41 <DIR> --d----- C:\REGBACKUP
2009-06-30 19:44 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 14:14 292 a------- c:\windows\vtmb.ini
==================== Find3M ====================
2009-06-24 22:44 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-06-08 12:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-18 11:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-14 11:50 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 18:02 81,867 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 18:02 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-04-29 18:02 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-04-29 18:02 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-04-29 18:02 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-04-29 18:02 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-04-29 18:02 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-21 11:09 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-12-02 16:48 1,028,752 a------- c:\program files\Google Updater.exe
2008-11-04 19:26 1,060,074 a------- c:\program files\electricsheep-2.6.6.exe
2007-10-19 14:47 5,661 ac------ c:\program files\install.log
2007-08-12 02:41 11,303,345 a------- c:\program files\flow_04142006.zip
2007-07-01 22:35 49,673,528 a------- c:\program files\iTunesSetup.exe
2001-05-21 18:11 176 ac------ c:\program files\WMDL.inf
2001-05-21 14:18 147,456 ac------ c:\program files\WMDownload.dll
============= FINISH: 13:15:23.17 ===============
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
-C:\ComboFix.txt
-New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
javamama
2009-07-03, 21:55
The problem computer can only be booted into safe mode and can't connect to the internet at this time. Can I download ComboFix onto another computer and then install it to the problem computer? As I started to read the instructions, it looked like problem computer needed to be connected to the internet in order to run ComboFix. Not sure what to do.
Yes, you may download it onto another computer. Download also recovery console (follow instructions for manual installation of recovery console in ComboFix tutorial).
javamama
2009-07-04, 07:09
Here are the combofix.txt and the new dds.txt logs: Thanks.
ComboFix 09-07-03.03 - Compaq_Owner 07/03/2009 23:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.61 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Compaq_Owner\Application Data\FunWebProducts
c:\documents and settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\avatar.dat
c:\documents and settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\register.dat
c:\documents and settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\zbucks.dat
c:\program files\INSTALL.LOG
c:\windows\Installer\14d53e1.msi
c:\windows\Installer\16ce3da.msi
c:\windows\Installer\16ce3db.msp
c:\windows\Installer\16ce3dc.msp
c:\windows\Installer\16ce3dd.msp
c:\windows\Installer\16ce3de.msp
c:\windows\Installer\16ce3df.msp
c:\windows\Installer\16ce3e0.msp
c:\windows\Installer\16ce3e1.msp
c:\windows\Installer\16ce3e2.msp
c:\windows\Installer\16ce3e3.msp
c:\windows\Installer\21616.msi
c:\windows\Installer\217d54c.msi
c:\windows\Installer\4e2729.msi
c:\windows\Installer\60bc39.msp
c:\windows\Installer\60bc3a.msp
c:\windows\Installer\60bc3b.msp
c:\windows\Installer\60bc3c.msp
c:\windows\Installer\60bc3d.msp
c:\windows\Installer\60bc3e.msp
c:\windows\Installer\60bc3f.msp
c:\windows\Installer\60bc40.msp
c:\windows\Installer\60bc41.msp
c:\windows\Installer\60bc42.msp
c:\windows\system32\drivers\hjgruicdivxiqx.sys
c:\windows\system32\hjgruifoewmtsj.dat
c:\windows\system32\hjgruiilyypemu.dll
c:\windows\system32\hjgruivnixvxlk.dat
c:\windows\system32\hjgruiyrbqombi.dll
c:\windows\system32\model.dat
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruigntsexfv
-------\Legacy_NNSERV
-------\Service_NNServ
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.
2009-07-04 03:04 . 2009-07-04 02:29 3044558 ----a-r- C:\ComboFix.exe
2009-07-03 14:39 . 2009-07-03 14:39 1 ----a-w- c:\documents and settings\cheshire cat\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-02 16:15 . 2009-07-03 14:38 -------- d-----w- c:\documents and settings\cheshire cat\Application Data\OpenOffice.org2
2009-07-02 00:41 . 2009-07-02 00:41 -------- d-----w- C:\REGBACKUP
2009-06-30 23:44 . 2009-06-30 23:44 -------- d-----w- c:\program files\Trend Micro
2009-06-30 18:50 . 2009-06-30 18:50 -------- d-----w- c:\documents and settings\cheshire cat\Local Settings\Application Data\Mozilla
2009-06-30 17:38 . 2009-06-30 17:38 -------- d-----w- c:\documents and settings\cheshire cat\Local Settings\Application Data\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 04:12 . 2009-07-04 04:16 38400 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-07-04 03:02 . 2007-10-07 18:48 70896 ----a-w- c:\documents and settings\cheshire cat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 23:10 . 2009-06-30 23:12 1367552 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-06-30 23:10 . 2009-06-30 23:12 46080 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-06-30 23:08 . 2009-06-30 23:08 70776 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_30_19_00_47_small.dmp.zip
