Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Problems with multiple windows and cdnfastlick.net

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Mon Mar 19, 2012 12:28 pm    Post subject: Problems with multiple windows and cdnfastlick.net Reply with quote

Hello all, first time user here. Let's see if I get this right the second time around.

I suppose I went wandering where I shouldn't have wandered and I seem to have picked up a hitchhiker.

I have been experiencing problems with my IE 9 opening two windows when I first open it. Both open to my home page.

I will also occasionally get a pop up block from cdnfastclick.net which I don't click on but it keeps showing up on different websites.

I am operating on Vista. I run Zone Alarm.

I have installed all critical updates from Vista and run an updated Windows Defender. I have run Malwarebytes, Spybot, and Adaware. None come up with any issues.

My daily quick scans of Symantec didn't show anything, but when I did a full scan it picked up several things which I deleted.

Still experiencing issues. I have reached the end of my limited computer know how taught by an ex so I'm coming here for help.

I have downloaded Hijackthis and have a logfile if that helps.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Sabrina at 14:59:47 on 2012-03-18
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.682 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\lxcycoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Tue Mar 20, 2012 10:07 pm    Post subject: Reply with quote

Hello stanthehorse Smile,

Welcome to Spyware Warrior. I am Jack&Jill, and I will be helping you out.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click on Watch this topic for replies at the lower left corner at the end of the page. You will receive an email as soon as replies are posted.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Guidelines and Forum Rules of Conduct.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly Smile . We may begin.

--------------------

Your DDS log is cut off. Please post the complete logs, DDS.txt and Attach.txt. You may post them in separate replies.
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Wed Mar 21, 2012 2:07 am    Post subject: Reply with quote

Thanks so much.

DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Sabrina at 14:59:47 on 2012-03-18
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.682 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\lxcycoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{24C25C37-5DB4-4487-80F4-0B198FAD4C8A} : DhcpNameServer = 192.168.1.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-17 64512]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-4-3 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-6 20376]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-14 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-6 106104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-4-3 112128]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-18 18:45:22 388096 ----a-r- c:\users\sabrina\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-18 18:45:21 -------- d-----w- c:\program files\Trend Micro
2012-03-18 02:47:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-18 02:42:39 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-18 02:42:28 -------- d-----w- c:\program files\Lavasoft
2012-03-17 19:55:20 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-17 19:55:20 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-17 19:55:20 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 19:55:19 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 19:55:19 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-17 19:55:03 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-17 19:55:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 19:55:02 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 19:54:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-17 19:54:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-17 12:33:47 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{711622fb-7a5c-4b4b-bd40-2f5bcda07cea}\mpengine.dll
2012-03-07 22:08:35 -------- d-----w- c:\program files\common files\Software Update Utility
2012-02-18 22:36:29 -------- d-----w- c:\users\sabrina\appdata\local\Vivitar Experience Image Manager
2012-02-18 22:36:22 -------- d-----w- c:\programdata\Vivitar
2012-02-18 22:35:50 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-18 22:35:49 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2012-02-18 22:35:48 -------- d-----w- c:\program files\ffdshow
2012-02-18 22:35:08 -------- d-----w- c:\program files\Vivitar Experience Image Manager
.
==================== Find3M ====================
.
2012-03-03 13:44:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:00:35.46 ===============
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Wed Mar 21, 2012 2:08 am    Post subject: Reply with quote

