TechSpot

Hotmail hacked - sent emails to every contact

By ConchitaInOz
Dec 3, 2010
  1. Hi guys,
    When I checked my email today I found out I had sent emails to every contact on my list. Yesterday my PC was not even on! I did however use my husbands to check it and today did a scan on this pc, here are the results, we found hijacks...

    running xp pro w/ZoneAlarm...


    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5235

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/12/2010 1:46:26 PM
    mbam-log-2010-12-03 (13-46-26).txt

    Scan type: Quick scan
    Objects scanned: 140753
    Time elapsed: 10 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 3
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ------------------
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-03 18:08:52
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-4 TOSHIBA_MK1032GAX rev.AB211A
    Running: qp4jmsby.exe; Driver: C:\DOCUME~1\Rod\LOCALS~1\Temp\kgeyypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF6FD2542]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xF6FD2DBA]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF6E7C2EC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xF6FD3DCC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF6E758CC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF6E970E6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xF6FD3CA4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF6FD2148]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF6E7CABE]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF6E90F82]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF6E913AA]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF6E9B83C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF6FD3EFE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF6FD5784]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xF6FD2A58]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF6E7CC1C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF6FD5176]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF6E7678E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF6E98B8E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF6E98484]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF6FD3524]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF6E8FD66]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xF6FD1E80]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF6FD1F2A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xF6FD3330]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver [0xF6FD5208]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF6E99558]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF6E99796]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xF6E9BBF8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF6FD2076]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xF6FD3E6E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF6E76280]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenKey [0xF6FD1592]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xF6FD3D3C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF6E9349A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xF6FD57AE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF6FD3FA0]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF6E93088]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xF6FD1FD4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF6FD1BFC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xF6FD5B50]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xF6FD184C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xF6FD549E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF6E9A61E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF6E99F12]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xF6FD432A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF6FD41F0]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF6E7BE84]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF6E9B07E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xF6FD6028]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xF6FD11FE]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF6E7C5B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xF6FD2C76]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF6E76B98]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xF6FD486C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF6E9ABA6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF6FD5C90]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF6E97BA8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xF6FD5D74]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xF6FD5E9C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF6E920A6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF6E91DD6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xF6FD280E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF6FD5A06]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF6FD2998]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [BE, CA, E7, F6, 82, 0F, E9, ...]
    .text ntoskrnl.exe!_abnormal_termination + 114 804E2780 16 Bytes JMP 7D8D267B
    .text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 8 Bytes JMP 7D834CB7
    .text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [08, 52, FD, F6, 58, 95, E9, ...]
    .text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes JMP 69ED3CB3
    .text ...
    ? hfbmcp.sys The system cannot find the file specified. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F6E5B1F2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F6E8150E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F6E7FABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F6E81B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6E81364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Rod at 18:09:11.80 on Fri 03/12/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.575.286 [GMT 11:00]

    AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\atievxx.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Rod\Desktop\PC Malware & Cleaning\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page =
    uSearch Bar =
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mSearch Page = hxxp://www.google.com.au/
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant =
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    uRun: [EPSON T50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffp.exe /fu "c:\windows\temp\E_S67.tmp" /EF "HKCU"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-11-24 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-24 317072]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-24 528128]
    R3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\essm2e.sys [2007-7-28 137088]
    R3 netflx3;Compaq NetFlex-3/Netelligent Adapter Driver;c:\windows\system32\drivers\NetFlx3.sys [2007-7-29 65278]
    S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-21 30192]
    S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-8-29 582424]

    =============== Created Last 30 ================

    2010-11-24 00:50:22 0 d-----w- c:\docume~1\rod\applic~1\MailFrontier
    2010-11-24 00:42:21 72704 ----a-w- c:\windows\zllsputility.exe
    2010-11-24 00:42:16 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
    2010-11-24 00:41:05 1238528 ----a-w- c:\windows\system32\zpeng25.dll
    2010-11-24 00:40:58 421394 ----a-w- c:\windows\system32\vsconfig.xml
    2010-11-24 00:40:55 0 d-----w- c:\program files\Zone Labs
    2010-11-24 00:35:30 0 d-----w- c:\windows\Internet Logs