2009-06-30 22:50 . 2009-06-30 23:00 1364480 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-30 22:50 . 2009-06-30 22:59 36864 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-06-30 22:36 . 2009-06-30 22:39 1364992 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-30 22:36 . 2009-06-30 22:38 417280 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-30 17:29 . 2009-06-30 17:30 12800 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-30 17:29 . 2009-06-30 17:31 1317376 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-30 17:26 . 2009-06-30 17:28 12800 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-30 17:26 . 2009-06-30 17:29 1370112 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-30 17:11 . 2009-06-30 17:26 1369088 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-30 17:11 . 2009-06-30 17:26 117248 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-30 17:02 . 2009-06-30 17:29 1368576 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-30 16:20 . 2005-11-09 23:13 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-06-29 17:21 . 2009-06-29 17:23 120832 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-29 17:21 . 2009-06-29 17:23 3389952 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-29 16:01 . 2009-06-29 17:23 3389440 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-28 00:43 . 2006-02-13 16:18 30798 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-06-25 05:55 . 2009-06-25 13:19 282112 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-25 02:44 . 2007-01-27 16:15 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-24 23:07 . 2006-08-14 23:01 -------- d-----w- c:\program files\Diablo II
2009-06-24 16:27 . 2007-10-15 21:25 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2
2009-06-24 16:26 . 2007-10-16 01:03 1 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-20 00:00 . 2005-09-03 01:02 -------- d-----w- c:\program files\Google
2009-06-18 04:30 . 2005-12-29 01:07 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\BPFTP
2009-06-16 18:18 . 2005-09-03 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 17:56 . 2005-11-29 16:52 -------- d-----w- c:\program files\Activision
2009-06-10 04:56 . 2009-06-10 13:12 304128 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-01 16:17 . 2009-06-01 16:17 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-30 04:26 . 2009-05-30 14:16 35840 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-05-29 23:36 . 2009-05-30 00:38 288256 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-05-20 04:37 . 2009-05-20 14:28 422400 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-05-18 21:33 . 2006-02-15 12:14 70896 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 16:00 . 2009-05-18 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-18 15:59 . 2009-05-18 16:01 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-18 15:59 . 2009-05-18 15:59 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-18 15:57 . 2009-05-18 15:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-18 15:56 . 2006-10-06 14:41 -------- d-----w- c:\program files\Lavasoft
2009-05-18 15:52 . 2006-03-30 20:04 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Lavasoft
2009-05-14 15:50 . 2009-03-24 16:57 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-12 04:30 . 2009-05-12 04:30 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-11 00:28 . 2009-05-11 00:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 04:46 . 2009-04-30 14:24 3319296 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-04-30 04:45 . 2009-04-30 14:24 2676736 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-04-29 22:02 . 2005-06-24 22:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-29 22:02 . 2009-04-29 22:02 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-04-29 22:02 . 2009-04-29 22:02 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-04-29 22:02 . 2009-04-29 22:02 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-04-29 22:02 . 2009-04-29 22:02 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-04-29 22:02 . 2009-04-29 22:02 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-04-29 22:02 . 2009-04-29 22:02 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-04-29 22:02 . 2009-04-29 22:02 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-04-29 22:02 . 2009-04-29 22:02 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-04-29 20:45 . 2007-08-21 14:25 2663113 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-04-29 04:56 . 2004-08-04 05:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 15:09 . 2007-07-03 23:21 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-02 20:48 . 2008-12-02 20:48 1028752 ----a-w- c:\program files\Google Updater.exe
2008-11-04 23:26 . 2008-11-04 23:27 1060074 ----a-w- c:\program files\electricsheep-2.6.6.exe
2007-08-12 06:41 . 2007-08-12 06:40 11303345 ----a-w- c:\program files\flow_04142006.zip
2007-07-02 02:35 . 2007-07-02 02:34 49673528 ----a-w- c:\program files\iTunesSetup.exe
2001-05-21 22:11 . 2001-05-21 22:11 176 -c--a-w- c:\program files\WMDL.inf
2001-05-21 18:18 . 2001-05-21 18:18 147456 -c--a-w- c:\program files\WMDownload.dll
2008-12-22 23:09 . 2006-01-22 18:04 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 23:09 . 2006-01-22 18:04 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 23:09 . 2007-07-04 17:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 23:09 . 2007-07-04 17:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 23:09 . 2006-01-22 18:04 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-03 180269]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-27 81920]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-16 271672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-08 518488]
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-20 575488]
c:\documents and settings\cheshire cat\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NNServ"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c98a22b1dd8258"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ASKService"=2 (0x2)
"iPod Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\DUKE3D\\DUKE3D.EXE"=
"c:\\TournamentDemo\\System\\UnrealTournament.exe"=
"c:\\UT2004Demo\\System\\UT2004.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/18/2009 12:01 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 3:23 PM 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/16/2006 7:57 PM 16512]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [4/21/2009 11:11 AM 464264]
.
Contents of the 'Scheduled Tasks' folder
2009-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:03]
2008-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 19:22]
.