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/3/2010 2:01:43 PM
System Uptime: 3/18/2012 1:51:25 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 1595/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 181.281 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.738 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP755: 3/3/2012 8:42:11 AM - Installed Java(TM) 6 Update 31
RP756: 3/4/2012 11:49:07 AM - Scheduled Checkpoint
RP757: 3/5/2012 6:07:46 PM - Scheduled Checkpoint
RP758: 3/6/2012 4:53:00 PM - Windows Update
RP759: 3/7/2012 5:54:41 PM - Scheduled Checkpoint
RP760: 3/8/2012 6:08:01 PM - Scheduled Checkpoint
RP761: 3/9/2012 6:05:07 PM - Scheduled Checkpoint
RP762: 3/10/2012 8:12:25 AM - Scheduled Checkpoint
RP763: 3/11/2012 8:57:25 AM - Windows Update
RP764: 3/12/2012 5:48:09 PM - Scheduled Checkpoint
RP765: 3/13/2012 6:04:29 AM - Windows Update
RP766: 3/14/2012 4:09:02 PM - Scheduled Checkpoint
RP767: 3/15/2012 5:55:26 PM - Scheduled Checkpoint
RP768: 3/17/2012 8:32:56 AM - Windows Update
RP769: 3/17/2012 3:55:29 PM - Windows Update
RP770: 3/17/2012 10:40:52 PM - Installed Ad-Aware
RP771: 3/17/2012 10:41:54 PM - Installed Ad-Aware
RP772: 3/18/2012 11:54:24 AM - Windows Update
RP773: 3/18/2012 2:44:25 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AIM 7
Apple Application Support
Apple Software Update
CCScore
Cisco Network Magic
D3DX10
Dell Resource CD
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ffdshow [rev 2527] [2008-12-19]
FlipShare
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2_18
Java Auto Updater
Java(TM) 6 Update 31
Kodak EasyShare software
Lexmark 3400 Series
Lexmark Toolbar
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Network Magic
OfotoXMI
PowerDVD
Pure Networks Platform
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
staticcr
Symantec Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
Vivitar Experience Image Manager
VLC media player 1.0.5
VPRINTOL
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WIRELESS
Yahoo! Install Manager
Yahoo! Software Update
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/18/2012 8:47:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/18/2012 8:46:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
3/18/2012 8:45:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/18/2012 8:45:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
3/18/2012 8:44:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
3/18/2012 1:53:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/13/2012 4:50:31 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 00219B239AF3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/13/2012 4:50:26 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:32 PM on 3/13/2012 was unexpected.
3/12/2012 5:52:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Wed Mar 21, 2012 8:13 am    Post subject: Reply with quote

Hello stanthehorse Smile,

Remove P2P software

  • IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
  • Please remove them before we continue with fixing your computer.

Please run DDS and post a new Attach.txt.
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Wed Mar 21, 2012 12:39 pm    Post subject: Reply with quote

Thanks for the advice, I uninstalled that program

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Sabrina at 16:32:40 on 2012-03-21
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.616 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\lxcycoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{24C25C37-5DB4-4487-80F4-0B198FAD4C8A} : DhcpNameServer = 192.168.1.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-17 64512]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-4-3 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-6 20376]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-14 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-6 106104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-4-3 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-20 09:58:11 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{215494fa-567c-49e1-a528-f449fac7ddc6}\mpengine.dll
2012-03-18 18:45:22 388096 ----a-r- c:\users\sabrina\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-18 18:45:21 -------- d-----w- c:\program files\Trend Micro
2012-03-18 02:47:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-18 02:42:39 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-18 02:42:28 -------- d-----w- c:\program files\Lavasoft
2012-03-17 19:55:20 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-17 19:55:20 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-17 19:55:20 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 19:55:19 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 19:55:19 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-17 19:55:03 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-17 19:55:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 19:55:02 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 19:54:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-17 19:54:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-07 22:08:35 -------- d-----w- c:\program files\common files\Software Update Utility
.
==================== Find3M ====================
.
2012-03-03 13:44:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:36:26.48 ===============
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Wed Mar 21, 2012 12:40 pm    Post subject: Reply with quote

