Gemma

Ok, my pc would not restart or shutdown so I cut the power (I know this isn't the best thing to do) but I waited a few minutes & booted up again. I followed the instructions as soon as the pc had loaded and Combofix worked, rebooting my pc as part of the process. Below is the log. After rebooting my ZoneAlarm software has started up again with a popup saying "Suspicious Behaviour Handle viewer is trying to install a driver and gain full access to OS" I have the option to allow or deny. When I select more information it says the application: H:\ComboFix\handle.3XE What should I do?

Hi Maniac, I followed the instructions at bleepingcomputer and ran combofix. I started the program 4 1/2 hours ago and it is still showing the first screen cap - "scanning for infected files". There were no instructions on what to do if if freezes so I tried to exit the software and then my pc froze for about 10 minutes. The combofix box is still onscreen but I have connected to the internet to post this message. What should I do now? Thanks again for your help, Gemma

Hi Maniac, just a few things - when I disabled Teatimer.exe I didn't get a pop up asking me to confirm the change however after rebooting I checked and the boxes remained unchecked so I then reset the file as advised by you. Also when I tried to follow step 2 MBAM would not open so I rebooted in safe mode with networking and was able to update however under the protection tab it said my PC was unprotected. I tried ticking the box to protect but it just gave me the following message: [startService] Failed to perform desired action. Error Code: 1084. I ran the quick scan in safe mode and it worked. I then rebooted normally and tried opening MBAM. It worked this time so I also ran a scan and I have included both scan results below. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8192 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 19/11/2011 6:07:48 PM mbam-log-2011-11-19 (18-07-48).txt Scan type: Quick scan Objects scanned: 207498 Time elapsed: 2 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8192 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 19/11/2011 8:22:28 PM mbam-log-2011-11-19 (20-22-28).txt Scan type: Quick scan Objects scanned: 208792 Time elapsed: 4 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17103 (vista_gdr.110816-1000) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f8c9279cb670004abf3dc74c32052c3c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-19 12:00:12 # local_time=2011-11-19 11:00:12 (+1000, AUS Eastern Daylight Time) # country="Australia" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16776533 100 13 31945 339394 0 0 # scanned=99293 # found=3 # cleaned=3 # scan_time=7573 M:\itunes music\Madonna\Hard Candy\08 Madonna - Beat Goes On [Ft. Kanye West].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C M:\itunes music\Rihanna\Disturbia [Remixes] (Promo CDM)\08-rihanna-disturbia__craig_cs_disturbstramental_mix_.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C M:\itunes music\Timbaland\Remix & Soundtrack Collection\15 Ice Box (Remix) feat Omarion, Usher, Fabolous & Busta Rhymes.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:59:42 AM, on 20/11/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17103) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\SUPERAntiSpyware\SASCORE.EXE H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\RTHDCPL.EXE H:\Program Files\HP\HP Software Update\HPWuSchd2.exe H:\Program Files\DivX\DivX Update\DivXUpdate.exe H:\Program Files\iTunes\iTunesHelper.exe H:\WINDOWS\system32\RunDLL32.exe H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe H:\Program Files\CheckPoint\ZoneAlarm\zatray.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\iPod\bin\iPodService.exe H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe H:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe H:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.76.23.165:80 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file) O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "H:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [ZoneAlarm] "H:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1645522239-1993962763-839522115-1008\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281791927703 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - H:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - H:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- End of file - 8744 bytes

