trojan.zlob.g

Hi, I have the Trojan.Zlob.G problem like everyone else! My computer restarted on its own when it first got it. Now I can't use Firefox or IE, it says it has locked search for safety reasons. Even if I choose to browse without security, the browsers would just shut down. I scanned the whole computer using Norton Antivirus and Spyware doctor, but nothing came up under the search. The pop up warning by Security center keeps saying that there is the infection and asks me to (only available clickable button) to Enable Protection, but nothing really happens even after clicking it. Please HELP!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at と 09:41:14, on 2008/12/8
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\SYMANT~1\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\Symantec Client Firewall\SymSPort.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Program Files\Ida\Ida.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Ida] "C:\Program Files\Ida\IdaLaunch.exe" -tray
O4 - HKCU\..\Run: [Ida] "C:\Program Files\Ida\IdaLaunch.exe" -tray
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ㄏノ紇肚癳盿更 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: ㄏノ紇肚癳盿更场硈挡 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=Q306&bd=pavilion&pf=laptop
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179713514481
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour 狝叭 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 狝叭 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Symantec Client Firewall\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\PROGRA~1\SYMANT~1\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Symantec Client Firewall\SymSPort.exe

--
End of file - 15121 bytes

Hello.

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hi, thanks so much for your prompt reply, however, as i started the combofix, it prompted me that I don't have internet access. So i made sure i reconnected to wireless network, pressed ok. And then an error message saying all necessary files wasn't dowloaded, but will process with scanning. Now in the auto scan window, it says it has found the infected folders and has deleted them. Does my problem ends here?

Nope, not yet.
Doesn't matter about the recovery console just yet, we'll see what the report says once it's done.

Please allow it to run undisrupted.

Heres the combo fix report: (Sorry i have the chinese version of windows)

ComboFix 08-12-07.01 - Lucinda 2008-12-08 9:58:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.950.1.1033.18.387 [GMT -5:00]
磅︽竚: c:\documents and settings\Lucinda\Desktop\ComboFix.exe
* Θ承硑穝临翴

猔種 - 硂筿福⊿Τ杆確北 
.

((((((((((((((((((((((((((((((((((((((( 砆埃郎 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucinda\Application Data\Google\kjzna1562565.exe
c:\documents and settings\Lucinda\Local Settings\Application Data\baidu
c:\windows\sosuo.col
c:\windows\system32\BDGuard.DAT
c:\windows\system32\BDGuardS.DAT
c:\windows\system32\iexp_log.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( 2008-11-08  2008-12-08 穝郎 )))))))))))))))))))))))))))))))
.

2008-12-08 09:40 . 2008-12-08 09:40 d-------- c:\program files\Trend Micro
2008-12-08 09:39 . 2008-12-08 09:39 d-------- c:\documents and settings\Lucinda\Application Data\WinBatch
2008-12-08 09:04 . 2008-12-08 09:04 d-------- c:\documents and settings\Administrator
2008-12-08 08:33 . 2008-12-08 08:33 d-------- c:\program files\Ida
2008-12-08 08:33 . 2008-12-08 09:40 d-------- c:\documents and settings\Lucinda\Application Data\Ida
2008-12-08 08:32 . 2008-12-08 08:32 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-06 15:57 . 2008-12-06 18:36 d-------- c:\program files\TTPlayer
2008-11-12 10:47 . 2008-12-07 19:07 28 --a------ c:\windows\funshionplugin2.INI
2008-11-12 10:41 . 2008-06-20 06:51 361,600 --a------ c:\windows\system32\drivers\tcpip.sys.original-fs
2008-11-12 10:41 . 2008-06-20 06:51 361,600 --a------ c:\windows\system32\drivers\tcpip.sys.do
2008-11-12 10:40 . 2008-11-12 10:40 d-------- c:\program files\Funshion Online
2008-11-12 10:40 . 2008-11-12 10:49 d-------- c:\documents and settings\Lucinda\funshion
2008-11-11 23:26 . 2008-11-11 23:26 d-------- c:\program files\MSXML 4.0
2008-11-11 20:40 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 20:40 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( るず砆э郎 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 10:41 --------- d-----w c:\program files\Norton Security Scan
2008-12-06 01:05 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-26 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-24 18:58 --------- d-----w c:\program files\Chuzzle Deluxe
2008-11-23 22:49 --------- d-----w c:\program files\Sonic
2008-11-23 22:48 --------- d-----w c:\program files\Tudou
2008-11-23 22:43 --------- d-----w c:\program files\Rainlendar2
2008-11-23 22:43 --------- d-----w c:\program files\KaraFun
2008-11-23 22:42 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-11 21:12 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-27 22:00 --------- d-----w c:\documents and settings\Lucinda\Application Data\uTorrent
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 23:29 --------- d-----w c:\program files\Overture 4.0 羉砰いゅ
2008-10-22 23:12 --------- d-----w c:\program files\VSTPlugins
2008-10-22 23:12 --------- d-----w c:\documents and settings\Lucinda\Application Data\Geniesoft
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2007-10-22 19:55 62,256 ----a-w c:\documents and settings\Lucinda\Application Data\GDIPFONTCACHEV1.DAT
2005-05-13 09:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 03:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 13:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-07 11:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 04:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 07:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 14:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-24 16:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-11-07 03:13 952 --sha-w c:\windows\system32\KGyGaAvL.sys
2006-04-27 02:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 05:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 16:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( 璶祅翴 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*猔種* フ籔猭祅魁盢ぃ穦砆陪ボ
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Ida"="c:\program files\Ida\IdaLaunch.exe" [2008-12-03 36512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-02-16 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-10 1187840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"imekrmig"="c:\ime\IMKR\imekrmig.exe" [2001-01-08 44544]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-09 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-03-17 124656]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-30 122941]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SDTray"="c:\program files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 1053264]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-03-23 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2006-08-27 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.SEDG"= mcs_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Lucinda\\Desktop\\desktop\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5938:TCP"= 5938:TCP:Foxy (192.168.0.137:5938) 5938 TCP
"5938:UDP"= 5938:UDP:Foxy (192.168.0.137:5938) 5938 UDP

