Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows update locks up


  • This topic is locked This topic is locked
7 replies to this topic

#1 da001

da001

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 27 December 2008 - 11:38 AM

Hello, my explorer is freezeing/ locking up wen trying to access windows update, the pop-up windows comes up but then stops (just white page) & must us task manager to close and windows must restart it self. Have done much browsing on this subject to no good, using zonealarm security suit & have scaned using S&D, SUPERAntiSpyware Free Edition, windows malisous software removale tool, hijackthis but nouthing but "low" tracking cookies ever found. did try to install shockwave intenet radio & .net firmware 3.5 but nether would install (don't know why) am not saying that I belive this is where the trouble stems from but its the last problem remmbered.
Thanks for the help & hope all yall have a happy Newyear.

Daniel


DDS (Version 1.1.0) - NTFSx86
Run by daniel at 9:43:22.77 on Sat 12/27/2008
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3315.2170 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\daniel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPWQTOOLBOX] c:\program files\hp\hp deskjet 9800 series\toolbox\HPWQTBX.exe "-i"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: amazon.com
Trusted Zone: amazon.com\www
Trusted Zone: homedepot.com\www
Trusted Zone: walmart.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 ISWKL;ForceField ISWKL;\??\c:\program files\checkpoint\zaforcefield\ISWKL.sys [2008-11-13 17064]
R2 IswSvc;ForceField IswSvc;"c:\program files\checkpoint\zaforcefield\IswSvc.exe" [2008-11-13 375976]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-12-27 809296]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2008-12-27 01:24 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-12-27 01:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-27 01:24 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-12-27 00:35 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 00:15 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-27 00:15 <DIR> --d----- c:\users\daniel\appdata\roaming\HouseCall 6.6
2008-12-27 00:15 <DIR> --d----- c:\windows\system32\HouseCall 6.6
2008-12-26 00:10 <DIR> --d----- C:\f23fe843bdba7d1b987f56
2008-12-25 16:37 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2008-12-25 16:37 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2008-12-25 16:36 <DIR> --d----- c:\users\daniel\appdata\roaming\SUPERAntiSpyware.com
2008-12-25 16:36 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-25 16:35 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-25 12:55 <DIR> --d----- c:\users\daniel\appdata\roaming\Uniblue
2008-12-23 09:36 <DIR> --d----- c:\users\daniel\Windows Media Center
2008-12-17 17:26 <DIR> --d----- c:\program files\Microsoft Money Plus
2008-12-16 17:24 <DIR> --d----- c:\program files\HP
2008-12-13 07:02 <DIR> --d----- c:\windows\pss
2008-12-13 06:05 <DIR> --d----- c:\program files\Microsoft Money
2008-12-12 06:47 <DIR> --d----- c:\programdata\Intuit
2008-12-12 06:47 <DIR> --d----- c:\progra~2\Intuit
2008-12-11 16:33 <DIR> --d----- c:\users\daniel\appdata\roaming\#ISW.FS#
2008-12-11 16:31 <DIR> --d----- c:\users\daniel\appdata\roaming\CheckPoint
2008-12-11 16:31 224 a------- c:\windows\system32\lkfl.dat
2008-12-11 16:31 128 a------- c:\windows\system32\pdfl.dat
2008-12-11 16:31 80 a------- c:\windows\system32\ibfl.dat
2008-12-11 16:31 <DIR> --d----- c:\program files\CheckPoint
2008-12-10 23:34 <DIR> --d----- c:\program files\CCleaner
2008-12-10 15:29 <DIR> --d----- c:\programdata\Gtek
2008-12-10 03:04 2,048 a------- c:\windows\system32\tzres.dll