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/3/2010 2:01:43 PM
System Uptime: 3/21/2012 4:22:08 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 1595/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 191.175 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.738 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AIM 7
Apple Application Support
Apple Software Update
CCScore
Cisco Network Magic
D3DX10
Dell Resource CD
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ffdshow [rev 2527] [2008-12-19]
FlipShare
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2_18
Java Auto Updater
Java(TM) 6 Update 31
Kodak EasyShare software
Lexmark 3400 Series
Lexmark Toolbar
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Network Magic
OfotoXMI
PowerDVD
Pure Networks Platform
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
staticcr
Symantec Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
Vivitar Experience Image Manager
VLC media player 1.0.5
VPRINTOL
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WIRELESS
Yahoo! Install Manager
Yahoo! Software Update
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/21/2012 4:23:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/19/2012 4:20:38 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Sabrina\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
3/18/2012 8:47:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/18/2012 8:46:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
3/18/2012 8:45:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/18/2012 8:45:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
3/18/2012 8:44:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Wed Mar 21, 2012 4:28 pm    Post subject: Reply with quote

Hello stanthehorse Smile,

Does ZoneAlarm Security include the Antivirus package? If yes, please let me know and it should be considered below.

You are running more than one Antivirus (AV) softwares:

Ad-Aware
Symantec Endpoint Protection
ZoneAlarm Security


Although AV is essential for keeping your computer free from viruses, having more than one AV will do more harm than protect your computer. They will not only conflict, but will slow down your computer as well. Did you pay for either one of them? Please keep the paid AV and uninstall the other. Otherwise, you will need to choose in accordance to your preference.

The same principle applies for security programs with real time protection as well. Please choose one from each category and uninstall the others:

Antimalware / antispyware programs:
Spybot - Search & Destroy
Windows Defender


Having more does not mean it is better.

--------------------

Please download aswMBR and save it to your desktop. Click here.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
  • Please post the contents of the log in your next reply.

--------------------

Please post back:
1. the answer to my question on ZoneAlarm Security
2. aswMBR log
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Wed Mar 21, 2012 6:54 pm    Post subject: Reply with quote

Hello. The version of ZoneAlarm I am running is only a firewall.

I have uninstalled spybot and ad aware. I downloaded the program and am running it. Thanks.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-21 22:30:06
-----------------------------
22:30:06.580 OS Version: Windows 6.0.6002 Service Pack 2
22:30:06.580 Number of processors: 2 586 0x1706
22:30:06.581 ComputerName: SABRINA-PC UserName: Sabrina
22:30:07.458 Initialize success
22:32:35.571 AVAST engine defs: 12032000
22:32:44.401 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:32:44.401 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
22:32:44.416 Disk 0 MBR read successfully
22:32:44.416 Disk 0 MBR scan
22:32:44.463 Disk 0 Windows VISTA default MBR code
22:32:44.463 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:32:44.494 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
22:32:44.510 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
22:32:44.526 Disk 0 scanning sectors +625139712
22:32:44.635 Disk 0 scanning C:\Windows\system32\drivers
22:32:54.572 Service scanning
22:33:15.008 Modules scanning
22:33:21.997 Disk 0 trace - called modules:
22:33:22.075 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:33:22.075 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851fbaa0]
22:33:22.090 3 CLASSPNP.SYS[881a98b3] -> nt!IofCallDriver -> [0x84febc10]
22:33:22.090 5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fce8a0]
22:33:23.104 AVAST engine scan C:\Windows
22:33:25.507 AVAST engine scan C:\Windows\system32
22:36:08.730 AVAST engine scan C:\Windows\system32\drivers
22:36:22.068 AVAST engine scan C:\Users\Sabrina
22:40:24.491 Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"
22:40:24.501 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-21 22:41:05
-----------------------------
22:41:05.259 OS Version: Windows 6.0.6002 Service Pack 2
22:41:05.259 Number of processors: 2 586 0x1706
22:41:05.259 ComputerName: SABRINA-PC UserName: Sabrina
22:41:06.499 Initialize success
22:41:11.519 AVAST engine defs: 12032000
22:41:16.739 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:41:16.749 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
22:41:16.779 Disk 0 MBR read successfully
22:41:16.789 Disk 0 MBR scan
22:41:16.829 Disk 0 Windows VISTA default MBR code
22:41:16.839 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:41:16.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
22:41:16.889 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
22:41:16.909 Disk 0 scanning sectors +625139712
22:41:17.029 Disk 0 scanning C:\Windows\system32\drivers
22:41:35.909 Service scanning
22:41:55.709 Modules scanning
22:42:05.179 Disk 0 trace - called modules:
22:42:05.549 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:42:05.559 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851fbaa0]
22:42:05.559 3 CLASSPNP.SYS[881a98b3] -> nt!IofCallDriver -> [0x84febc10]
22:42:05.569 5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fce8a0]
22:42:06.419 AVAST engine scan C:\Windows
22:42:11.619 AVAST engine scan C:\Windows\system32
22:46:53.479 AVAST engine scan C:\Windows\system32\drivers
22:47:31.519 AVAST engine scan C:\Users\Sabrina
23:02:18.307 AVAST engine scan C:\ProgramData
23:04:41.827 Scan finished successfully
23:10:05.558 Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"
23:10:05.574 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Wed Mar 21, 2012 7:40 pm    Post subject: Reply with quote

