here is my "HijackThis" Tell me if anything looks suspicious

That trusted zone was created through Zone Alarm i think

Do you think i should modify zone alarm in some way to change the trusted zone configuration? or find myself a different firewall program. The thing is i don't want this problem again in the future and i've been thinking of switching programs for a while. Zone alarm has too many program prompts in my opinion.

There are a few different choices for firewalls I can provide, but I want to see a DDS log first to make sure everything looks okay.

sure i'll run DDS now

ok here is the DDS Log file

-----------------


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 21:34:49.12 on Fri 02/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.382 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = www.google.com
uSearch Bar =
mWindow Title = internet explorer
uSearchAssistant = www.msn.com
uCustomizeSearch = www.msn.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [IMJPMIG8.1] c:\winnt\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\winnt\ime\imkr6_1\IMEKRMIG.EXE
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &AOL Toolbar search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
DPF: Microsoft XML Parser for Java
DPF: {1D0D9077-3798-49BB-9058-393499174D5D}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\zreqny3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.getrichslowly.org/blog/2008/07/02/how-to-open-multiple-accounts-at-ing-direct/|http://lifehacker.com
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\zreqny3k.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\zreqny3k.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\zreqny3k.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2008-12-2 148496]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2007-7-31 353680]
R2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
R3 scrcap;scrcap;c:\winnt\system32\drivers\scrcap.sys [2006-9-27 9006]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\winnt\system32\drivers\usbscan.sys [2007-2-11 15104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-8 33752]
S3 iscFlash;iscFlash;\??\c:\winnt\system32\drivers\iscflash.sys --> c:\winnt\system32\drivers\iscflash.sys [?]

=============== Created Last 30 ================

2009-02-26 22:23 54,156 a---h--- c:\winnt\QTFont.qfn
2009-02-26 22:23 1,409 a------- c:\winnt\QTFont.for
2009-02-21 14:17 -cd----- C:\Sandbox
2009-02-21 14:15 1,670 a------- c:\winnt\Sandboxie.ini
2009-02-21 14:14 --d----- c:\program files\Sandboxie
2009-02-20 19:44 361,600 a------- c:\winnt\system32\drivers\TCPIP.SYS.ORIGINAL
2009-02-20 18:39 --d----- c:\program files\GRETECH
2009-02-20 09:15 --d----- c:\program files\Uniblue
2009-02-20 09:15 --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-02-20 09:12 -cd-h--- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-02-17 21:25 410,984 a------- c:\winnt\system32\deploytk.dll
2009-02-16 23:07 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-16 23:07 15,504 a------- c:\winnt\system32\drivers\mbam.sys
2009-02-16 23:07 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-02-16 23:07 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 23:07 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-10 18:42 1,642,496 a------- c:\winnt\system32\ChilkatMail_v7_9.dll
2009-02-10 18:42 1,085,440 a------- c:\winnt\system32\ChilkatSocket.dll
2009-02-10 18:42 659,456 a------- c:\winnt\system32\ChilkatCharset.dll
2009-02-10 18:42 569,344 a------- c:\winnt\system32\CkString.dll
2009-02-10 18:42 1,294,336 a------- c:\winnt\system32\ChilkatXml.dll
2009-02-10 18:42 1,122,304 a------- c:\winnt\system32\ChilkatHttp.dll
2009-02-08 21:50 --d----- c:\program files\TubeSpinner.com
2009-02-08 20:10 --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2009-02-08 20:07 --d----- c:\program files\GlobalSCAPE
2009-02-06 18:00 --d----- c:\documents and settings\all users\Micro Niche Finder
2009-02-06 18:00 --d----- c:\docume~1\alluse~1\applic~1\Micro Niche Finder
2009-02-06 17:59 --d----- c:\program files\Micro Niche Finder
2009-02-06 00:03 685,056 a------- c:\winnt\is-7V1E1.exe
2009-02-06 00:03 10,498 a------- c:\winnt\is-7V1E1.msg
2009-02-06 00:03 804 a------- c:\winnt\is-7V1E1.lst
2009-02-05 22:10 765,736 a------- c:\winnt\system32\MSWORD.OLB
2009-02-05 22:10 --d----- c:\program files\SENuke
2009-02-05 21:59 64,000 a------- c:\winnt\system32\wiaaut.oca
2009-02-05 21:59 547,840 a------- c:\winnt\system32\wiaaut.dll
2009-02-05 21:59 102,400 a------- c:\winnt\system32\DinkITXPUIMenus.ocx
2009-02-05 21:59 65,536 a------- c:\winnt\system32\EnhSliderOcx.ocx
2009-01-30 21:19 --d-h--- c:\winnt\PIF
2009-01-28 21:59 389,120 -------- c:\winnt\system32\fpres632.dll
2009-01-28 21:59 385,024 -------- c:\winnt\system32\fpmon6.dll