2008-12-10 00:00 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-10 00:00 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-10 00:00 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-09 23:59 2,927,104 a------- c:\windows\explorer.exe
2008-12-09 23:59 827,392 a------- c:\windows\system32\wininet.dll
2008-12-09 23:59 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-09 23:59 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-09 23:59 94,720 a------- c:\windows\system32\logagent.exe
2008-12-09 15:28 <DIR> --d----- c:\program files\common files\Autodesk Shared
2008-12-09 15:27 <DIR> --d----- c:\programdata\Autodesk
2008-12-09 15:24 <DIR> --d----- c:\program files\Autodesk Revit Building 8.1
2008-12-09 00:43 <DIR> --d----- c:\programdata\Adobe
2008-12-08 23:58 <DIR> --d----- c:\programdata\NOS
2008-12-08 23:32 <DIR> --d----- c:\program files\epson
2008-12-08 23:32 61,952 a------- c:\windows\system32\escwiad.dll
2008-12-08 23:09 <DIR> --d----- c:\program files\ABBYY FineReader 5.0 Sprint
2008-12-08 22:26 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-08 21:12 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-08 21:08 <DIR> --d----- c:\programdata\Microsoft Help
2008-12-08 18:40 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2008-12-08 18:36 <DIR> --d----- c:\windows\PCHEALTH
2008-12-08 08:30 <DIR> --d----- c:\programdata\Yahoo! Companion
2008-12-08 03:12 301,656 a------- c:\windows\system32\BtCoreIf.dll
2008-12-07 22:20 107,580,960 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-07 22:20 21,661,728 a--sh--- c:\windows\system32\drivers\fidbox(83).dat
2008-12-07 22:20 1,017,884 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-07 22:20 283,172 a--sh--- c:\windows\system32\drivers\fidbox(84).idx
2008-12-07 22:04 <DIR> --d----- c:\programdata\MailFrontier
2008-12-07 22:04 170,496 a------- c:\windows\system32\tcpipcfg.dll
2008-12-07 22:04 22,528 a------- c:\windows\system32\netiougc.exe
2008-12-07 22:03 73,104 a------- c:\windows\zllsputility.exe
2008-12-07 22:03 1,221,008 a------- c:\windows\system32\zpeng25.dll
2008-12-07 22:03 <DIR> --d----- c:\program files\Zone Labs
2008-12-07 22:02 349,222 a---h--- c:\windows\system32\drivers\vsconfig.xml
2008-12-07 22:02 349,222 a---h--- c:\windows\system32\drivers\vsconfig(85).xml
2008-12-07 22:02 293,776 a------- c:\windows\system32\drivers\vsdatant.sys
2008-12-07 22:02 <DIR> --d----- c:\windows\system32\ZoneLabs
2008-12-07 22:00 <DIR> --d----- c:\programdata\CheckPoint
2008-12-07 22:00 <DIR> --d----- c:\progra~2\CheckPoint
2008-12-07 21:58 <DIR> --d----- c:\windows\Internet Logs
2008-12-07 21:13 106,605 a------- c:\windows\system32\StructuredQuerySchema.bin
2008-12-07 21:13 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2008-12-07 21:13 11,776 a------- c:\windows\system32\msshooks.dll
2008-12-07 21:13 34,816 a------- c:\windows\system32\msscb.dll
2008-12-07 21:11 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2008-12-07 20:52 <DIR> --d----- c:\program files\Yahoo!
2008-12-07 20:51 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-07 20:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-07 20:45 170,512 a------- c:\windows\system32\kemutb.dll
2008-12-07 20:45 145,936 a------- c:\windows\system32\KemUtil.dll
2008-12-07 20:45 117,264 a------- c:\windows\system32\KemWnd.dll
2008-12-07 20:45 84,496 a------- c:\windows\system32\KemXML.dll
2008-12-07 20:45 <DIR> --d----- c:\programdata\Logitech
2008-12-07 20:45 <DIR> --d----- c:\program files\common files\Logitech
2008-12-07 20:45 <DIR> --dsh--- c:\windows\Installer
2008-12-07 20:44 <DIR> --d----- c:\programdata\LogiShrd
2008-12-07 20:35 1,695,744 a------- c:\windows\system32\gameux.dll
2008-12-07 20:35 428,544 a------- c:\windows\system32\EncDec.dll
2008-12-07 20:35 217,088 a------- c:\windows\system32\psisrndr.ax
2008-12-07 20:35 293,376 a------- c:\windows\system32\psisdecd.dll