- - - - ORPHANS REMOVED - - - -
BHO-{74FA5D99-38CD-4E3E-B765-54FAD4BDA166} - (no file)
BHO-{a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - c:\windows\system32\yetodiho.dll
BHO-{B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - c:\windows\system32\iifdcBSm.dll
BHO-{cadf13ac-d2cb-471d-be4f-fa4834feb60d} - c:\windows\system32\ylwumy.dll
HKCU-Run-Steam - (no file)
HKLM-Run-PCDrProfiler - (no file)
Notify-nietsm - c:\documents and settings\Compaq_Owner\Application Data\Microsoft Games\nietsm.dll
Notify-rqRJaApo - rqRJaApo.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.com/index.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://register.wildtangent.com/ecomm/predir/pageredirect.asp?prodguid={BDB9CD20-9BAC-4828-B983-A27314A99963}&pagetype=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJfox000
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\Movies Extractor Scout LITE\flashextract.exe
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\l2811m2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears_ff2.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 00:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysqlmain]
"ImagePath"="c:\devel\mysql\bin\mysqld mysqlmain"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3923754953-1013770388-974162486-1009\Software\SecuROM\License information*]
"datasecu"=hex:9d,f5,19,0c,84,f1,3f,1d,06,7d,e2,1e,b3,ba,dc,5d,b8,07,c6,cf,5a,
46,06,2a,36,47,e0,cd,64,74,1a,58,a6,5e,ea,1a,b3,93,2d,16,f6,76,9b,fe,b7,7a,\
"rkeysecu"=hex:e6,01,ea,ac,60,05,c2,ba,bb,b0,d8,7a,b5,50,8d,da
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(168)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\devel\mysql\bin\mysqld.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-07-04 0:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-04 04:54
Pre-Run: 22,400,991,232 bytes free
Post-Run: 23,476,662,272 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=,1,2,3,4
320 --- E O F --- 2009-06-25 05:55
DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 1:02:55.78 on Sat 07/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.41 [GMT -4:00]
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\devel\mysql\bin\mysqld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\gcd1\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://portal.wowway.com/index.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://register.wildtangent.com/ecomm/predir/pageredirect.asp?prodguid={BDB9CD20-9BAC-4828-B983-A27314A99963}&pagetype=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - No File
BHO: {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - No File
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PE2CKFNT SE] c:\program files\ulead systems\ulead photo express 2 se\ChkFont.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - ?p=ZJfox000
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\movies extractor scout lite\flashextract.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\l2811m2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\google\google gears\firefox\components\gears_ff2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-21 353672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-4-16 16512]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-21 464264]
=============== Created Last 30 ================
2009-07-04 00:51 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-03 23:08 161,792 a------- c:\windows\SWREG.exe
2009-07-03 23:08 155,136 a------- c:\windows\PEV.exe
2009-07-03 23:08 98,816 a------- c:\windows\sed.exe
2009-07-03 23:04 3,044,558 a----r-- C:\ComboFix.exe
2009-07-01 20:41 <DIR> --d----- C:\REGBACKUP
2009-06-30 19:44 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 14:14 292 a------- c:\windows\vtmb.ini
==================== Find3M ====================
2009-06-27 20:43 30,798 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2009-06-24 22:44 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-06-08 12:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-18 11:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-14 11:50 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 18:02 81,867 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 18:02 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-04-29 18:02 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-04-29 18:02 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-04-29 18:02 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-04-29 18:02 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-04-29 18:02 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-21 11:09 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-01-13 16:52 34 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat
2008-12-02 16:48 1,028,752 a------- c:\program files\Google Updater.exe
2008-11-04 19:26 1,060,074 a------- c:\program files\electricsheep-2.6.6.exe
2007-08-12 02:41 11,303,345 a------- c:\program files\flow_04142006.zip
2007-07-01 22:35 49,673,528 a------- c:\program files\iTunesSetup.exe
2001-05-21 18:11 176 ac------ c:\program files\WMDL.inf
2001-05-21 14:18 147,456 ac------ c:\program files\WMDownload.dll
============= FINISH: 1:04:43.59 ===============
Hi,
Looks like normal mode is working again.
Is your ZoneAlarm license still valid?
Uninstall ZoneAlarm Spy Blocker Toolbar if not installed on purpose.
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
BHO: {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - No File
BHO: {B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - No File
BHO: {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NNServ"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
Reboot::
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 14 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
javamama
2009-07-06, 17:14
Thank you so much for your help. Here are the KAS.txt, dds.txt, and combofix.txt logs.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, July 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 05, 2009 21:12:41
Records in database: 2430157
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 354976
Threat name: 13
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 13:48:18
File name / Threat name / Threats count
C:\gcd1\avistorianchristmasss.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\gcd1\avistorianchristmasss.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\gcd1\avistorianchristmasss.exe Infected: not-a-virus:AdWare.Win32.Relevant.a 1
C:\gcd1\gcd\my_wish_mh.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\gcd1\gcd\my_wish_mh.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\gcd1\gcd\my_wish_mh.exe Infected: Trojan-Downloader.Win32.Agent.er 1
C:\gcd1\gcd\my_wish_mh.exe Infected: not-a-virus:AdWare.Win32.EZula.u 1
C:\gcd1\gcd\my_wish_mh.exe Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b 1
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Program Files\Starcraft\battle.snp Infected: Trojan.Win32.Vapsup.vdf 1
C:\Program Files\Starcraft\standard.snp Infected: Trojan.Win32.Vapsup.vdg 1
C:\Program Files\Starcraft\storm.dll Infected: Trojan.Win32.Vapsup.vdi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruiilyypemu.dll.vir Infected: Trojan.Win32.Monder.cqbi 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1327\A0601082.dll Infected: Trojan.Win32.Monder.cqbi 1
D:\I386\Apps\APP19302\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1
