?? Infected

[Buzza]

My machine is suffering from a bug of some sort that won't allow my Zone Alarm Security Suite to run, won't allow regedit to run, won't allow hijackthis to run, etc, etc. The apps start but stop after a brief glimpse of their startup window

I have run Spybot and it revealed a number of potential issues. the ones that seemed to be important were Microsoft.WindowsSecurityCenter_disabled, Microsoft.Windows.RedirectedHosts. these are removed but come back. The internet explorer homepage was also changed

I have attached a log file after downloading and running ComboFix

Can anyone help?

 

[cybertech]

Hi, Welcome to TSG!!


Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

[cybertech]

"Hannah" - 2007-07-13 23:44:37 - ComboFix 07-07-13.8 - Service Pack 2 FAT32


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\celebrity_news.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\celebrity_search.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\Games\images\active\Games0.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\Movies\images\active\Movies0.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware358\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\CelebrityNews\CelebrityNewsOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\CelebrityNews\CelebrityNewsOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\CelebritySearch\CelebritySearchOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\CelebritySearch\CelebritySearchOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Configurator\Configurator.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Configurator\Configurator.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Games\GamesOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Games\GamesOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Layouts\PitchLayout.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Layouts\PitchLayout.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Layouts\PreferencesLayout.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Layouts\PreferencesLayout.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Layouts\ToolbarLayout.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Manager\ManagerOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Movies\MoviesOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Movies\MoviesOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\SearchMatch\SearchMatchOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\SearchMatch\SearchMatchOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\Hannah\APPLIC~1\Starware358\TravelSearch\TravelSearchOptions.xml.backup


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-13 23:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 23:32 <DIR> d-------- C:\VundoFix Backups
2007-07-13 22:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-13 07:47 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-07-13 07:47 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-13 07:47 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-13 00:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-12 22:59 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-12 20:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-10 20:10 <DIR> d--hs---- C:\WINDOWS\system32\lzkhbxqz


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-12 21:48:08 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 12:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 12:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-09 13:48 2120768 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-10-10 23:26 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 C:\WINDOWS\KHALMNPR.Exe]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 16:50]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 16:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 09:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"lsass"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-30 15:25]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-12 12:45]
"lsass"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1
"NoAdminPage"=1


Contents of the 'Scheduled Tasks' folder
2007-07-04 01:48:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-13 12:55:02 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-07-13 10:52:32 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 23:47:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 23:48:06
C:\ComboFix-quarantined-files.txt ... 2007-07-13 23:48

--- E O F ---