jackrobinson Posted March 16, 2010 Report Share Posted March 16, 2010 I sent similar message before but can't see it posted...After many hours of being away from home I come back to discover that outlook 2003 is stuck during send/receive. i then attempt to kill both and gui exits but process continue to be un-killable. windows won't shut down and then only sollution is to hard poweroff pc.Can someone please help?Logs below (no .dmp exists).Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:40:44, on 17/03/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Babylon\Babylon-Pro\Babylon.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\WINDOWS\rdr_1259267535.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\allSnap\allSnap.exeC:\Program Files\TechSmith\SnagIt 8\SnagIt32.exeD:\MY DOCUMENTS\TEMP\PROCEXP.EXED:\My Documents\Portable\USBDeview 1.43 Portable\USBDeview.exeC:\Program Files\TechSmith\SnagIt 8\TSCHelp.exeC:\Program Files\TechSmith\SnagIt 8\SnagPriv.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeD:\My Documents\Temp\HijackThis.exeD:\MY DOCUMENTS\TEMP\PROCEXP.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exeO4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe bootO4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStartO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [CPU] C:\WINDOWS\rdr_1259267535.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exeO4 - Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exeO4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exeO4 - Startup: USB Devices.lnk = D:\My Documents\Portable\USBDeview 1.43 Portable\USBDeview.exeO4 - User Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exeO4 - User Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exeO4 - User Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exeO4 - User Startup: USB Devices.lnk = D:\My Documents\Portable\USBDeview 1.43 Portable\USBDeview.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htmO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258072961734O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2548C880-C8EB-4263-9FC2-65F30B579EEE}: NameServer = 194.90.1.5 212.143.212.143O17 - HKLM\System\CS1\Services\Tcpip\..\{2548C880-C8EB-4263-9FC2-65F30B579EEE}: NameServer = 194.90.1.5 212.143.212.143O17 - HKLM\System\CS2\Services\Tcpip\..\{2548C880-C8EB-4263-9FC2-65F30B579EEE}: NameServer = 212.143.212.143 194.90.1.5O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe (file missing)--End of file - 8336 bytesProcess PID CPU Description Company NameSystem Idle Process 0 93.94 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 496 Windows NT Session Manager Microsoft Corporation csrss.exe 800 Client Server Runtime Process Microsoft Corporation winlogon.exe 836 Windows NT Logon Application Microsoft Corporation services.exe 884 1.52 Services and Controller app Microsoft Corporation ati2evxx.exe 1056 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1076 Generic Host Process for Win32 Services Microsoft Corporation LVComSX.exe 1716 LVCom Server Logitech Inc. COCIManager.exe 2324 Camera Control Interface Logitech Inc. hpqbam08.exe 3952 HP CUE Alert Popup Window Objects Hewlett-Packard Co. svchost.exe 1156 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1272 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1384 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1440 Generic Host Process for Win32 Services Microsoft Corporation vsmon.exe 1504 0.76 TrueVector Service Check Point Software Technologies LTD ScanningProcess.exe 264 Kaspersky AV Scanner Kaspersky Lab. ScanningProcess.exe 568 Kaspersky AV Scanner Kaspersky Lab. spoolsv.exe 396 Spooler SubSystem App Microsoft Corporation LVPrcSrv.exe 556 Logitech LVPrcSrv Module. Logitech Inc. svchost.exe 3448 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 3636 Generic Host Process for Win32 Services Microsoft Corporation jqs.exe 3660 Java Quick Starter Service Sun Microsystems, Inc. svchost.exe 3736 Generic Host Process for Win32 Services Microsoft Corporation NMSAccessU.exe 3784 svchost.exe 3868 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 3928 Generic Host Process for Win32 Services Microsoft Corporation wdfmgr.exe 4008 Windows User Mode Driver Manager Microsoft Corporation alg.exe 3224 Application Layer Gateway Service Microsoft Corporation lsass.exe 896 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 1592 ATI External Event Utility EXE Module ATI Technologies Inc. procexp.exe 2292 Sysinternals Process Explorer Sysinternals - www.sysinternals.com procexp.exe 1668 Sysinternals Process Explorer Sysinternals - www.sysinternals.comexplorer.exe 1944 Windows Explorer Microsoft Corporation Communications_Helper.exe 728 Communications Manager Logitech Inc. QuickCam10.exe 764 Camera Software Logitech Inc. RTHDCPL.exe 768 Realtek HD Audio Control Panel Realtek Semiconductor Corp. Babylon.exe 1140 Babylon Information Tool Babylon Ltd. zlclient.exe 1176 1.52 ZoneAlarm Client Check Point Software Technologies LTD hpwuSchd2.exe 1460 hpwuSchd Application Hewlett-Packard jusched.exe 1492 Java Platform SE binary Sun Microsystems, Inc. ctfmon.exe 1652 CTF Loader Microsoft Corporation rdr_1259267535.exe 1728 hpqtra08.exe 2980 HP Digital Imaging Monitor Hewlett-Packard Co. hpqste08.exe 3528 HP