2008-12-07 20:35 177,664 a------- c:\windows\system32\mpg2splt.ax
2008-12-07 20:35 80,896 a------- c:\windows\system32\MSNP.ax
2008-12-07 20:35 57,856 a------- c:\windows\system32\MSDvbNP.ax
2008-12-07 20:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-07 20:34 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-07 20:34 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2008-12-07 20:34 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2008-12-07 20:34 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2008-12-07 18:51 920,088 a------- c:\windows\system32\igxpun.exe
2008-12-07 18:51 <DIR> --d----- c:\windows\system32\x64
2008-12-07 18:51 319,456 a------- c:\windows\system32\difxapi.dll
2008-12-07 18:44 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-12-07 18:35 443,392 a------- c:\windows\system32\win32spl.dll
2008-12-07 18:35 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2008-12-07 18:32 <DIR> --d----- C:\PerfLogs
2008-12-07 18:30 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-12-07 18:30 2,032,640 a------- c:\windows\system32\win32k.sys
2008-12-07 18:30 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-12-07 18:26 988,216 a------- c:\windows\system32\winload.exe
2008-12-07 18:26 927,288 a------- c:\windows\system32\winresume.exe
2008-12-07 18:26 19,000 a------- c:\windows\system32\kd1394.dll
2008-12-07 18:26 378,368 a------- c:\windows\system32\srcore.dll
2008-12-07 18:26 318,464 a------- c:\windows\system32\rstrui.exe
2008-12-07 18:26 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-12-07 18:26 615,992 a------- c:\windows\system32\ci.dll
2008-12-07 18:26 14,848 a------- c:\windows\system32\srdelayed.exe
2008-12-07 18:26 40,960 a------- c:\windows\system32\srclient.dll
2008-12-07 18:26 6,656 a------- c:\windows\system32\kbd106n.dll
2008-12-07 18:25 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-12-07 18:24 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-12-07 18:24 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-12-07 18:24 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-12-07 18:23 1,314,816 a------- c:\windows\system32\quartz.dll
2008-12-07 18:22 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-07 18:22 738,304 a------- c:\windows\system32\inetcomm.dll
2008-12-07 18:22 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-12-07 18:22 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-12-07 18:22 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-12-07 17:36 152,576 a------- c:\windows\system32\SPWizUI.dll
2008-12-07 17:36 47,560 a------- c:\windows\system32\SPReview.exe
2008-12-07 17:31 355 a--shr-- C:\Boot.ini.saved
2008-12-07 17:25 193,024 a------- c:\windows\system32\recdisc.exe
2008-12-07 17:25 6,656 a------- c:\windows\system32\sdspres.dll
2008-12-07 17:24 599,552 a------- c:\windows\system32\vsp1cln.exe
2008-12-07 17:24 28,160 a------- c:\windows\system32\sxproxy.dll
2008-12-07 17:24 142,336 a------- c:\windows\system32\spp.dll
2008-12-07 17:22 3,104,768 a------- c:\windows\system32\NlsData0045.dll
2008-12-07 17:21 975,360 a------- c:\windows\system32\RASMM.dll
2008-12-07 17:20 1,224,192 a------- c:\windows\system32\sud.dll
2008-12-07 17:17 44,032 a------- c:\windows\system32\cbsra.exe
2008-12-07 17:15 196,608 a------- c:\windows\SPInstall.etl
2008-12-07 17:06 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-07 15:07 333,203 a--shr-- C:\bootmgr
2008-12-07 15:07 <DIR> --dsh--- C:\Boot
2008-12-07 14:12 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-07 14:11 <DIR> --d----- c:\users\daniel
2008-12-07 14:11 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-07 14:10 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-07 14:10 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-06 17:47 8,192 a--s-r-- C:\BOOTSECT.BAK
2008-12-06 17:16 2 a--shr-- C:\$drvmig$