The selected area was scanned.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 11:06:44.95 on Mon 07/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.151 [GMT -4:00]
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\devel\mysql\bin\mysqld.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\gcd1\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://portal.wowway.com/index.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://register.wildtangent.com/ecomm/predir/pageredirect.asp?prodguid={BDB9CD20-9BAC-4828-B983-A27314A99963}&pagetype=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - No File
BHO: {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PE2CKFNT SE] c:\program files\ulead systems\ulead photo express 2 se\ChkFont.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - ?p=ZJfox000
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\movies extractor scout lite\flashextract.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\l2811m2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\google\google gears\firefox\components\gears_ff2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-21 353672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-4-16 16512]
=============== Created Last 30 ================
2009-07-05 19:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-05 19:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-04 00:51 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-03 23:08 161,792 a------- c:\windows\SWREG.exe
2009-07-03 23:08 155,136 a------- c:\windows\PEV.exe
2009-07-03 23:08 98,816 a------- c:\windows\sed.exe
2009-07-03 23:04 3,044,558 a----r-- C:\ComboFix.exe
2009-07-01 20:41 <DIR> --d----- C:\REGBACKUP
2009-06-30 19:44 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 14:14 292 a------- c:\windows\vtmb.ini
==================== Find3M ====================
2009-06-27 20:43 30,798 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2009-06-24 22:44 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-06-08 12:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-18 11:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-14 11:50 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 18:02 81,867 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 18:02 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-04-29 18:02 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-04-29 18:02 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-04-29 18:02 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-04-29 18:02 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-04-29 18:02 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-21 11:09 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-01-13 16:52 34 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat
2008-12-02 16:48 1,028,752 a------- c:\program files\Google Updater.exe
2008-11-04 19:26 1,060,074 a------- c:\program files\electricsheep-2.6.6.exe
2007-08-12 02:41 11,303,345 a------- c:\program files\flow_04142006.zip
2007-07-01 22:35 49,673,528 a------- c:\program files\iTunesSetup.exe
2001-05-21 18:11 176 ac------ c:\program files\WMDL.inf
2001-05-21 14:18 147,456 ac------ c:\program files\WMDownload.dll
============= FINISH: 11:07:38.32 ===============
ComboFix 09-07-03.03 - Compaq_Owner 07/05/2009 16:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.122 [GMT -4:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.
2009-07-04 03:04 . 2009-07-04 02:29 3044558 ----a-r- C:\ComboFix.exe
2009-07-03 14:39 . 2009-07-03 14:39 1 ----a-w- c:\documents and settings\cheshire cat\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-02 16:15 . 2009-07-03 14:38 -------- d-----w- c:\documents and settings\cheshire cat\Application Data\OpenOffice.org2
2009-07-02 00:41 . 2009-07-02 00:41 -------- d-----w- C:\REGBACKUP
2009-06-30 23:44 . 2009-06-30 23:44 -------- d-----w- c:\program files\Trend Micro
2009-06-30 18:50 . 2009-06-30 18:50 -------- d-----w- c:\documents and settings\cheshire cat\Local Settings\Application Data\Mozilla
2009-06-30 17:38 . 2009-06-30 17:38 -------- d-----w- c:\documents and settings\cheshire cat\Local Settings\Application Data\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 20:29 . 2005-12-29 01:07 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\BPFTP
2009-07-04 17:01 . 2005-11-09 23:13 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-07-04 04:12 . 2009-07-04 04:16 38400 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-07-04 03:02 . 2007-10-07 18:48 70896 ----a-w- c:\documents and settings\cheshire cat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 23:10 . 2009-06-30 23:12 1367552 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-06-30 23:10 . 2009-06-30 23:12 46080 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-06-30 23:08 . 2009-06-30 23:08 70776 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_30_19_00_47_small.dmp.zip
2009-06-30 22:50 . 2009-06-30 23:00 1364480 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-30 22:50 . 2009-06-30 22:59 36864 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-06-30 22:36 . 2009-06-30 22:39 1364992 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-30 22:36 . 2009-06-30 22:38 417280 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-30 17:29 . 2009-06-30 17:30 12800 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-30 17:29 . 2009-06-30 17:31 1317376 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-30 17:26 . 2009-06-30 17:28 12800 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-30 17:26 . 2009-06-30 17:29 1370112 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-30 17:11 . 2009-06-30 17:26 1369088 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-30 17:11 . 2009-06-30 17:26 117248 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-30 17:02 . 2009-06-30 17:29 1368576 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-29 17:21 . 2009-06-29 17:23 120832 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-29 17:21 . 2009-06-29 17:23 3389952 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-29 16:01 . 2009-06-29 17:23 3389440 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-28 00:43 . 2006-02-13 16:18 30798 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-06-25 05:55 . 2009-06-25 13:19 282112 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-25 02:44 . 2007-01-27 16:15 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-24 23:07 . 2006-08-14 23:01 -------- d-----w- c:\program files\Diablo II
2009-06-24 16:27 . 2007-10-15 21:25 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2
2009-06-24 16:26 . 2007-10-16 01:03 1 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-20 00:00 . 2005-09-03 01:02 -------- d-----w- c:\program files\Google
2009-06-16 18:18 . 2005-09-03 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 17:56 . 2005-11-29 16:52 -------- d-----w- c:\program files\Activision
2009-06-10 04:56 . 2009-06-10 13:12 304128 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-01 16:17 . 2009-06-01 16:17 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-30 04:26 . 2009-05-30 14:16 35840 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-05-29 23:36 . 2009-05-30 00:38 288256 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-05-20 04:37 . 2009-05-20 14:28 422400 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-05-18 21:33 . 2006-02-15 12:14 70896 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 16:00 . 2009-05-18 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-18 15:59 . 2009-05-18 16:01 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-18 15:59 . 2009-05-18 15:59 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-18 15:57 . 2009-05-18 15:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-18 15:56 . 2006-10-06 14:41 -------- d-----w- c:\program files\Lavasoft
