Inactive Hotmail hacked - sent emails to every contact

[ConchitaInOz]

Hi guys,
When I checked my email today I found out I had sent emails to every contact on my list. Yesterday my PC was not even on! I did however use my husbands to check it and today did a scan on this pc, here are the results, we found hijacks...

running xp pro w/ZoneAlarm...


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5235

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/12/2010 1:46:26 PM
mbam-log-2010-12-03 (13-46-26).txt

Scan type: Quick scan
Objects scanned: 140753
Time elapsed: 10 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-03 18:08:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-4 TOSHIBA_MK1032GAX rev.AB211A
Running: qp4jmsby.exe; Driver: C:\DOCUME~1\Rod\LOCALS~1\Temp\kgeyypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF6FD2542]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xF6FD2DBA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF6E7C2EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xF6FD3DCC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF6E758CC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF6E970E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xF6FD3CA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF6FD2148]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF6E7CABE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF6E90F82]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF6E913AA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF6E9B83C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF6FD3EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF6FD5784]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xF6FD2A58]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF6E7CC1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF6FD5176]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF6E7678E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF6E98B8E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF6E98484]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF6FD3524]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF6E8FD66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xF6FD1E80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF6FD1F2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xF6FD3330]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver [0xF6FD5208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF6E99558]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF6E99796]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xF6E9BBF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF6FD2076]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xF6FD3E6E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF6E76280]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenKey [0xF6FD1592]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xF6FD3D3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF6E9349A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xF6FD57AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF6FD3FA0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF6E93088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xF6FD1FD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF6FD1BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xF6FD5B50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xF6FD184C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xF6FD549E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF6E9A61E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF6E99F12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xF6FD432A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF6FD41F0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF6E7BE84]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF6E9B07E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xF6FD6028]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xF6FD11FE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF6E7C5B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xF6FD2C76]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF6E76B98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xF6FD486C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF6E9ABA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF6FD5C90]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF6E97BA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xF6FD5D74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xF6FD5E9C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF6E920A6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF6E91DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xF6FD280E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF6FD5A06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF6FD2998]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [BE, CA, E7, F6, 82, 0F, E9, ...]
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 16 Bytes JMP 7D8D267B
.text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 8 Bytes JMP 7D834CB7
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [08, 52, FD, F6, 58, 95, E9, ...]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes JMP 69ED3CB3
.text ...
? hfbmcp.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F6E5B1F2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rod at 18:09:11.80 on Fri 03/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.575.286 [GMT 11:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Rod\Desktop\PC Malware & Cleaning\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Page = hxxp://www.google.com.au/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
uRun: [EPSON T50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffp.exe /fu "c:\windows\temp\E_S67.tmp" /EF "HKCU"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-11-24 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-24 317072]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-24 528128]
R3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\essm2e.sys [2007-7-28 137088]
R3 netflx3;Compaq NetFlex-3/Netelligent Adapter Driver;c:\windows\system32\drivers\NetFlx3.sys [2007-7-29 65278]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-21 30192]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-8-29 582424]

=============== Created Last 30 ================

2010-11-24 00:50:22 0 d-----w- c:\docume~1\rod\applic~1\MailFrontier
2010-11-24 00:42:21 72704 ----a-w- c:\windows\zllsputility.exe
2010-11-24 00:42:16 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-11-24 00:41:05 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-11-24 00:40:58 421394 ----a-w- c:\windows\system32\vsconfig.xml
2010-11-24 00:40:55 0 d-----w- c:\program files\Zone Labs
2010-11-24 00:35:30 0 d-----w- c:\windows\Internet Logs

==================== Find3M ====================

2010-12-03 01:39:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-11-29 06:42:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 06:42:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 01:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2007-07-27 23:36:38 266 --sh--w- c:\program files\desktop.ini
2007-07-27 23:36:38 11079 ---ha-w- c:\program files\folder.htt
2008-09-03 07:22:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 18:09:52.57 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28/07/2007 12:35:54 AM
System Uptime: 12/03/2010 1:49:22 PM (6389 hours ago)