==================== Find3M ====================

2008-12-08 23:33 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-08 23:33 86,016 a------- c:\windows\inf\infstor.dat
2008-12-08 23:33 51,200 a------- c:\windows\inf\infpub.dat
2008-12-07 19:45 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-07 18:41 174 a--sh--- c:\program files\desktop.ini
2008-12-07 18:16 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-07 18:16 82,432 a------- c:\windows\system32\axaltocm.dll
2008-10-31 21:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 21:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 21:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 21:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 21:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-10 14:46 69,632 a------- c:\windows\KHALMNPR.Exe
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:45:06.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:17 AM

Posted 07 January 2009 - 01:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

This may seem repetitive, but we need to see the current status of your system, please.
Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 da001

da001
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 07 January 2009 - 06:42 PM

Hello & thanks for your time I am responding to your request for more info. Just a note I uninstalled my
ZoneAlarm Security Suite version:8.0.059.000
TrueVector version:8.0.059.000
Driver version:8.0.059.000
and my windows update worked again but my skndisk still didn't not work, I am studying the situation with the zonealalrm now. If you do not see anything out of the ordinary, then I will assume that all problems steaming from zoneallarm, again thanks. Daniel


DDS (Ver_09-01-07.01) - NTFSx86
Run by daniel at 17:26:42.85 on Wed 01/07/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3315.2426 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\daniel\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPWQTOOLBOX] c:\program files\hp\hp deskjet 9800 series\toolbox\HPWQTBX.exe "-i"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: amazon.com
Trusted Zone: amazon.com\www
Trusted Zone: edgesuite.net\walmart.richfx.com
Trusted Zone: filehippo.com\www
Trusted Zone: gamestop.com\www
Trusted Zone: google.com\www
Trusted Zone: homedepot.com\www
Trusted Zone: linksys.com\www
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\windowshelp
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\search
Trusted Zone: tigerdirect.com\www
Trusted Zone: walmart.com
Trusted Zone: xbox.com\www
Trusted Zone: yahoo.com\music
Trusted Zone: yahoo.com\wallet.secure
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
R4 ISWKL;ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2008-11-13 17064]
R4 IswSvc;ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2008-11-13 375976]

=============== Created Last 30 ================

2009-01-04 10:50 13,789,472 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-04 10:50 57,524 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-04 10:46 73,104 a------- c:\windows\zllsputility.exe
2009-01-04 10:45 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-01-04 10:44 349,222 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-01-04 10:44 293,776 a------- c:\windows\system32\drivers\vsdatant.sys
2009-01-04 10:05 11,264 a------- c:\windows\system32\SpOrder.dll
2009-01-04 10:05 <DIR> --d----- c:\program files\Zone Labs
2009-01-01 09:57 <DIR> --dsh--- C:\found.000
2008-12-27 10:16 <DIR> --d----- c:\program files\ieSpell
2008-12-27 01:24 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-12-27 01:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-27 01:24 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-12-27 00:35 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 00:15 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-27 00:15 <DIR> --d----- c:\windows\system32\HouseCall 6.6
2008-12-26 00:10 <DIR> --d----- C:\f23fe843bdba7d1b987f56
2008-12-25 16:37 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2008-12-25 16:37 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2008-12-25 16:36 <DIR> --d----- c:\users\daniel\appdata\roaming\SUPERAntiSpyware.com
2008-12-25 16:36 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-25 12:55 <DIR> --d----- c:\users\daniel\appdata\roaming\Uniblue
2008-12-23 09:36 <DIR> --d----- c:\users\daniel\Windows Media Center
2008-12-17 17:26 <DIR> --d----- c:\program files\Microsoft Money Plus
2008-12-16 17:24 <DIR> --d----- c:\program files\HP
2008-12-13 07:02 <DIR> --d----- c:\windows\pss
2008-12-13 06:05 <DIR> --d----- c:\program files\Microsoft Money
2008-12-12 06:47 <DIR> --d----- c:\programdata\Intuit
2008-12-12 06:47 <DIR> --d----- c:\progra~2\Intuit
2008-12-11 16:33 <DIR> --d----- c:\users\daniel\appdata\roaming\#ISW.FS#
2008-12-11 16:31 <DIR> --d----- c:\users\daniel\appdata\roaming\CheckPoint
2008-12-11 16:31 224 a------- c:\windows\system32\lkfl.dat
2008-12-11 16:31 128 a------- c:\windows\system32\pdfl.dat
2008-12-11 16:31 80 a------- c:\windows\system32\ibfl.dat
2008-12-11 16:31 <DIR> --d----- c:\program files\CheckPoint
2008-12-10 23:34 <DIR> --d----- c:\program files\CCleaner
2008-12-10 15:29 <DIR> --d----- c:\programdata\Gtek
2008-12-10 08:37 135,680 a------- c:\windows\system32\drivers\Rtlh86.sys
2008-12-10 03:04 2,048 a------- c:\windows\system32\tzres.dll
2008-12-10 00:00 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-10 00:00 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-10 00:00 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-09 23:59 2,927,104 a------- c:\windows\explorer.exe
2008-12-09 23:59 827,392 a------- c:\windows\system32\wininet.dll
2008-12-09 23:59 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-09 23:59 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-09 23:59 94,720 a------- c:\windows\system32\logagent.exe
2008-12-09 15:28 <DIR> --d----- c:\program files\common files\Autodesk Shared
2008-12-09 15:27 <DIR> --d----- c:\programdata\Autodesk
2008-12-09 15:24 <DIR> --d----- c:\program files\Autodesk Revit Building 8.1
2008-12-09 00:43 <DIR> --d----- c:\programdata\Adobe
2008-12-08 23:58 <DIR> --d----- c:\programdata\NOS
2008-12-08 23:32 <DIR> --d----- c:\program files\epson
2008-12-08 23:32 61,952 a------- c:\windows\system32\escwiad.dll
2008-12-08 23:09 <DIR> --d----- c:\program files\ABBYY FineReader 5.0 Sprint
2008-12-08 22:26 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-08 21:12 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-08 21:08 <DIR> --d----- c:\programdata\Microsoft Help
2008-12-08 18:40 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2008-12-08 18:36 <DIR> --d----- c:\windows\PCHEALTH