2009-05-18 15:52 . 2006-03-30 20:04 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Lavasoft
2009-05-14 15:50 . 2009-03-24 16:57 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-12 04:30 . 2009-05-12 04:30 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-11 00:28 . 2009-05-11 00:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 04:46 . 2009-04-30 14:24 3319296 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-04-30 04:45 . 2009-04-30 14:24 2676736 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-04-29 22:02 . 2005-06-24 22:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-29 22:02 . 2009-04-29 22:02 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-04-29 22:02 . 2009-04-29 22:02 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-04-29 22:02 . 2009-04-29 22:02 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-04-29 22:02 . 2009-04-29 22:02 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-04-29 22:02 . 2009-04-29 22:02 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-04-29 22:02 . 2009-04-29 22:02 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-04-29 22:02 . 2009-04-29 22:02 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-04-29 22:02 . 2009-04-29 22:02 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-04-29 20:45 . 2007-08-21 14:25 2663113 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-04-29 04:56 . 2004-08-04 05:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 15:09 . 2007-07-03 23:21 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-02 20:48 . 2008-12-02 20:48 1028752 ----a-w- c:\program files\Google Updater.exe
2008-11-04 23:26 . 2008-11-04 23:27 1060074 ----a-w- c:\program files\electricsheep-2.6.6.exe
2007-08-12 06:41 . 2007-08-12 06:40 11303345 ----a-w- c:\program files\flow_04142006.zip
2007-07-02 02:35 . 2007-07-02 02:34 49673528 ----a-w- c:\program files\iTunesSetup.exe
2001-05-21 22:11 . 2001-05-21 22:11 176 -c--a-w- c:\program files\WMDL.inf
2001-05-21 18:18 . 2001-05-21 18:18 147456 -c--a-w- c:\program files\WMDownload.dll
2008-12-22 23:09 . 2006-01-22 18:04 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 23:09 . 2006-01-22 18:04 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 23:09 . 2007-07-04 17:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 23:09 . 2007-07-04 17:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 23:09 . 2006-01-22 18:04 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-03 180269]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-27 81920]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-16 271672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-08 518488]
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-20 575488]
c:\documents and settings\cheshire cat\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nietsm]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJaApo]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"gupdate1c98a22b1dd8258"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ASKService"=2 (0x2)
"iPod Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\DUKE3D\\DUKE3D.EXE"=
"c:\\TournamentDemo\\System\\UnrealTournament.exe"=
"c:\\UT2004Demo\\System\\UT2004.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/18/2009 12:01 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 3:23 PM 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/16/2006 7:57 PM 16512]
.
Contents of the 'Scheduled Tasks' folder
2009-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:03]
2008-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 19:22]
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - (no file)
BHO-{B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - (no file)
BHO-{cadf13ac-d2cb-471d-be4f-fa4834feb60d} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.com/index.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://register.wildtangent.com/ecomm/predir/pageredirect.asp?prodguid={BDB9CD20-9BAC-4828-B983-A27314A99963}&pagetype=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJfox000
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\Movies Extractor Scout LITE\flashextract.exe
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\l2811m2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears_ff2.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 17:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysqlmain]
"ImagePath"="c:\devel\mysql\bin\mysqld mysqlmain"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3923754953-1013770388-974162486-1009\Software\SecuROM\License information*]
"datasecu"=hex:9d,f5,19,0c,84,f1,3f,1d,06,7d,e2,1e,b3,ba,dc,5d,b8,07,c6,cf,5a,
46,06,2a,36,47,e0,cd,64,74,1a,58,a6,5e,ea,1a,b3,93,2d,16,f6,76,9b,fe,b7,7a,\
"rkeysecu"=hex:e6,01,ea,ac,60,05,c2,ba,bb,b0,d8,7a,b5,50,8d,da
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1476)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\devel\mysql\bin\mysqld.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2009-07-05 18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 22:10
ComboFix2.txt 2009-07-04 04:54
Pre-Run: 23,626,285,056 bytes free
Post-Run: 23,600,439,296 bytes free
270 --- E O F --- 2009-06-25 05:55
Hi,
You probably missed my question about ZoneAlarm license. Is it valid?
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\gcd1\avistorianchristmasss.exe
C:\gcd1\gcd\my_wish_mh.exe
C:\Program Files\MSN Messenger\msimg32.dll
DDS::
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - No File
BHO: {B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - No File
BHO: {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - No File
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nietsm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJaApo]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ASKService"=-
Reboot::
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
javamama
2009-07-06, 19:49
I'm not sure about my Zone Alarm. As far as I know it should be valid. However, I notice that now when I bring up the Control Center, there is no information in it. It is basically a blank screen.
I will run Combofix as you requested and post back here when it is done.
Thanks.
javamama
2009-07-06, 21:42
I'm not sure about my Zone Alarm. As far as I know it should be valid. However, I notice that now when I bring up the Control Center, there is no information in it. It is basically a blank screen. However, it is catching things that are trying to connect to the internet.
Here are the ComboFix.txt and dds.txt logs.
ComboFix 09-07-03.03 - Compaq_Owner 07/06/2009 13:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.163 [GMT -4:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\gcd1\avistorianchristmasss.exe"
"c:\gcd1\gcd\my_wish_mh.exe"
"c:\program files\MSN Messenger\msimg32.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\gcd1\avistorianchristmasss.exe
c:\gcd1\gcd\my_wish_mh.exe
c:\program files\MSN Messenger\msimg32.dll
F:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.
