pie_man

Hi,

Asus A6 Laptop, XP sp3, zone alarm extreme security, spybot.

A few days ago zonealarm shut down while I was online, I noticed it and started it up again straight away. A day later my laptop wouldnt boot up (it got to the desktop and hung with a blank background, no icons) after 3 or 4 attempts it started very slowly and zonealarm was popping up warnings for a few minutes - it seemed to be asking for permission to run anything and everything. I uninstalled zone alarm and reinstalled it, brought it upto date and then ran a full scan - it shows no errors. I also ran a Kaspersky online scan (with zonealarm and spybot running) and it returned no errors.

The PC seems to be running ok, although zonealarm takes forever to scan (4 hours plus last time) and it doesnt seem to find any problems - not even tracking cookies like it used to.

After zonealarm going haywire I would like to make sure nothing is lurking on my PC.. any help you can give would be appreciated.

Thanks


DDS (Ver_09-05-14.01) - FAT32x86
Run by Neil at 14:37:43.01 on 19/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.197 [GMT 1:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Documents and Settings\Neil\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.virgin.net/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MRC] "c:\program files\pc tune-up\PCTuneUp.exe" /MBRSTART
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON SX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiede.exe /fu "c:\windows\temp\E_SE7.tmp" /EF "HKCU"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ABLKSR] c:\windows\ablksr\ABLKSR.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\virgin net broadband\Dragdiag.exe" /icon
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [ZAFFRegisterTrustChecker] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustChecker.dll"
dRunOnce: [ZAFFRegisterTrustCheckerIE] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll"
StartupFolder: c:\docume~1\neil\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asusch~1.lnk - c:\program files\asus\asus chkmail\ChkMail.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234817030740
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://sa-vpn.tele2.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neil\applic~1\mozilla\firefox\profiles\pqknjje2.default\
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-5-16 150544]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-16 353672]
R2 ISWKL;ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-2-12 21136]
R2 IswSvc;ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-2-12 394632]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-2-12 54928]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [2008-8-23 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-8-23 8278]

=============== Created Last 30 ================

2009-05-16 19:24 <DIR> --d----- c:\docume~1\neil\applic~1\#ISW.FS#
2009-05-16 19:24 <DIR> --d----- c:\docume~1\neil\applic~1\MailFrontier
2009-05-16 19:21 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-16 19:21 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-16 19:18 72,584 a------- c:\windows\zllsputility.exe
2009-05-16 19:17 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-05-16 19:17 351,218 a------- c:\windows\system32\vsconfig.xml
2009-05-16 18:42 <DIR> --dsh--- C:\FOUND.011
2009-05-11 15:59 <DIR> --d----- c:\program files\common files\EZB Systems
2009-05-11 15:59 <DIR> --d----- c:\program files\UltraISO
2009-05-11 13:19 <DIR> --dsh--- c:\documents and settings\neil\IECompatCache
2009-05-10 19:34 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-05-10 19:34 <DIR> --d----- c:\program files\LSoft Technologies Inc
2009-05-08 21:14 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-05-08 21:12 <DIR> --d--r-- c:\program files\Skype
2009-05-01 07:51 <DIR> --dsh--- c:\documents and settings\neil\PrivacIE
2009-05-01 07:46 <DIR> --dsh--- c:\documents and settings\neil\IETldCache
2009-05-01 07:38 <DIR> --d----- c:\windows\ie8updates
2009-05-01 07:34 <DIR> --d-h--- c:\windows\ie8
2009-05-01 07:33 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-01 07:30 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-04-21 08:58 <DIR> --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-04-21 08:54 8,192 a------- c:\windows\system32\E_DCINST.DLL
2009-04-21 08:54 86,528 a------- c:\windows\system32\E_FLBEDE.DLL
2009-04-21 08:54 78,848 a------- c:\windows\system32\E_FD4BEDE.DLL
2009-04-21 08:54 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-21 08:54 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2009-04-21 08:54 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-21 08:54 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-04-21 08:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-04-21 08:52 71,680 a------- c:\windows\system32\escwiad.dll
2009-04-21 08:51 <DIR> --d----- c:\program files\epson
2009-04-21 08:51 25 a------- c:\windows\CDESX100DEFGIPS.ini

==================== Find3M ====================

2009-05-16 19:43 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-07 15:20 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 15:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-02-20 19:09 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

============= FINISH: 14:39:10.70 ===============

Attached Files

attach.zip (4.3 KB, 2 views)

pie_man

BUMP, please