Motherboard: Compaq | | 0538
Processor: Intel Pentium III processor | J1 | 995/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 76.389 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP812: 5/09/2010 1:10:59 PM - System Checkpoint
RP813: 6/09/2010 2:08:56 PM - System Checkpoint
RP814: 7/09/2010 7:03:50 PM - System Checkpoint
RP815: 8/09/2010 6:08:30 PM - Software Distribution Service 3.0
RP816: 9/09/2010 6:08:51 PM - System Checkpoint
RP817: 10/09/2010 6:58:48 PM - System Checkpoint
RP818: 11/09/2010 7:15:39 PM - System Checkpoint
RP819: 12/09/2010 7:57:57 PM - System Checkpoint
RP820: 13/09/2010 8:23:48 PM - System Checkpoint
RP821: 14/09/2010 9:15:36 PM - System Checkpoint
RP822: 15/09/2010 1:01:47 PM - Software Distribution Service 3.0
RP823: 16/09/2010 7:10:02 PM - System Checkpoint
RP824: 17/09/2010 8:15:28 PM - System Checkpoint
RP825: 18/09/2010 10:45:58 PM - System Checkpoint
RP826: 21/09/2010 6:38:21 PM - System Checkpoint
RP827: 22/09/2010 7:27:10 PM - System Checkpoint
RP828: 23/09/2010 11:42:56 PM - System Checkpoint
RP829: 25/09/2010 6:51:06 PM - System Checkpoint
RP830: 26/09/2010 7:03:50 PM - System Checkpoint
RP831: 27/09/2010 7:38:55 PM - System Checkpoint
RP832: 28/09/2010 8:15:10 PM - System Checkpoint
RP833: 29/09/2010 12:27:49 PM - Software Distribution Service 3.0
RP834: 30/09/2010 1:22:55 PM - System Checkpoint
RP835: 1/10/2010 2:18:53 PM - System Checkpoint
RP836: 3/10/2010 1:39:05 PM - System Checkpoint
RP837: 4/10/2010 2:07:15 PM - System Checkpoint
RP838: 5/10/2010 2:41:26 PM - System Checkpoint
RP839: 6/10/2010 3:25:01 PM - System Checkpoint
RP840: 7/10/2010 9:07:53 PM - System Checkpoint
RP841: 28/10/2010 10:59:50 AM - Software Distribution Service 3.0
RP842: 29/10/2010 12:48:38 PM - System Checkpoint
RP843: 30/10/2010 5:26:34 PM - System Checkpoint
RP844: 31/10/2010 6:16:20 PM - System Checkpoint
RP845: 1/11/2010 6:42:04 PM - System Checkpoint
RP846: 2/11/2010 7:24:31 PM - System Checkpoint
RP847: 3/11/2010 8:17:17 PM - System Checkpoint
RP848: 4/11/2010 8:40:08 PM - System Checkpoint
RP849: 5/11/2010 8:42:04 PM - System Checkpoint
RP850: 6/11/2010 9:01:13 PM - System Checkpoint
RP851: 7/11/2010 11:33:48 PM - System Checkpoint
RP852: 9/11/2010 12:26:19 PM - System Checkpoint
RP853: 11/11/2010 8:45:56 AM - Software Distribution Service 3.0
RP854: 12/11/2010 11:29:17 PM - System Checkpoint
RP855: 13/11/2010 11:40:01 PM - System Checkpoint
RP856: 15/11/2010 12:29:46 AM - System Checkpoint
RP857: 16/11/2010 12:44:56 PM - System Checkpoint
RP858: 17/11/2010 1:02:19 PM - System Checkpoint
RP859: 18/11/2010 11:15:15 PM - System Checkpoint
RP860: 20/11/2010 7:12:38 PM - System Checkpoint
RP861: 22/11/2010 11:48:17 AM - System Checkpoint
RP862: 24/11/2010 10:24:24 AM - System Checkpoint
RP863: 26/11/2010 10:25:35 PM - System Checkpoint
RP864: 27/11/2010 11:03:04 PM - System Checkpoint
RP865: 29/11/2010 10:31:18 AM - System Checkpoint
RP866: 30/11/2010 1:03:47 PM - System Checkpoint
RP867: 1/12/2010 9:45:55 PM - System Checkpoint
RP868: 2/12/2010 10:35:18 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
BufferChm
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
e-tax 2010
Epson Easy Photo Print 2
Epson Print CD
Epson Stylus Photo P50_T50 Manual
EPSON T50 Series Printer Uninstall
eSupportQFolder
Final Media Player 2010
FullDPAppQFolder
Google Desktop
Hi-Speed USB 2.0 Flash Disk Utility
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Scanjet G4000 series 8.0
HP Solution Center 7.0
hpG4000
hpg4000QFolder
HPProductAssistant
InstantShareDevices
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MYOB ODBC Direct v9 AUS
MYOB Password Recovery v1.0j (remove only)
MYOB Premier v12.5
OCR Software by I.R.I.S 8.0
PanoStandAlone
PhotoGallery
RandMap
RegCure
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
SlideShow
SolutionCenter
Sonic_PrimoSDK
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
WebFldrs XP
WebReg
Windows Driver Package - Hewlett-Packard Image (03/27/2007 8.3.0.0)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XoftSpySE
ZoneAlarm Security Suite

==== Event Viewer Messages From Past Week ========

3/12/2010 2:02:54 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
29/11/2010 9:57:08 AM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
29/11/2010 9:57:08 AM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
29/11/2010 4:30:25 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00508B701218 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
29/11/2010 10:00:07 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
1/12/2010 11:17:43 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

Any help would be really appreciated, don't know why but lately we are having a lot of probs. Don't know if it may be that ZoneAlarm has gone downhill quickly or if something else is going on.

 

[Bobbye]

The malware writers are getting more knowledgeable about getting their trash passed onboard security! And if the security isn't updated, the malware can easily slip in.

Going by what Mbam found, it appears that the malware has prevented the usual program from opening with some file extensions, opening instead with their program. You can fix some of this:

is a redirect site to [url="hxxpwww.filecure.com/lp/download/"]

Helpmeopen is a "search site" for finding file extensions , but it also redirects to other sites like filecure -
These may not actually be 100% Malware , but they are redirect (and the only word I can find is) scam sites wanting cash to open files -

It's possible that this might have been pre-checked on a site where you downloaded a program> we advise everyone to check the download page carefully for these and uncheck them.

Click on the Control Panel> Folder Options> File Types tab> after the file type list finishes, scroll down to and click on XML Documents The correct program for this is Internet Explorer, > choose Internet Explorer from the list that appears> OK> Apply> OK

Once the system is rid of this, I'll have you reset the Defaults.

Because you email has been breached, you will need to close that account and if you open a new one, use a different password.

Please run the following in the order I have them- there are entries that will need to be removed:

Run Eset NOD32 Online AntiVirus scan [URL="http://www.eset.eu/online-scanner"]HERE

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=====================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===============
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[Bobbye]

Closed due to lack of activity.