==================== Find3M ====================

2009-01-04 10:45 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-04 10:45 51,200 a------- c:\windows\inf\infpub.dat
2009-01-04 10:44 86,016 a------- c:\windows\inf\infstor.dat
2008-12-13 20:38 21,661,728 a--sh--- c:\windows\system32\drivers\fidbox(83).dat
2008-12-13 17:21 349,222 a---h--- c:\windows\system32\drivers\vsconfig(85).xml
2008-12-13 17:20 283,172 a--sh--- c:\windows\system32\drivers\fidbox(84).idx
2008-12-07 20:51 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-07 20:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-07 19:45 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-07 18:41 174 a--sh--- c:\program files\desktop.ini
2008-12-07 18:16 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-07 18:16 82,432 a------- c:\windows\system32\axaltocm.dll
2008-12-07 17:15 152,576 a------- c:\windows\system32\SPWizUI.dll
2008-12-07 17:15 47,560 a------- c:\windows\system32\SPReview.exe
2008-12-07 14:12 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-07 14:11 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-07 14:10 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-07 14:10 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-02 05:37 10,240 a------- c:\windows\system32\RtNicProp32.dll
2008-11-07 16:38 84,496 a------- c:\windows\system32\KemXML.dll
2008-11-07 16:38 117,264 a------- c:\windows\system32\KemWnd.dll
2008-11-07 16:38 145,936 a------- c:\windows\system32\KemUtil.dll
2008-11-07 16:38 170,512 a------- c:\windows\system32\kemutb.dll
2008-11-07 16:37 301,656 a------- c:\windows\system32\BtCoreIf.dll
2008-10-31 21:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 21:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 21:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 21:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 21:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-21 21:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-20 23:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-10 14:46 69,632 a------- c:\windows\KHALMNPR.Exe
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:27:35.04 ===============

Attached Files



#4 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 08 January 2009 - 02:48 AM

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply, please include:
-The log from Malwarebytes' Anti-Malware.
- A new HijackThis log
Posted Image
Proud member of ASAP since 2007

#5 da001

da001
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 08 January 2009 - 01:43 PM

Hello agian, thanks for the continued help, have added below the requested logs. Daniel

Malwarebytes' Anti-Malware 1.32
Database version: 1631
Windows 6.0.6001 Service Pack 1

1/8/2009 12:32:47 PM
mbam-log-2009-01-08 (12-32-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 119750
Time elapsed: 55 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:47 PM, on 1/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\HP\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: www.amazon.com
O15 - Trusted Zone: http://www.amazon.com
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://walmart.richfx.com.edgesuite.net
O15 - Trusted Zone: http://www.filehippo.com
O15 - Trusted Zone: http://www.gamestop.com
O15 - Trusted Zone: www.homedepot.com
O15 - Trusted Zone: http://www.linksys.com
O15 - Trusted Zone: http://search.msn.com
O15 - Trusted Zone: http://www.tigerdirect.com
O15 - Trusted Zone: *.walmart.com
O15 - Trusted Zone: http://www.xbox.com
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6318 bytes

#6 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 08 January 2009 - 01:52 PM

Hi,

do you still have that problem?
Posted Image
Proud member of ASAP since 2007

#7 da001

da001
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 13 January 2009 - 02:32 PM

Sorry for the long wait on post back, the above did not fix the issue. I was waiting for a reply back from Zone alarm and they posted back a fix which i added below that worked for me, i hope it can help someone else.