Hello stanthehorse Smile,

One more thing about your security programs. I looked up Symantec Endpoint Protection and it covers spyware protection as well. Due to this, it would be advisable to uninstall or disable Windows Defender.

--------------------

Scan with RogueKiller
  • Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
    Link 1
    [url=tigzy.geekstogo.com/Tools/RogueKiller.exe]Link 2[/url]
  • Allow the download if prompted by your security software and please close all your programs.
  • Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.

--------------------

Please post back:
1. the RogueKiller log
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Thu Mar 22, 2012 2:31 am    Post subject: Reply with quote

Hello, here you go.

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Sabrina [Admin rights]
Mode: Scan -- Date: 03/22/2012 06:25:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x826A753D -> HOOKED (Unknown @ 0x870CE798)
SSDT[14] : NtAlertThread @ 0x82620255 -> HOOKED (Unknown @ 0x870CE878)
SSDT[18] : NtAllocateVirtualMemory @ 0x8265C4FB -> HOOKED (Unknown @ 0x870CD220)
SSDT[67] : NtCreateMutant @ 0x8263480C -> HOOKED (Unknown @ 0x870CE4E8)
SSDT[78] : NtCreateThread @ 0x826A5BB4 -> HOOKED (Unknown @ 0x870CD370)
SSDT[147] : NtFreeVirtualMemory @ 0x82498F5D -> HOOKED (Unknown @ 0x870CD080)
SSDT[156] : NtImpersonateAnonymousToken @ 0x825CEF12 -> HOOKED (Unknown @ 0x870CE5D8)
SSDT[158] : NtImpersonateThread @ 0x825E454F -> HOOKED (Unknown @ 0x870CE6B8)
SSDT[177] : NtMapViewOfSection @ 0x8262489A -> HOOKED (Unknown @ 0x870CEF70)
SSDT[184] : NtOpenEvent @ 0x8260DDCF -> HOOKED (Unknown @ 0x870CE408)
SSDT[195] : NtOpenProcessToken @ 0x82615A2E -> HOOKED (Unknown @ 0x870CD2F0)
SSDT[202] : NtOpenThreadToken @ 0x826302A8 -> HOOKED (Unknown @ 0x870CED10)
SSDT[282] : NtResumeThread @ 0x8262FB45 -> HOOKED (Unknown @ 0x870C8F28)
SSDT[289] : NtSetContextThread @ 0x826A6883 -> HOOKED (Unknown @ 0x870CEC50)
SSDT[305] : unknown @ 0x826288C8 -> HOOKED (Unknown @ 0x870CEDE0)
SSDT[306] : NtSetInformationThread @ 0x8260D2AD -> HOOKED (Unknown @ 0x870CEB80)
SSDT[330] : NtSuspendProcess @ 0x826A7477 -> HOOKED (Unknown @ 0x870CE328)
SSDT[331] : NtSuspendThread @ 0x825AE92B -> HOOKED (Unknown @ 0x870CE9C0)
SSDT[335] : NtTerminateThread @ 0x8263052F -> HOOKED (Unknown @ 0x870CEAA0)
SSDT[348] : NtUnmapViewOfSection @ 0x82624B5D -> HOOKED (Unknown @ 0x870CEEB0)
SSDT[358] : NtWriteVirtualMemory @ 0x8262192D -> HOOKED (Unknown @ 0x870CD150)
S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0xBA4382C8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 4b37dd65d78255cc88e9e7bcfb09711a
[BSP] 5114e3fd9951cb2acb33983720a9f917 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 294949 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Thu Mar 22, 2012 5:22 am    Post subject: Reply with quote