Hi Maniac! Thank you so much for offering to help - I do really appreciate it! I followed all steps provided and below are the aswMBR log and the Add or Remove Programs list. When I ran aswMBR.exe my ZoneAlarm warned me that avast! was trying to get access to system processes. I allowed it and then a box appeared asking if I wanted to download and scan with avast! free antivirus software. You hadn't mentioned this as a step to do so I clicked no. I hope that was ok. aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-18 20:42:31 ----------------------------- 20:42:31.500 OS Version: Windows 5.1.2600 Service Pack 3 20:42:31.500 Number of processors: 4 586 0x1707 20:42:31.500 ComputerName: TONKA UserName: Gemma 20:43:41.109 Initialize success 20:44:18.875 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 20:44:18.875 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3 20:44:18.875 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19 20:44:18.875 Disk 1 Vendor: WDC_WD10EARS-00MVWB0 50.0AB50 Size: 953869MB BusType: 3 20:44:18.875 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS b8391f26 20:44:22.890 Disk 6 MBR read successfully 20:44:22.890 Disk 6 MBR scan 20:44:22.890 Disk 6 Windows XP default MBR code 20:44:22.890 Disk 6 MBR hidden 20:44:22.921 Disk 6 scanning H:\WINDOWS\system32\drivers 20:44:30.890 Service scanning 20:44:31.906 Modules scanning 20:44:34.234 Disk 6 trace - called modules: 20:44:34.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll 20:44:34.234 1 nt!IofCallDriver -> \Device\Harddisk6\DR8[0x8a1bd170] 20:44:34.234 Scan finished successfully 20:45:13.046 Disk 6 MBR has been saved successfully to "H:\Documents and Settings\Gemma\Desktop\MBR.dat" 20:45:13.046 The log file has been saved successfully to "H:\Documents and Settings\Gemma\Desktop\aswMBR.txt" AC3Filter 1.63b Adobe Reader 9.4.4 Adobe Shockwave Player 11.5 Alt.Binz 0.25.0 Apple Application Support Apple Mobile Device Support Apple Software Update AUSkey software 1.4.0.3 AUSkey software 1.4.0.6 Bonjour Common-Use Signing Interface Compatibility Pack for the 2007 Office system CutePDF Writer 2.8 Direct WAV MP3 Splitter version 2.6.0.21 DivX Setup DVD Flick 1.3.0.7 e-tax 2010 e-tax 2011 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Document Viewer 5.3 HP Extended Capabilities 5.3 HP Image Zone 5.3 HP Image Zone Express HP Imaging Device Functions 5.3 HP Product Assistant HP PSC & OfficeJet 5.3.A HP Solution Center & Imaging Support Tools 5.3 HP Update InstantShareAlert iTunes Malwarebytes' Anti-Malware version 1.51.2.1300 Medieval CUE Splitter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MYOB AccountRight Plus v19 MYOB BusinessBasics v1 MYOB ODBC Direct v10 AUS NVIDIA Display Control Panel NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA ForceWare Network Access Manager NVIDIA Graphics Driver 275.33 NVIDIA nView 135.85 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA Update 1.3.5 oggcodecs 0.71.0946 PC Connectivity Solution QuickTime Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Spybot - Search & Destroy SUPERAntiSpyware Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.4053 Windows Easy Transfer for Windows 7 Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver XP Codec Pack Xvid 1.1.3 final uninstall ZoneAlarm Antivirus ZoneAlarm Firewall ZoneAlarm Internet Security Suite ZoneAlarm Security

Hi I've noticed my PC running slow for the last few weeks and there are alot (30+) processes listed as running in task manager but I haven't been able to find the problem until now (I think). I run Windows XP Home Edition with SP3. I use ZoneAlarm Internet Security Suite and Malwarebytes PRO (I upgraded to this about a week ago) and Spybot. Running a deep scan 2 weeks ago ZoneAlarm found Trojan.Downloader.WMA.Wimad.N which was quarantined and I deleted. Malwarebytes runs sometimes, sometimes it updates, sometimes it doesn't. Spybot doesn't find anything. I also installed Super AntiSpyware and it has only found some tracking cookies. I tried to run dds.scr but can't. I have been looking through the registry entries and I found HKEY_CLASSES_ROOT\vbRad.TrayIcon. When googled I found it is a memorywatcher but I don't know how to get rid of it. Please help! Gemma Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:18:38 PM, on 17/11/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17103) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\SUPERAntiSpyware\SASCORE.EXE H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\HPZipm12.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\RTHDCPL.EXE H:\Program Files\HP\HP Software Update\HPWuSchd2.exe H:\Program Files\DivX\DivX Update\DivXUpdate.exe H:\Program Files\iTunes\iTunesHelper.exe H:\WINDOWS\system32\RunDLL32.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe H:\Program Files\iPod\bin\iPodService.exe H:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Program Files\CheckPoint\ZoneAlarm\zatray.exe H:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe H:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe H:\WINDOWS\system32\taskmgr.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe H:\WINDOWS\system32\msiexec.exe H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.76.23.165:80 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file) O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "H:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [ZoneAlarm] "H:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1645522239-1993962763-839522115-1008\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281791927703 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - H:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - H:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- End of file - 9229 bytes