R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-08-19 708688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
S3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys []
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\DRIVERS\LVCE.sys [2006-12-16 44032]
S3 SavRoam;SAVRoam;"c:\progra~1\SYMANT~1\Symantec AntiVirus\SavRoam.exe" [2006-03-17 115952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{229d33b3-bbc9-11dd-a81f-0016d303c55d}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6211a3fe-4cd1-11db-8a02-0016d303c55d}]
\Shell\AutoRun\command - explorer.exe www.iwantitall.ca"" target="_blank" rel="nofollow">http://"www.iwantitall.ca"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c2e90cd-b085-11db-a4e6-0016d303c55d}]
\Shell\AutoRun\command - explorer.exe www.iwantitall.ca"" target="_blank" rel="nofollow">http://"www.iwantitall.ca"

*Newly Created Service* - PROCEXP90
.
ˉ璸购ヴ叭ˇ ゅンЖ 柑ず甧

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-05 c:\windows\Tasks\Norton(TM) Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 09:42]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-Smax4 - c:\documents and settings\Lucinda\Application Data\Google\kjzna1562565.exe


.
------- τ苯磞 -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ㄏノ紇肚癳盿更 - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: ㄏノ紇肚癳盿更场硈挡 - c:\program files\Xi\NetTransport 2\NTAddList.html
FireFox -: Profile - c:\documents and settings\Lucinda\Application Data\Mozilla\Firefox\Profiles\qqwtd68i.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com.hk
FF -: plugin - c:\progra~1\MOZILL~1\plugins\np32dsw.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npbittorrent.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npdivx32.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npLegitCheckPlugin.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\NPOFF12.DLL
FF -: plugin - c:\progra~1\MOZILL~1\plugins\nppl3260.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\nprjplug.dll
FF -: plugin - c:\progra~1\MOZILL~1\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 10:02:25
Windows 5.1.2600 Service Pack 3 NTFS

苯磞砆留旅秈祘 ...

苯磞砆留旅币笆舱

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ??@??????????????@? ???H\????????@??????@

苯磞砆留旅ゅン

苯磞ЧΘ
砆留旅郎: 0

**************************************************************************
.
ЧΘ丁: 2008-12-08 10:04:27
ComboFix-quarantined-files.txt 2008-12-08 15:03:44

Pre-Run: 5,689,143,296 bytes free
Post-Run: 5,893,337,088 bytes free

243 --- E O F --- 2008-11-12 04:30:51

Hello.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6211a3fe-4cd1-11db-8a02-0016d303c55d}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c2e90cd-b085-11db-a4e6-0016d303c55d}]
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Please download Flash_Disinfector from HERE

• First, download it to your desktop.
  
• Now double click it to run it and will tell it you what to do when you open it.
  
• It will temporarily kill explorer.exe and your desktop will go blank.
  
• Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  
• It will make a dummy autorun.inf in the root of every drive.
  
• You can now delete Flash_Disinfector.exe.
  

What problems remain?

Thanks! I can finally use my web browsers again. Just one problem, when I looked in the combo fix report, some of the characters that you couldn't have been able to read says that my compter does not have recovery console. Should that worry be or should i just leave it?

No problem, I see the same report almost every day, eventually you can guess what they say.

Alright. Thanks again! I really appreciated your help

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  
• Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.