    ==================== Find3M ====================

    2010-12-03 01:39:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2010-11-29 06:42:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 06:42:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2007-07-27 23:36:38 266 --sh--w- c:\program files\desktop.ini
    2007-07-27 23:36:38 11079 ---ha-w- c:\program files\folder.htt
    2008-09-03 07:22:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

    ============= FINISH: 18:09:52.57 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/07/2007 12:35:54 AM
    System Uptime: 12/03/2010 1:49:22 PM (6389 hours ago)

    Motherboard: Compaq | | 0538
    Processor: Intel Pentium III processor | J1 | 995/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 93 GiB total, 76.389 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP812: 5/09/2010 1:10:59 PM - System Checkpoint
    RP813: 6/09/2010 2:08:56 PM - System Checkpoint
    RP814: 7/09/2010 7:03:50 PM - System Checkpoint
    RP815: 8/09/2010 6:08:30 PM - Software Distribution Service 3.0
    RP816: 9/09/2010 6:08:51 PM - System Checkpoint
    RP817: 10/09/2010 6:58:48 PM - System Checkpoint
    RP818: 11/09/2010 7:15:39 PM - System Checkpoint
    RP819: 12/09/2010 7:57:57 PM - System Checkpoint
    RP820: 13/09/2010 8:23:48 PM - System Checkpoint
    RP821: 14/09/2010 9:15:36 PM - System Checkpoint
    RP822: 15/09/2010 1:01:47 PM - Software Distribution Service 3.0
    RP823: 16/09/2010 7:10:02 PM - System Checkpoint
    RP824: 17/09/2010 8:15:28 PM - System Checkpoint
    RP825: 18/09/2010 10:45:58 PM - System Checkpoint
    RP826: 21/09/2010 6:38:21 PM - System Checkpoint
    RP827: 22/09/2010 7:27:10 PM - System Checkpoint
    RP828: 23/09/2010 11:42:56 PM - System Checkpoint
    RP829: 25/09/2010 6:51:06 PM - System Checkpoint
    RP830: 26/09/2010 7:03:50 PM - System Checkpoint
    RP831: 27/09/2010 7:38:55 PM - System Checkpoint
    RP832: 28/09/2010 8:15:10 PM - System Checkpoint
    RP833: 29/09/2010 12:27:49 PM - Software Distribution Service 3.0
    RP834: 30/09/2010 1:22:55 PM - System Checkpoint
    RP835: 1/10/2010 2:18:53 PM - System Checkpoint
    RP836: 3/10/2010 1:39:05 PM - System Checkpoint
    RP837: 4/10/2010 2:07:15 PM - System Checkpoint
    RP838: 5/10/2010 2:41:26 PM - System Checkpoint
    RP839: 6/10/2010 3:25:01 PM - System Checkpoint
    RP840: 7/10/2010 9:07:53 PM - System Checkpoint
    RP841: 28/10/2010 10:59:50 AM - Software Distribution Service 3.0
    RP842: 29/10/2010 12:48:38 PM - System Checkpoint
    RP843: 30/10/2010 5:26:34 PM - System Checkpoint
    RP844: 31/10/2010 6:16:20 PM - System Checkpoint
    RP845: 1/11/2010 6:42:04 PM - System Checkpoint
    RP846: 2/11/2010 7:24:31 PM - System Checkpoint
    RP847: 3/11/2010 8:17:17 PM - System Checkpoint
    RP848: 4/11/2010 8:40:08 PM - System Checkpoint
    RP849: 5/11/2010 8:42:04 PM - System Checkpoint
    RP850: 6/11/2010 9:01:13 PM - System Checkpoint
    RP851: 7/11/2010 11:33:48 PM - System Checkpoint
    RP852: 9/11/2010 12:26:19 PM - System Checkpoint
    RP853: 11/11/2010 8:45:56 AM - Software Distribution Service 3.0
    RP854: 12/11/2010 11:29:17 PM - System Checkpoint
    RP855: 13/11/2010 11:40:01 PM - System Checkpoint
    RP856: 15/11/2010 12:29:46 AM - System Checkpoint
    RP857: 16/11/2010 12:44:56 PM - System Checkpoint
    RP858: 17/11/2010 1:02:19 PM - System Checkpoint
    RP859: 18/11/2010 11:15:15 PM - System Checkpoint
    RP860: 20/11/2010 7:12:38 PM - System Checkpoint
    RP861: 22/11/2010 11:48:17 AM - System Checkpoint
    RP862: 24/11/2010 10:24:24 AM - System Checkpoint
    RP863: 26/11/2010 10:25:35 PM - System Checkpoint
    RP864: 27/11/2010 11:03:04 PM - System Checkpoint
    RP865: 29/11/2010 10:31:18 AM - System Checkpoint
    RP866: 30/11/2010 1:03:47 PM - System Checkpoint
    RP867: 1/12/2010 9:45:55 PM - System Checkpoint
    RP868: 2/12/2010 10:35:18 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.2.5
    BufferChm
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    e-tax 2010
    Epson Easy Photo Print 2
    Epson Print CD
    Epson Stylus Photo P50_T50 Manual
    EPSON T50 Series Printer Uninstall
    eSupportQFolder
    Final Media Player 2010
    FullDPAppQFolder
    Google Desktop
    Hi-Speed USB 2.0 Flash Disk Utility
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Imaging Device Functions 7.0
    HP Photosmart Essential
    HP Photosmart Premier Software 6.5
    HP Scanjet G4000 series 8.0
    HP Solution Center 7.0
    hpG4000
    hpg4000QFolder
    HPProductAssistant
    InstantShareDevices
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Media Content
    Microsoft Office XP Professional
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MYOB ODBC Direct v9 AUS
    MYOB Password Recovery v1.0j (remove only)
    MYOB Premier v12.5
    OCR Software by I.R.I.S 8.0
    PanoStandAlone
    PhotoGallery
    RandMap
    RegCure
    Scan
    ScannerCopy
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SkinsHP1
    SlideShow
    SolutionCenter
    Sonic_PrimoSDK
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC 9.0 Runtime
    WebFldrs XP
    WebReg
    Windows Driver Package - Hewlett-Packard Image (03/27/2007 8.3.0.0)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    XoftSpySE
    ZoneAlarm Security Suite