2009-07-05 23:29 . 2009-07-05 23:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-04 03:04 . 2009-07-04 02:29 3044558 ----a-r- C:\ComboFix.exe
2009-07-03 14:39 . 2009-07-03 14:39 1 ----a-w- c:\documents and settings\cheshire cat\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-02 16:15 . 2009-07-03 14:38 -------- d-----w- c:\documents and settings\cheshire cat\Application Data\OpenOffice.org2
2009-07-02 00:41 . 2009-07-02 00:41 -------- d-----w- C:\REGBACKUP
2009-06-30 23:44 . 2009-06-30 23:44 -------- d-----w- c:\program files\Trend Micro
2009-06-30 18:50 . 2009-06-30 18:50 -------- d-----w- c:\documents and settings\cheshire cat\Local Settings\Application Data\Mozilla
2009-06-30 17:38 . 2009-06-30 17:38 -------- d-----w- c:\documents and settings\cheshire cat\Local Settings\Application Data\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 18:46 . 2006-01-22 19:18 -------- d-----w- c:\program files\MSN Messenger
2009-07-06 17:41 . 2005-12-29 01:07 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\BPFTP
2009-07-06 15:16 . 2007-10-15 21:25 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2
2009-07-06 15:11 . 2007-10-16 01:03 1 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-05 23:28 . 2005-09-03 00:22 -------- d-----w- c:\program files\Java
2009-07-05 22:47 . 2007-03-03 16:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-04 17:01 . 2005-11-09 23:13 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-07-04 04:12 . 2009-07-04 04:16 38400 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-07-04 03:02 . 2007-10-07 18:48 70896 ----a-w- c:\documents and settings\cheshire cat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 23:10 . 2009-06-30 23:12 1367552 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-06-30 23:10 . 2009-06-30 23:12 46080 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-06-30 23:08 . 2009-06-30 23:08 70776 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_30_19_00_47_small.dmp.zip
2009-06-30 22:50 . 2009-06-30 23:00 1364480 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-30 22:50 . 2009-06-30 22:59 36864 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-06-30 22:36 . 2009-06-30 22:39 1364992 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-30 22:36 . 2009-06-30 22:38 417280 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-30 17:29 . 2009-06-30 17:30 12800 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-30 17:29 . 2009-06-30 17:31 1317376 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-30 17:26 . 2009-06-30 17:28 12800 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-30 17:26 . 2009-06-30 17:29 1370112 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-30 17:11 . 2009-06-30 17:26 1369088 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-30 17:11 . 2009-06-30 17:26 117248 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-30 17:02 . 2009-06-30 17:29 1368576 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-29 17:21 . 2009-06-29 17:23 120832 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-29 17:21 . 2009-06-29 17:23 3389952 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-29 16:01 . 2009-06-29 17:23 3389440 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-28 00:43 . 2006-02-13 16:18 30798 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-06-25 05:55 . 2009-06-25 13:19 282112 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-25 02:44 . 2007-01-27 16:15 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-24 23:07 . 2006-08-14 23:01 -------- d-----w- c:\program files\Diablo II
2009-06-20 00:00 . 2005-09-03 01:02 -------- d-----w- c:\program files\Google
2009-06-16 18:18 . 2005-09-03 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 17:56 . 2005-11-29 16:52 -------- d-----w- c:\program files\Activision
2009-06-10 04:56 . 2009-06-10 13:12 304128 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-01 16:17 . 2009-06-01 16:17 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-30 04:26 . 2009-05-30 14:16 35840 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-05-29 23:36 . 2009-05-30 00:38 288256 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-05-20 04:37 . 2009-05-20 14:28 422400 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-05-18 21:33 . 2006-02-15 12:14 70896 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 16:00 . 2009-05-18 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-18 15:59 . 2009-05-18 16:01 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-18 15:59 . 2009-05-18 15:59 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-18 15:57 . 2009-05-18 15:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-18 15:56 . 2006-10-06 14:41 -------- d-----w- c:\program files\Lavasoft
2009-05-18 15:52 . 2006-03-30 20:04 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Lavasoft
2009-05-14 15:50 . 2009-03-24 16:57 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-12 04:30 . 2009-05-12 04:30 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-11 00:28 . 2009-05-11 00:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 04:46 . 2009-04-30 14:24 3319296 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-04-30 04:45 . 2009-04-30 14:24 2676736 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-04-29 22:02 . 2005-06-24 22:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-29 22:02 . 2009-04-29 22:02 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-04-29 22:02 . 2009-04-29 22:02 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-04-29 22:02 . 2009-04-29 22:02 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-04-29 22:02 . 2009-04-29 22:02 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-04-29 22:02 . 2009-04-29 22:02 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-04-29 22:02 . 2009-04-29 22:02 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-04-29 22:02 . 2009-04-29 22:02 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-04-29 22:02 . 2009-04-29 22:02 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-04-29 20:45 . 2007-08-21 14:25 2663113 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-04-29 04:56 . 2004-08-04 05:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 15:09 . 2007-07-03 23:21 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-02 20:48 . 2008-12-02 20:48 1028752 ----a-w- c:\program files\Google Updater.exe
2008-11-04 23:26 . 2008-11-04 23:27 1060074 ----a-w- c:\program files\electricsheep-2.6.6.exe
2007-08-12 06:41 . 2007-08-12 06:40 11303345 ----a-w- c:\program files\flow_04142006.zip
2007-07-02 02:35 . 2007-07-02 02:34 49673528 ----a-w- c:\program files\iTunesSetup.exe
2001-05-21 22:11 . 2001-05-21 22:11 176 -c--a-w- c:\program files\WMDL.inf
2001-05-21 18:18 . 2001-05-21 18:18 147456 -c--a-w- c:\program files\WMDownload.dll