I'm trying to understanthe process here. It seems like the virus program found nothing but rougekiller found something Is that right?
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Thu Mar 22, 2012 8:28 am    Post subject: Reply with quote

Hello stanthehorse Smile,

We need to look deeper.

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
  • If you need help to disable your protection programs see here and here.
  • Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
  • In the right panel, you will see several boxes that have been checked (ticked).
    • Uncheck IAT/EAT
    • Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
    • Uncheck Show All (don't miss this one)
  • Then click the Scan button and wait for it to finish.
  • Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
  • Enable back your security softwares as soon as you completed the GMER steps.
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

If you are having problems running GMER, retry with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

--------------------

Please post back:
1. the Gmer log
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Thu Mar 22, 2012 4:29 pm    Post subject: Reply with quote

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-22 20:27:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.01.03E01
Running: ky2h0mb3.exe; Driver: C:\Users\Sabrina\AppData\Local\Temp\pxlirfob.sys


---- System - GMER 1.0.15 ----

SSDT 86F07128 ZwAlertResumeThread
SSDT 86F07208 ZwAlertThread
SSDT 86E69100 ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x972AE26C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x972AEB34]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x972ADCC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x972A7586]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x972C8E92]
SSDT 87023760 ZwCreateMutant
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x972AE7CC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x972C2E1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x972C3244]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x972CD46E]
SSDT 87032600 ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x972AE92A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x972A82B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x972CA8DE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x972CA1F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x972C1C00]
SSDT 87021180 ZwFreeVirtualMemory
SSDT 87023850 ZwImpersonateAnonymousToken
SSDT 86F07048 ZwImpersonateThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x972CB2A8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x972CB4E6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x972CB998]
SSDT 86EE6008 ZwMapViewOfSection
SSDT 87023680 ZwOpenEvent
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x972A7E6E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x972C5334]
SSDT 86E691D0 ZwOpenProcessToken
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x972C4F22]
SSDT 86EE61A8 ZwOpenThreadToken
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x972CC36E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x972CBC62]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x972AD86A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x972CCDCE]
SSDT 86F0EDA8 ZwResumeThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x972ADF8E]
SSDT 86EE60C8 ZwSetContextThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x972A86C0]
SSDT 86EE6298 ZwSetInformationProcess
SSDT 86F07510 ZwSetInformationThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x972CC8F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x972C9954]
SSDT 870235A0 ZwSuspendProcess
SSDT 86F07350 ZwSuspendThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x972C3F40]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x972C3C70]
SSDT 86F07430 ZwTerminateThread
SSDT 86EE6388 ZwUnmapViewOfSection
SSDT 87021270 ZwWriteVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x972C36B8]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 824FC8A0 8 Bytes [28, 71, F0, 86, 08, 72, F0, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 824FC8B4 4 Bytes [00, 91, E6, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 824FC8C0 8 Bytes [6C, E2, 2A, 97, 34, EB, 2A, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 824FC944 4 Bytes [C2, DC, 2A, 97] {RET 0x2adc; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1D9 824FC95C 4 Bytes [86, 75, 2A, 97] {XCHG [EBP+0x2a], DH; XCHG EDI, EAX}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[572] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[572] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[612] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[696] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[724] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[732] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[864] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[924] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1024] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[1104] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1120] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1216] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1264] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1264] USER32.dll!IsWindowUnicode + 37 765090B5 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1680] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] kernel32.dll!SetUnhandledExceptionFilter 76DDA8C5 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2300] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2556] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AERTSrv.exe[2596] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] ntdll.dll!NtAccessCheckByType 770F3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] ntdll.dll!NtAlpcImpersonateClientOfPort 770F4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] ntdll.dll!NtImpersonateClientOfPort 770F4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] ntdll.dll!NtSetInformationProcess 770F5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] kernel32.dll!OpenProcess 76DF7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] USER32.dll!FindWindowA 76509D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] USER32.dll!FindWindowW 7651A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] ADVAPI32.dll!ImpersonateNamedPipeClient 76823A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atashost.exe[2632] ADVAPI32.dll!SetThreadToken 76838E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[2760] ntdll.dll!NtAccessCheckByType
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Thu Mar 22, 2012 4:30 pm    Post subject: Reply with quote