    ==== Event Viewer Messages From Past Week ========

    3/12/2010 2:02:54 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    29/11/2010 9:57:08 AM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
    29/11/2010 9:57:08 AM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
    29/11/2010 4:30:25 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00508B701218 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    29/11/2010 10:00:07 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
    1/12/2010 11:17:43 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================

    Any help would be really appreciated, don't know why but lately we are having a lot of probs. Don't know if it may be that ZoneAlarm has gone downhill quickly or if something else is going on.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The malware writers are getting more knowledgeable about getting their trash passed onboard security! And if the security isn't updated, the malware can easily slip in.

    Going by what Mbam found, it appears that the malware has prevented the usual program from opening with some file extensions, opening instead with their program. You can fix some of this:


    Helpmeopen is a "search site" for finding file extensions , but it also redirects to other sites like filecure -
    These may not actually be 100% Malware , but they are redirect (and the only word I can find is) scam sites wanting cash to open files -

    It's possible that this might have been pre-checked on a site where you downloaded a program> we advise everyone to check the download page carefully for these and uncheck them.

    Click on the Control Panel> Folder Options> File Types tab> after the file type list finishes, scroll down to and click on XML Documents The correct program for this is Internet Explorer, > choose Internet Explorer from the list that appears> OK> Apply> OK

    Once the system is rid of this, I'll have you reset the Defaults.

    Because you email has been breached, you will need to close that account and if you open a new one, use a different password.

    Please run the following in the order I have them- there are entries that will need to be removed:

    Run Eset NOD32 Online AntiVirus scan
    HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =====================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============
    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Closed due to lack of activity.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...