==================== Find3M ====================

2009-02-27 21:35 220,589,856 a--sh--- c:\winnt\system32\drivers\fidbox.dat
2009-02-27 00:28 2,945,768 a--sh--- c:\winnt\system32\drivers\fidbox.idx
2009-02-21 20:27 361,600 a------- c:\winnt\system32\drivers\TCPIP.SYS
2009-02-06 00:36 147,728 a------- c:\winnt\system32\asycfilt.dll.tmp
2008-12-25 16:24 4,212 a---hr-- c:\winnt\system32\zllictbl.dat
2008-12-14 23:14 82,312 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2003-03-28 15:00 30,573 ac------ c:\program files\servers-original.ini
2001-06-20 15:19 40,960 ac------ c:\program files\ACMonitor_X83.exe
2001-01-07 21:49 2,012 ac------ c:\program files\readme multiproxy.txt
2004-10-08 18:01 56 -c-shr-- c:\winnt\system32\D159613D6A.sys
2006-05-03 04:06 163,328 -c-shr-- c:\winnt\system32\flvDX.dll
2007-02-21 05:47 31,232 -c-shr-- c:\winnt\system32\msfDX.dll
2007-04-17 14:59 1,392,628 -c-sh--- c:\winnt\system32\pqstv.bak2
2007-04-27 21:12 1,419,309 -c-sh--- c:\winnt\system32\pqstv.ini2
2009-02-27 21:36 220,593,440 a--sh--- c:\winnt\system32\drivers\fidbox.dat

============= FINISH: 21:39:08.92 ===============

Hello.
Guess I was right about the vundo, two leftover files from it.
Run this quick bat file, other than this, the log looks fine.

Now open a new notepad file.
Input this into the notepad file:

@echo off
attrib -h -s
del c:\winnt\system32\pqstv.bak2
attrib -h -s
del c:\winnt\system32\pqstv.ini2
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Finally, some good free firewalls are Kerio, or Outpost
A tutorial on understanding and using firewalls may be found here.

Remember, if you switch firewalls, uninstall Zonealarm, otherwise it wil conflict with whichever firewall you have chosen.
===

I'm off to bed now, cya soon.

I'll take a look at those shortly.

As for my friends computer to be on the safe side should i do a DDS log after i run that fix.reg file? You didn't mention it in your last post in that thread.

thanks

Here is the DDs again i believe the files still exist.

I also noticed as i was running the fix.bat file i almost didn't catch it but it said"could not find.." or something like that. Any way here is the log


-----------------\\

your
DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 21:52:07.08 on Fri 02/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.413 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = www.google.com
uSearch Bar =
mWindow Title = internet explorer
uSearchAssistant = www.msn.com
uCustomizeSearch = www.msn.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [IMJPMIG8.1] c:\winnt\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\winnt\ime\imkr6_1\IMEKRMIG.EXE
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &AOL Toolbar search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
DPF: Microsoft XML Parser for Java
DPF: {1D0D9077-3798-49BB-9058-393499174D5D}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\zreqny3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.getrichslowly.org/blog/2008/07/02/how-to-open-multiple-accounts-at-ing-direct/|http://lifehacker.com
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\zreqny3k.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\zreqny3k.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\zreqny3k.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2008-12-2 148496]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2007-7-31 353680]
R2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
R3 scrcap;scrcap;c:\winnt\system32\drivers\scrcap.sys [2006-9-27 9006]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\winnt\system32\drivers\usbscan.sys [2007-2-11 15104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-8 33752]
S3 iscFlash;iscFlash;\??\c:\winnt\system32\drivers\iscflash.sys --> c:\winnt\system32\drivers\iscflash.sys [?]