I had to run the program with DEVICES unchecked if that helps.
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Thu Mar 22, 2012 8:30 pm    Post subject: Reply with quote

Hello stanthehorse Smile,

Do you experience this issue with other browsers like Firefox or Chrome?

I want you to troubleshoot the problem by going into IE's setting.

First, clear out the temporary internet files as outline here.

Next, have a look at the Add-ons to check if there is anything out of place. Please let me know the results.

--------------------

Please download MiniToolBox© by farbar and save it to your desktop. Click here.
  • Double click on MiniToolBox.exe to run it.
    Please check (tick) the following options:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List IP configuration
  • Click on the GO button. A log will open.
  • Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Please post back:
1. if the issue happen with other browsers
2. how IE troubleshooting went
3. MiniToolBox results
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Fri Mar 23, 2012 2:19 am    Post subject: Reply with quote

Hello. Have any of these programs found a virus or spyware program on my computer?

Here are the results of minitoobox. I do not have any other browsers installed on my computer. I am headed to work so when I get home I will do some web surfing and see if the problem has resolved.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Sabrina (administrator) on 23-03-2012 at 06:13:32
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sabrina-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-21-9B-23-9A-F3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bcec:ff61:f29:94b4%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, March 22, 2012 4:25:38 PM
Lease Expires . . . . . . . . . . : Saturday, March 24, 2012 5:58:18 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 167780763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-49-22-A0-00-21-9B-23-9A-F3
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{24C25C37-5DB4-4487-80F4-0B198FAD4C8A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.110
74.125.225.96
74.125.225.97
74.125.225.98
74.125.225.99
74.125.225.100
74.125.225.101
74.125.225.102
74.125.225.103
74.125.225.104
74.125.225.105



Pinging google.com [74.125.225.65] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 74.125.225.65:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=60ms TTL=49

Reply from 209.191.122.70: bytes=32 time=59ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 59ms, Maximum = 60ms, Average = 59ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=17ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 17ms, Average = 9ms

===========================================================================
Interface List
10 ...00 21 9b 23 9a f3 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{24C25C37-5DB4-4487-80F4-0B198FAD4C8A}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.101 276
192.168.2.101 255.255.255.255 On-link 192.168.2.101 276
192.168.2.255 255.255.255.255 On-link 192.168.2.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::bcec:ff61:f29:94b4/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Fri Mar 23, 2012 12:42 pm    Post subject: Reply with quote

Hi, home from work and the problem still exists.

I cleared out my temporary folders and disabled all add ons. I remained signed OUT of my email home page. Then I opened and closed IE multiple times.

When IE opened two windows my home page (my yahoo) was signed in, as well as any other pages I had entere information on (bbs) even though I hadn't entered any information.

When it opened one page it remained signed out.

Also still getting "do you want to open or save default_179583-1.js from cdn.fastclick.net"
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Fri Mar 23, 2012 11:28 pm    Post subject: Reply with quote

Hello stanthehorse Smile,

Please reset your browser to its default settings.