Thanks for the help Dan

This fix seems to have fixed these problems for me 1. zonealarm blocked windows update. 2. skndisk would not schedual or work.


Thank you for contacting ZoneAlarm Technical Support.
I understand ZoneAlarm is blocking your Windows Updates and scandisk.

To resolve your issue, I recommend a removal of all ZoneAlarm files and then reinstall. Please see the steps below.

If possible, first try to run the universal uninstaller found at the link below. This tool will remove all ZoneAlarm data from your computer:

http://download.zonealarm.com/bin/free/sup.../cpes_clean.exe

**Remember to SAVE the download to your desktop. DO NOT select RUN or OPEN when downloading.

Then try installing ZoneAlarm again:

http://download.zonealarm.com/bin/free/104..._059_000_en.exe


If this tool fails for any reason, or if you want to ensure that all ZoneAlarm files were removed from the system, continue with the steps below. Please make sure that you have the latest version downloaded from the link above first.

01.) Restart your computer
02.) When you see the screen go black and it starts booting back up keep tapping the "F8" key (at the top of your keyboard)
03.) This should bring up a menu. Choose Safe Mode off the menu by using the arrow keys on the keyboard to highlight Safe Mode and press Enter
04.) If you get a message asking to go to Safe Mode, choose Yes. If you get a help and support window, close this.
05.) Once you are at the desktop, Click Start, Computer
06.) Click Tools, Folder Options, View Tab

NOTE: If you cannot see the menu bar with the Tools menu on it, you have to press the Alt-key on the keyboard and the menu bar should then be visible.

07.) Place a dot next to "Show Hidden Files and Folders"
08.) Remove the check from "Hide Protected Operating System Files (Recommended)"
09.) Choose Yes to the warning
10.) Click OK
11.) Double click C:

Note: In the future steps if you do not see any files or folders, please click the "Show Files" link to view them.

12.) Double Click the Program Files Folder
13.) Right Click the Zone Labs Folder, click Delete, and choose Yes

NOTE: If you cannot delete the entire folder, please open the Zone Labs -> ZoneAlarm folder and delete out as many of the files listed here as possible.

14.) Close this window
15.) Click Start, Computer
16.) Double Click C:
17.) Double Click the Windows Folder
18.) Right Click the Internet Logs Folder, click Delete, and choose Yes
19.) Double Click the System32 Folder
20.) Right Click the Zone Labs Folder, click Delete, and choose Yes

NOTE: If you cannot delete the entire folder, please open the Zone Labs folder and delete out as many of the files listed here as possible.

21.) Locate and delete the following files in the System32 folder if they are present:

- vsconfig.xml
- vsxml.dll
- vsregexp.dll
- vsdata.dll
- vsdata95.vxd
- vsdatant.sys
- vsmonapi.dll
- vspubapi.dll
- vsinit.dll
- vsutil.dll
- vswmi.dll
- zlcommdb.dll
- zlcomm.dll
- zpeng24.dll

22.) Clear your Temp Directory per the instructions below.

- Go to Start -> Run
- Type %temp% and click OK
- Select all of these files and delete them

23.) Clear the Prefetch folder per the instructions below.

- Go to Start -> Run
- Type Prefetch and click OK
- Select all of these files and delete them

NOTE: If you do not have the Run option on the Start menu, you can press and hold the Windows logo key and tap the letter R .

24.) Remove the necessary registry entries:

*Important Advisory: Deleting registry entries incorrectly may cause serious problems to your operating system, which may necessitate the need to reinstall it. Please make sure you are able to perform these deletions correctly before you decide to edit the entries. If you are not sure, you should seek help from someone who is familiar with editing the registry.

For information about how to edit the registry in Windows, from your desktop, click Start -> Run -> and type regedit. Click on Help -> Help Topics. Under the Contents tab, click Change Keys and Values (this may be found under the How to... section).

Also, you should always make a backup of the registry before editing it. You can find this in the same section of the Help files.

To remove the needed registry entries, go to Start -> Run and type in regedit. Choose OK, and use the folders on the left side of the Registry Editor window to navigate to the specified directories below. Note that you will remove the entire folder specified (eg. Zone Labs, vsmon, vsdatant):

HKEY_LOCAL_MACHINE\Software\Zone Labs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant

25.) Close this window, then empty your recycle bin.
26.) Restart the computer.
27.) Try to install the latest version again.

#8 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 19 January 2009 - 12:42 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users