CUE Status Root Hewlett-Packard Co. allSnap.exe 3028 allSnap: makes all windows snap together Ivan Heckman SnagIt32.exe 3172 SnagIt 8 TechSmith Corporation TscHelp.exe 3488 TechSmith HTML Help Helper TechSmith Corporation SnagPriv.exe 4004 SnagIt RPC Helper TechSmith Corporation procexp.exe 2212 0.76 Sysinternals Process Explorer Sysinternals - www.sysinternals.com USBDeview.exe 2456 Lists USB Devices NirSoft Skype.exe 3940 0.76 Skype. Take a deep breath Skype Technologies S.A. uTorrent.exe 2488 0.76 µTorrent BitTorrent, Inc. firefox.exe 1372 Firefox Mozilla Corporation HijackThis.exe 3348 HijackThis Trend Micro Inc. notepad.exe 196 Notepad Microsoft CorporationMOM.exe 680 Catalyst Control Center: Monitoring program ATI Technologies Inc. CCC.exe 2992 Catalyst Control Centre: Host application ATI Technologies Inc.Process: uTorrent.exe Pid: 2488Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.3520appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.2browseui.dll Shell Browser UI Library Microsoft Corporation 6.0.2900.3627c_1252.nls Captlib.dll Babylon Information Tool Babylon Ltd. 7.0.0.13CLBCATQ.DLL Microsoft Corporation 2001.12.4414.308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.258credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.2180CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180CSCDLL.dll Offline Network Agent Microsoft Corporation 5.1.2600.2180cscui.dll Client Side Caching UI Microsoft Corporation 5.1.2600.2180ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.3394GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.3466hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.2180iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.6001.18876IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.2180IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.3541LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.1.2600.2751locale.nls LPK.DLL Language Pack Microsoft Corporation 5.1.2600.2180LVPrcInj.dll Camera Helper Library. Logitech Inc. 10.5.1.2027MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.2180MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.3624MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.3319msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.2180MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.3394netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.3462NETSHELL.dll Network Connections Shell Microsoft Corporation 5.1.2600.2180Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.5441.0ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.3520ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.1.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.2726OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.2.5406.0oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.2.5406.0oleaut32.dll Microsoft Corporation 5.1.2600.3266psapi.dll Process Status Helper Microsoft Corporation 5.1.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.3555rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.3592SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.2180shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.0.2900.3627SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.3402shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.3653snap_libW.dll allSnap hook dll Ivan Heckman 1.3.0.5sortkey.nls sorttbls.nls unicode.nls urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.18876USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.3099USERENV.dll Userenv Microsoft Corporation 5.1.2600.2180USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180uTorrent.exe µTorrent BitTorrent, Inc. 2.0.0.18488uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.2180WININET.dll Internet Extensions for Win32 Microsoft Corporation 8.0.6001.18876WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.2180 Link to comment Share on other sites More sharing options...
Firon Posted March 16, 2010 Report Share Posted March 16, 2010 Uninstall Zone Alarm. And upgrade to Service Pack 3. Link to comment Share on other sites More sharing options...
jackrobinson Posted March 16, 2010 Author Report Share Posted March 16, 2010 Do I understand well? Uninstall ZA, Install SP3, Install ZA?Or are you saying that ZA should not be installed? Link to comment Share on other sites More sharing options...
Firon Posted March 16, 2010 Report Share Posted March 16, 2010 Uninstall Zone Alarm, install Service pack 3, don't reinstall ZA. Link to comment Share on other sites More sharing options...
jackrobinson Posted March 17, 2010 Author Report Share Posted March 17, 2010 well then i will be vulnerable. Thanks Firon for the advice. Link to comment Share on other sites More sharing options...
Switeck Posted March 17, 2010 Report Share Posted March 17, 2010 Use Microsoft windows firewall.Presumably you have a router as well?Zone Alarm is so buggy it can actually make your computer MORE vulnerable. There were exploits for previous versions of it, though the most recent may not be. Link to comment Share on other sites More sharing options...
Firon Posted March 17, 2010 Report Share Posted March 17, 2010 Just use the Windows firewall. ZA doesn't do anything to secure you; it just screws a computer's stability. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.