Internet Explorer.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on Run ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
  • Then, check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
  • Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. the ESET report
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Sat Mar 24, 2012 5:28 am    Post subject: Reply with quote

Hello, the program said no threats found.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Sat Mar 24, 2012 5:35 pm    Post subject: Reply with quote

Hi, I do not seem to be getting the multiple windows problem but I am still getting a popup to open or save the cdnfastclick file.
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Sun Mar 25, 2012 8:23 am    Post subject: Reply with quote

Hello stanthehorse Smile,

I take it that this latest update is after you reset the Internet Explorer?

Does the pop up happen only when you visit specific sites? What do you always do when it shows up; clicking the cross to close the dialog?

Nothing bad showing up in the logs so far.

--------------------

Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

Link 1
Link 2

Run ATF Cleaner
  • Exit all browsers.
  • Double-click ATF Cleaner.exe to open it.
  • Click Run if prompted.
  • At the bottom of the list, check (tick) Select All.
  • Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
  • Then click the Empty Selected button.
  • Firefox:

    • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
    • Click the Empty Selected button.
    • Note: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

--------------------

Please post back:
1. the answers to my questions
2. an update on the situation after ATF Cleaner
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Sun Mar 25, 2012 5:53 pm    Post subject: Reply with quote

Yes the latest update was after I reset IE. I'm going to feel awful silly if this was an IE issue.

I ran the ATF file, how is this file different then clicking on the clear temp folders option on my own?

I have not seen the pop up yet, however when I saw it I would click the X. It followed me to a horse related BB I frequent and to my homepage for my email. If I don't see it by tommorow I will let you know.

I really appreciate all the help you have been!
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Sun Mar 25, 2012 11:45 pm    Post subject: Reply with quote

Hello stanthehorse Smile,

You are most welcome.

Quote:
I ran the ATF file, how is this file different then clicking on the clear temp folders option on my own?
It covers more areas and I am not sure to what extent you have done regarding clearing the temp files.

Quote:
related BB I frequent
Could you please elaborate on this? Earlier you mentioned "bbs". What site is that? Please quote the address as sitename[dot]com or similar.
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Mon Mar 26, 2012 2:08 am    Post subject: Reply with quote

Hi, it's another bulletin board like this one only about horses. When I clear the temp files on my own I go to IE, click on tools, internet options, general, then delete temp files.

www[dot]chronofhorse[dot]com/forum/
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Mon Mar 26, 2012 9:40 pm    Post subject: Reply with quote

Hello stanthehorse Smile,

Please advise how are things going now? Any more pop ups?

--------------------

Please uninstall this older version of Java, it is a security vulnerability:
Java 2 Runtime Environment, SE v1.4.2_18

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 9.3.2

  • Go to the Adobe download page. Click here.
  • If your OS is not the same as stated, click on Do you have a different language or operating system? link.
    • Under the Select an operating system title, choose the OS that you have.
    • Change the language at the Select a language title.
    • Next, select the version of the reader at the Select a Version title.
    • Uncheck (untick) to opt out of any optional toolbar or program installation.
    • Click the Download now button to proceed. Allow if prompted and save the file to a convenient location.
    • Run the downloaded file to continue with the installation.
  • If your OS is the same, uncheck (untick) to opt out of any optional toolbar or program installation.
  • Click Download to proceed. Allow if prompted and save the file to a convenient location.
  • Run the downloaded file to continue with the installation.

Alternatively, you can try Foxit Reader Portable or Nuance PDF Reader.

--------------------

Please run DDS again and post back both logs.

--------------------

Please post back:
1. how are things?
2. fresh DDS logs
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Tue Mar 27, 2012 1:10 pm    Post subject: Reply with quote

Hi, no more popups but I am running IE with all the add ons disabled.