=============== Created Last 30 ================

2009-02-26 22:23 54,156 a---h--- c:\winnt\QTFont.qfn
2009-02-26 22:23 1,409 a------- c:\winnt\QTFont.for
2009-02-21 14:17 -cd----- C:\Sandbox
2009-02-21 14:15 1,670 a------- c:\winnt\Sandboxie.ini
2009-02-21 14:14 --d----- c:\program files\Sandboxie
2009-02-20 19:44 361,600 a------- c:\winnt\system32\drivers\TCPIP.SYS.ORIGINAL
2009-02-20 18:39 --d----- c:\program files\GRETECH
2009-02-20 09:15 --d----- c:\program files\Uniblue
2009-02-20 09:15 --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-02-20 09:12 -cd-h--- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-02-17 21:25 410,984 a------- c:\winnt\system32\deploytk.dll
2009-02-16 23:07 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-16 23:07 15,504 a------- c:\winnt\system32\drivers\mbam.sys
2009-02-16 23:07 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-02-16 23:07 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 23:07 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-10 18:42 1,642,496 a------- c:\winnt\system32\ChilkatMail_v7_9.dll
2009-02-10 18:42 1,085,440 a------- c:\winnt\system32\ChilkatSocket.dll
2009-02-10 18:42 659,456 a------- c:\winnt\system32\ChilkatCharset.dll
2009-02-10 18:42 569,344 a------- c:\winnt\system32\CkString.dll
2009-02-10 18:42 1,294,336 a------- c:\winnt\system32\ChilkatXml.dll
2009-02-10 18:42 1,122,304 a------- c:\winnt\system32\ChilkatHttp.dll
2009-02-08 21:50 --d----- c:\program files\TubeSpinner.com
2009-02-08 20:10 --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2009-02-08 20:07 --d----- c:\program files\GlobalSCAPE
2009-02-06 18:00 --d----- c:\documents and settings\all users\Micro Niche Finder
2009-02-06 18:00 --d----- c:\docume~1\alluse~1\applic~1\Micro Niche Finder
2009-02-06 17:59 --d----- c:\program files\Micro Niche Finder
2009-02-06 00:03 685,056 a------- c:\winnt\is-7V1E1.exe
2009-02-06 00:03 10,498 a------- c:\winnt\is-7V1E1.msg
2009-02-06 00:03 804 a------- c:\winnt\is-7V1E1.lst
2009-02-05 22:10 765,736 a------- c:\winnt\system32\MSWORD.OLB
2009-02-05 22:10 --d----- c:\program files\SENuke
2009-02-05 21:59 64,000 a------- c:\winnt\system32\wiaaut.oca
2009-02-05 21:59 547,840 a------- c:\winnt\system32\wiaaut.dll
2009-02-05 21:59 102,400 a------- c:\winnt\system32\DinkITXPUIMenus.ocx
2009-02-05 21:59 65,536 a------- c:\winnt\system32\EnhSliderOcx.ocx
2009-01-30 21:19 --d-h--- c:\winnt\PIF
2009-01-28 21:59 389,120 -------- c:\winnt\system32\fpres632.dll
2009-01-28 21:59 385,024 -------- c:\winnt\system32\fpmon6.dll

==================== Find3M ====================

2009-02-27 21:52 220,622,112 a--sh--- c:\winnt\system32\drivers\fidbox.dat
2009-02-27 00:28 2,945,768 a--sh--- c:\winnt\system32\drivers\fidbox.idx
2009-02-21 20:27 361,600 a------- c:\winnt\system32\drivers\TCPIP.SYS
2009-02-06 00:36 147,728 a------- c:\winnt\system32\asycfilt.dll.tmp
2008-12-25 16:24 4,212 a---hr-- c:\winnt\system32\zllictbl.dat
2008-12-14 23:14 82,312 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2003-03-28 15:00 30,573 ac------ c:\program files\servers-original.ini
2001-06-20 15:19 40,960 ac------ c:\program files\ACMonitor_X83.exe
2001-01-07 21:49 2,012 ac------ c:\program files\readme multiproxy.txt
2004-10-08 18:01 56 -c-shr-- c:\winnt\system32\D159613D6A.sys
2006-05-03 04:06 163,328 -c-shr-- c:\winnt\system32\flvDX.dll
2007-02-21 05:47 31,232 -c-shr-- c:\winnt\system32\msfDX.dll
2007-04-17 14:59 1,392,628 -c-sh--- c:\winnt\system32\pqstv.bak2
2007-04-27 21:12 1,419,309 -c-sh--- c:\winnt\system32\pqstv.ini2

============= FINISH: 21:54:50.42 ===============

May be Zone alarm is interfering ?

Hello.
Maybe it is, maybe it's my scripting.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\winnt\system32\pqstv.bak2
  c:\winnt\system32\pqstv.ini2
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

I will try OTMove i'll let you know the results soon.

Here is the Otmovie it log

looks like it's fine
it says move where are they moved to?
-----------------

========== FILES ==========
c:\winnt\system32\pqstv.bak2 moved successfully.
c:\winnt\system32\pqstv.ini2 moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02282009_212826

Yep.
How's the machine running now?

Looks good. There are a few things i want to mention though:

All the below i noticed happened while virus was on computer whether or not it was due to the virus i don't know. I haven't shut down my computer after the virus was cleaned though.

1. when i shut down sometimes it hangs at the windows is shutting down screen forever like for 10 minutes and up

2. When i log on to my computer even though i uninstall regcure there is still a reminder dialog screen, and also whenever the computer starts Zonealarm asks me if i want to let program access internet. Of course i always say Deny. But i don't know what's causing that.

3 Also sometimes out the blue like today there is a sound like when i connect my USB device to my computer. But my usb was not connected and i was not downloading anything so i don't know where that sound is coming from maybe something is downloading without my knowledge?

Thanks you, i would appreciate it if you have any answers to the above questions.

1. Could just be general lag.
2. The regcure could be a leftover something, maybe it's a job file, maybe a leftover run value.
3. See if the sound happens more than once, if it happens just the once today, ignore it.

I get random problems too, for example today: windows updates changed my keyboard language from UK to US.

Yes to #3 that has happened before not just today. Maybe 3 or 4 times before today.


Although i've never had windows update do that to me before i can see that happening

Yeah, stupid thing. Sometimes M$ just don't think things through.

Anyway, off to bed.

Yeah later thanks again!