2008-12-22 23:09 . 2006-01-22 18:04 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 23:09 . 2006-01-22 18:04 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 23:09 . 2007-07-04 17:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 23:09 . 2007-07-04 17:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 23:09 . 2006-01-22 18:04 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-04_04.18.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 18:52 . 2009-07-06 18:52 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2009-07-05 23:29 . 2009-07-05 23:28 148888 c:\windows\system32\javaws.exe
+ 2009-07-05 23:29 . 2009-07-05 23:28 144792 c:\windows\system32\javaw.exe
+ 2009-07-05 23:29 . 2009-07-05 23:28 144792 c:\windows\system32\java.exe
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-05 23:28 . 2009-07-05 23:28 1563648 c:\windows\Installer\198882.msi
+ 2009-07-05 22:50 . 2009-07-05 22:50 6653952 c:\windows\Installer\18d3cd.msp
+ 2009-07-05 22:47 . 2009-07-05 22:47 3938816 c:\windows\Installer\18d3a9.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-03 180269]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-27 81920]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-16 271672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-08 518488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888]
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-20 575488]
c:\documents and settings\cheshire cat\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"gupdate1c98a22b1dd8258"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\DUKE3D\\DUKE3D.EXE"=
"c:\\TournamentDemo\\System\\UnrealTournament.exe"=
"c:\\UT2004Demo\\System\\UT2004.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/18/2009 12:01 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 3:23 PM 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/16/2006 7:57 PM 16512]
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:03]
2008-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 19:22]
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - (no file)
BHO-{B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - (no file)
BHO-{cadf13ac-d2cb-471d-be4f-fa4834feb60d} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.com/index.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://register.wildtangent.com/ecomm/predir/pageredirect.asp?prodguid={BDB9CD20-9BAC-4828-B983-A27314A99963}&pagetype=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJfox000
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\Movies Extractor Scout LITE\flashextract.exe
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\l2811m2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears_ff2.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 14:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysqlmain]
"ImagePath"="c:\devel\mysql\bin\mysqld mysqlmain"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3923754953-1013770388-974162486-1009\Software\SecuROM\License information*]
"datasecu"=hex:9d,f5,19,0c,84,f1,3f,1d,06,7d,e2,1e,b3,ba,dc,5d,b8,07,c6,cf,5a,
46,06,2a,36,47,e0,cd,64,74,1a,58,a6,5e,ea,1a,b3,93,2d,16,f6,76,9b,fe,b7,7a,\
"rkeysecu"=hex:e6,01,ea,ac,60,05,c2,ba,bb,b0,d8,7a,b5,50,8d,da
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2168)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\devel\mysql\bin\mysqld.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-07-06 15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 19:18
ComboFix2.txt 2009-07-05 22:11
ComboFix3.txt 2009-07-04 04:54
Pre-Run: 23,214,997,504 bytes free
Post-Run: 23,242,539,008 bytes free
294 --- E O F --- 2009-06-25 05:55
DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 15:26:11.84 on Mon 07/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.78 [GMT -4:00]
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\devel\mysql\bin\mysqld.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\gcd1\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://portal.wowway.com/index.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://register.wildtangent.com/ecomm/predir/pageredirect.asp?prodguid={BDB9CD20-9BAC-4828-B983-A27314A99963}&pagetype=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - No File
BHO: {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PE2CKFNT SE] c:\program files\ulead systems\ulead photo express 2 se\ChkFont.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - ?p=ZJfox000
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\movies extractor scout lite\flashextract.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\l2811m2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\google\google gears\firefox\components\gears_ff2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-21 353672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-4-16 16512]
=============== Created Last 30 ================
2009-07-05 19:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-05 19:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-04 00:51 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-03 23:08 161,792 a------- c:\windows\SWREG.exe
2009-07-03 23:08 155,136 a------- c:\windows\PEV.exe
2009-07-03 23:08 98,816 a------- c:\windows\sed.exe
2009-07-03 23:04 3,044,558 a----r-- C:\ComboFix.exe
2009-07-01 20:41 <DIR> --d----- C:\REGBACKUP
2009-06-30 19:44 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 14:14 292 a------- c:\windows\vtmb.ini
==================== Find3M ====================
2009-06-27 20:43 30,798 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2009-06-24 22:44 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-06-08 12:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-18 11:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-14 11:50 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 18:02 81,867 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 18:02 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-04-29 18:02 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-04-29 18:02 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-04-29 18:02 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-04-29 18:02 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-04-29 18:02 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-21 11:09 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-01-13 16:52 34 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat
2008-12-02 16:48 1,028,752 a------- c:\program files\Google Updater.exe
2008-11-04 19:26 1,060,074 a------- c:\program files\electricsheep-2.6.6.exe
2007-08-12 02:41 11,303,345 a------- c:\program files\flow_04142006.zip
2007-07-01 22:35 49,673,528 a------- c:\program files\iTunesSetup.exe
2001-05-21 18:11 176 ac------ c:\program files\WMDL.inf
2001-05-21 14:18 147,456 ac------ c:\program files\WMDownload.dll
============= FINISH: 15:27:14.40 ===============
javamama
2009-07-06, 21:46
I forgot to mention that when I rang Combofix it got hung up at Stage_32A and Stage_41. I went into Task Manager processes and looked for findstr, find, sed or swreg. They were not there. So I just let ComboFix continue. It took about 10 minutes to get through each of those two stages. Total scan time was about 55 minutes.