I have uninstalled Java and Adobe Reader and installed a new version of Adobe.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Sabrina at 16:56:19 on 2012-03-27
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.641 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\lxcycoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://my.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{24C25C37-5DB4-4487-80F4-0B198FAD4C8A} : DhcpNameServer = 192.168.1.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-4-3 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-6 20376]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-6 106104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-4-3 112128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-27 20:46:37 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8570ccad-124c-413c-867f-72bc65238d5b}\mpengine.dll
2012-03-27 20:40:44 -------- d-----w- c:\users\sabrina\appdata\local\Adobe
2012-03-27 00:17:38 -------- d-----w- c:\users\sabrina\appdata\local\Apple Computer
2012-03-26 21:26:53 -------- d-----w- c:\program files\uTorrent
2012-03-26 20:28:05 -------- d-----w- c:\users\sabrina\appdata\local\AOL
2012-03-26 20:28:05 -------- d-----w- c:\users\sabrina\appdata\local\AIM
2012-03-18 02:47:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-18 02:42:28 -------- d-----w- c:\program files\Lavasoft
2012-03-17 19:55:20 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-17 19:55:20 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-17 19:55:20 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 19:55:19 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 19:55:19 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-17 19:55:03 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-17 19:55:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 19:55:02 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 19:54:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-17 19:54:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-07 22:08:35 -------- d-----w- c:\program files\common files\Software Update Utility
.
==================== Find3M ====================
.
2012-03-03 13:44:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:57:29.52 ===============
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Tue Mar 27, 2012 1:14 pm    Post subject: Reply with quote

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/3/2010 2:01:43 PM
System Uptime: 3/27/2012 4:24:25 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 1595/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 188.808 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.738 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2)
AIM 7
Apple Application Support
Apple Software Update
CCScore
Cisco Network Magic
D3DX10
Dell Resource CD
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ffdshow [rev 2527] [2008-12-19]
FlipShare
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 31
Kodak EasyShare software
Lexmark 3400 Series
Lexmark Toolbar
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Network Magic
OfotoXMI
PowerDVD
Pure Networks Platform
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Sonic CinePlayer Decoder Pack
staticcr
Symantec Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
Vivitar Experience Image Manager
VLC media player 1.0.5
VPRINTOL
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WIRELESS
Yahoo! Install Manager
Yahoo! Software Update
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
3/27/2012 4:45:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/27/2012 4:45:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/27/2012 4:41:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/27/2012 4:25:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/24/2012 7:41:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Sabrina-PC\Sabrina SID (S-1-5-21-3177937677-962641785-2388204437-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/23/2012 6:00:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
3/23/2012 5:59:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/23/2012 5:59:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
3/23/2012 5:58:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Tue Mar 27, 2012 5:53 pm    Post subject: Reply with quote

Hello, my computer just crashed and then restarted. Not sure why as I have not had problems with the multple windows or the popup.
I got a blue screen and something about a driver and then it shut down and restarted.

This is what it said when it restarted.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033

Additional information about the problem:
BCCode: f7
BCP1: C120FC52
BCP2: CAD72207
BCP3: 3528DDF8
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini032712-01.dmp
C:\Users\Sabrina\AppData\Local\Temp\WER-112133-0.sysdata.xml
C:\Users\Sabrina\AppData\Local\Temp\WER79E.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Tue Mar 27, 2012 6:37 pm    Post subject: Reply with quote

Hello stanthehorse,

You have reinstalled µTorrent?
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
stanthehorse
Junior Member


Joined: 18 Mar 2012
Last Visit: 28 Mar 2012
Posts: 21

PostPosted: Wed Mar 28, 2012 2:20 am    Post subject: Reply with quote

I thought that it was making a video file not run right but I was wrong so I took it off.
Back to top
View user's profile Send private message
Jack&Jill
MWR Teacher


Joined: 25 Jul 2009
Last Visit: 13 May 2014
Posts: 422
Location: South East Asia

PostPosted: Wed Mar 28, 2012 5:12 am    Post subject: Reply with quote

Hello stanthehorse,

When a user posts for help, there is a certain amount of trust between the user and the person helping you. You trust me to provide help to clean your system and in return I trust you to provide the information via logs that I ask for, and for following the policies of the forum.

Regardless of whatever reasons you reinstalled the P2P program or whether you removed it later, you have broken that trust and I am no longer bound to help you.

This thread is now closed.
_________________
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Spyware Warrior.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group