Keep getting reinfected - Zone Alarm Pro gets compromised

[pupski]

Hi, I wonder if you could help. For the past few weeks my computer has kept getting reinfected.
The first I know of it is when Zone Alarm Pro's Privacy 'Sites' list resets itself - then the
computers slows down and takes ages when it reboot.

I run updated versions of Zone Alarm Pro, AntiVir, Spybot Search & Destroy and KH Blocker and scan
regularly.

Two days ago the same thing happened - AntiVir picked this up:

C: Windows\windows\system32\zonelabs\zlqrtdb.dat
contains signature of the dropper DR/OLE.HiddenEXE.Gen

The infections are different each time.

Yesterday I updated all security programs, uninstalled Zone Alarm Pro, scanned with AntiVir and then TrendMicro & Bitdefender online scanners.
I scanned with Spybot and installed and then ran CC Cleaner, CounterSpy and Ad-aware as per your site and others. I did a MS Live Security Scan too.
The only Windows update I haven't done is IE 7.

I don't know if there is still a problem, since I keep getting reinfected. I hope from, the included HJT log, if you can see if there is any issue not
dealt with that keeps causing my computer these recurring issues. If you need more info, I also have Spybot S&D log and runfiles.txt and newfiles.txt
if they would be of help.

Thanks in advance for all your help, here's the HJT log file. Installed HJT in C:\hijackthis and renamed the exe file to Analyze.exe.


Logfile of HijackThis v1.99.1
Scan saved at 14:51:47, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EPSON\ESM2\eEBAgent.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\slserv.exe
G:\SMART Board Software\SMARTBoardService.exe
G:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
G:\Maxtor\Maxtor Quick Start\maxbackservice.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
G:\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\Karl Hunter\KH Blocker\khb.exe
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WF2K.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
G:\Adobe\Distillr\Acrotray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
G:\PowerDVD\PDVDServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Razer\razerofa.exe
G:\Adobe\Acrobat\acrobat_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\hijackthis\Analyze.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.as...2.00010100.2.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - G:\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MaxBackSchedule] G:\Maxtor\Maxtor Quick Start\maxbackservice.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] G:\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [KH Blocker] C:\Program Files\Karl Hunter\KH Blocker\khb.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] G:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "G:\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [RemoteControl] G:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCShowBuzz] G:\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [SkypeClient] "G:\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: SMART Board Tools.lnk = G:\SMART Board Software\SMARTBoardTools.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?e24e327abcf546698459c140c8d29910
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?e24e327abcf546698459c140c8d29910
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://J:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41A74C1D-A0AE-4E2F-8574-0017018EC1DC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0442FA2-877E-4EF0-9E45-5AD2834D90A1}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F15D44-B0D9-4560-B511-88F32506C5D7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{41A74C1D-A0AE-4E2F-8574-0017018EC1DC}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - G:\SMART Board Software\SMARTBoardService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

[pupski]

*Bump*

[pupski]

* bumpity bump* -can anyone help?

since no-one has been able to look at it, I did some stuff myself, got rid of eudora and antivir and installed thunderbird and avast. Found a few more viruses, but there are still things like 'new program' trying to get through to the internet.

Heres an updated HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 01:00:16, on 15/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EPSON\ESM2\eEBAgent.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
G:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
G:\Maxtor\Maxtor Quick Start\maxbackservice.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
G:\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\rundll32.exe
G:\Adobe\Distillr\Acrotray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
G:\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
G:\SMART Board Software\Aware.exe
G:\SMART Board Software\Marker.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Executive Software\Diskeeper\DfrgFat.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\Program Files\Executive Software\Diskeeper\DfrgFat.exe
C:\Program Files\Executive Software\Diskeeper\DfrgFat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Executive Software\Diskeeper\DfrgFat.exe
C:\hijackthis\Analyze.exe
C:\Program Files\Sunbelt Software\CounterSpy\Counterspy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.as...2.00010100.2.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - G:\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MaxBackSchedule] G:\Maxtor\Maxtor Quick Start\maxbackservice.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] G:\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [KH Blocker] C:\Program Files\Karl Hunter\KH Blocker\khb.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] G:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "G:\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [RemoteControl] G:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCShowBuzz] G:\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [SkypeClient] "G:\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://G:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?e24e327abcf546698459c140c8d29910
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?e24e327abcf546698459c140c8d29910
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - G:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://J:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41A74C1D-A0AE-4E2F-8574-0017018EC1DC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0442FA2-877E-4EF0-9E45-5AD2834D90A1}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F15D44-B0D9-4560-B511-88F32506C5D7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{41A74C1D-A0AE-4E2F-8574-0017018EC1DC}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - G:\SMART Board Software\SMARTBoardService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

[pupski]

bumpity bump bump (6th day)

[LonnyRJones]

Hi pupski

Quote:

Two days ago the same thing happened - AntiVir picked this up:
C: Windows\windows\system32\zonelabs\zlqrtdb.dat
contains signature of the dropper DR/OLE.HiddenEXE.Gen
The infections are different each time.

False detection, Tell antivir to ignore it or better yet exclude that paticular file if it has the option.

Was that the only problem ?

Your suns jave needs to be updated
"Java Runtime Environment (JRE) 5.0 Update 7" http://java.sun.com/j2se/1.5.0/download.jsp

[pupski]

Hi LonnyRJones

Thank you VERY much for checking my log and replying to my post. Good to know that was a false detection.

My recent issues have always seemed to start with Zone Alarm resetting all sites in the privacy section - I seem to be finding viruses every day though. I scan with the resident antivirus program, and with Bitdefender and trend or someother online scanner till it's clean, then next day I find something new. I was wondering if there might be something causing a vunerability that would show up on my HJT log.

I do see things like, when going to Bitdefender to do a scan, it won't do so and Zone Alarm's privacy advisor says I have blocked java, mime, cookies, etc even though I haven't for that site. When I click ZA's privacy advisor it highlights privacy status for OTHER sites like
a248.e.akamai.net which I have never visited (it comes back even if I remove it from ZA'a privacy sitelist window).

I don't know if those are associated sites or redirections - I never used to get this kind of thing, but I am now. It might be a very simple and innocent thing, but since I'm not an expert on the intricacies of security I would appreciate it if you could tell me if it's a problem or not!

If not, I'll just have to check my general vunerabilities and see if there are any other loopholes I have forgotten to close. If there's no other issues to be seen, I'll see how it goes!

Thanks again LonnyRJones!

Pupski

[LonnyRJones]

Hi
Your log look's fine
Perhaps antivir deleteing that file coused ZA's odd behaivior
Im not very familur with za pro but it is common to see akamai.net mentioned at even safe site's
i believe they are advertizments/cookies.

Good to here you get suplimental online scan, great idea.

[pupski]

Hi LonnyRJones

Thank you for the info - good to know everything is ok scan-wise.

Thanks again for your time and effort with my computer issues - very grateful for your help.

Yours

Pupski

[LonnyRJones]

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let me know via a PM (personal message).