I'm not sure about my Zone Alarm. As far as I know it should be valid. However, I notice that now when I bring up the Control Center, there is no information in it. It is basically a blank screen. However, it is catching things that are trying to connect to the internet.
Hi,
Do you mean with "Control Center" Windows Security Center or ZoneAlarm's one? Could you please update ZoneAlarm definitions (there should be update function in ZoneAlarm settings)? If that isn't possible then it might be best to reinstall ZoneAlarm since the definitions are outdated and won't serve any purpose.
Please post a fresh dds.txt log after update is done.
I forgot to mention that when I rang Combofix it got hung up at Stage_32A and Stage_41. I went into Task Manager processes and looked for findstr, find, sed or swreg. They were not there. So I just let ComboFix continue. It took about 10 minutes to get through each of those two stages. Total scan time was about 55 minutes.
It takes sometimes more time to run the process thru :)
javamama
2009-07-07, 17:39
The Zone Alarm Control Center was the problem. I am using the free basic firewall from ZoneAlarm. In order to get it working right, I had to uninstall, download the free basic firewall and install it. It's working okay now.
Here is the dds.txt log.
Thanks again for all your help!
DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Owner at 11:32:27.75 on Tue 07/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.127 [GMT -4:00]
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\devel\mysql\bin\mysqld.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\gcd1\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://portal.wowway.com/index.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://register.wildtangent.com/ecomm/predir/pageredirect.asp?prodguid={BDB9CD20-9BAC-4828-B983-A27314A99963}&pagetype=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {a49c65e5-3cca-4fb4-8703-f2cd5da3f5a1} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {B977FE3A-C5CF-4719-A69F-8C5C8A5B482F} - No File
BHO: {cadf13ac-d2cb-471d-be4f-fa4834feb60d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PE2CKFNT SE] c:\program files\ulead systems\ulead photo express 2 se\ChkFont.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - ?p=ZJfox000
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {8B162443-9EC0-4DA9-B2E4-4B49F26C8AD1} - c:\program files\movies extractor scout lite\flashextract.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\l2811m2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\google\google gears\firefox\components\gears_ff2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-7-7 148496]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-7 353672]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-7-7 464264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 mysqlmain;mysqlmain;c:\devel\mysql\bin\mysqld mysqlmain --> c:\devel\mysql\bin\mysqld mysqlmain [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate1c98a22b1dd8258;Google Update Service (gupdate1c98a22b1dd8258);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-4-16 16512]
=============== Created Last 30 ================
2009-07-07 11:29 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MailFrontier
2009-07-07 11:20 260,128 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-07 11:20 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-07 11:15 <DIR> --d----- c:\program files\AskBarDis
2009-07-07 11:12 72,584 a------- c:\windows\zllsputility.exe
2009-07-07 11:12 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-07-07 11:12 350,210 a------- c:\windows\system32\vsconfig.xml
2009-07-05 19:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-05 19:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-04 00:51 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-03 23:08 161,792 a------- c:\windows\SWREG.exe
2009-07-03 23:08 155,136 a------- c:\windows\PEV.exe
2009-07-03 23:08 98,816 a------- c:\windows\sed.exe
2009-07-03 23:04 3,044,558 a----r-- C:\ComboFix.exe
2009-07-01 20:41 <DIR> --d----- C:\REGBACKUP
2009-06-30 19:44 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 14:14 292 a------- c:\windows\vtmb.ini
==================== Find3M ====================
2009-07-07 11:25 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-06-27 20:43 30,798 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2009-06-24 22:44 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-06-08 12:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-18 11:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-14 11:50 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 18:02 81,867 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 18:02 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-04-29 18:02 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-04-29 18:02 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-04-29 18:02 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-04-29 18:02 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-04-29 18:02 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-04-29 18:02 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-01-13 16:52 34 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat
2008-12-02 16:48 1,028,752 a------- c:\program files\Google Updater.exe
2008-11-04 19:26 1,060,074 a------- c:\program files\electricsheep-2.6.6.exe
2007-08-12 02:41 11,303,345 a------- c:\program files\flow_04142006.zip
2007-07-01 22:35 49,673,528 a------- c:\program files\iTunesSetup.exe
2001-05-21 18:11 176 ac------ c:\program files\WMDL.inf
2001-05-21 14:18 147,456 ac------ c:\program files\WMDownload.dll
============= FINISH: 11:33:59.34 ===============
Hi,
By looking the logs, it seems like there's ZoneAlarm Security Suite (trial which will expire) installed and not just the firewall. You need to have antivirus program that stays up-to-date. So, you have two choices a) purchase license for ZoneAlarm Security Suite or b) uninstall ZoneAlarm Security Suite, install ZoneAlarm firewall, don't choose option to use trial and get alternative antivirus program.
Let me know how do you want to proceed.
javamama
2009-07-08, 18:30
I will uninstall ZoneAlarm Security Suite and install ZoneAlarm firewall. Is there an antivirus program you would suggest? At this point it would need to be a free one.
Thanks again.
Hi,
I believe it's time to uninstall ComboFix now:
Click START then RUN
Now type "c:\Combofix.exe" /u in the runbox and click OK
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html) and
AVG Free Antivirus (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition)
javamama
2009-07-09, 18:27
I uninstalled ComboFix. I chose AVG Free Antivirus. Thank you again for your help. You were great!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.