2 probelms
-
2 probelms
1) the old unwanted search toolbar in IE
2) Trojan horses keep appearing on my virus checker
HiJack this log:
Logfile of HijackThis v1.99.1
Scan saved at 13
28, on 17/09/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gary\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: (no name) - {73F932BA-C28E-F9E6-151F-1CE3932626B2} - _ctcp.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{91E1BBDF-875F-4B6C-8239-0C1C7794178C}.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{91E1BBDF-875F-4B6C-8239-0C1C7794178C}.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [cicbi.exe] C:\WINDOWS\System32\cicbi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37800.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6024B5E6-493B-46CC-BBA5-6DB3087B6DC1}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{70ECCC78-D855-4B13-A095-BC7B2BED87E7}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Welcome,
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Also...
Download and install
Ewido anti-spyware
4.0 (uninstall any previous version first).- Click the Download BUTTON. On the next page click the
Download now BUTTON. - Save and then install (Run) from the save location.
- Open/Run ewido anti-spyware
- Wait a few moments and Ewido should Auto update itself (note date of last
update). If it doesn't update, click the update ICON at top of
screen:
- Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install
- This is very important to get the LATEST
updates
- Click on the Status ICON
- Under "Your computers Security"
Click change status on Resident shield to inactive
(ONLY consider activation of that feature once you are
clean)
- Click on the Scanner ICON at the top of the window
- Click on the Settings tab then select Recommended Actions
and choose Quarantine
Close ALL open Windows / Programs / Folders. Please start
Ewido, and run a full scan:
- Click on the default Status ICON and select
the Scan now LINK.
OR
- Click on the Scanner ICON . Select the Scan
TAB.
- Select Complete System Scan. Ewido will now begin to scan your
system.
- If Ewido finds anything it will list them in the Preview WINDOW:
- Make sure that Set all elements to: shows
Quarantine, if not click on the link and choose
Quarantine from the popup menu. - Select Apply all actions at the bottom of the window (and the
items found will be quarantined - and recoverable, if any items are needed
back).
- When the scan has completed, click on the Save Scan Report button
and save the scan to your Desktop where it can be easily found. - Copy and paste the EWIDO scan results into your next
post. - Close Ewido.
-
Hi!
Thanks for that, here we go.
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}35FE5C42F028-03E8-64B4-ADB2-0FA9BCC4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}13C410B01019-6A5B-5BD4-C04F-3E5D2F12{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}CB5C42CAB63B-59CA-6EC4-44E6-BD3C7389{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}05B729CD1CBE-F02B-6274-774D-7CC195C2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}D3492BE88D66-879A-73B4-BE3F-6D11BDF9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}FAFA0125DEA0-DDC9-B394-5D85-7C85B364{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}304BB96E1C3F-7FB9-04B4-3457-69062483{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}7766DBFF53AC-6F28-8F44-9070-CC52A425{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}6C112F81EDC0-8B4B-E974-5456-B3032852{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}853BB7866061-82D9-5D64-C113-793DD138{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}FE9FC3E1A56D-BC4B-5884-B5D0-08BFCA81{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}CECE85B24D9F-4368-9014-C2A1-08ED5976{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}896827B84093-0098-7224-F568-98AF1D8B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}E207F5CBCA18-32A9-3E04-DC87-D5D5E229{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}D84B78BEBD1F-259B-17D4-320A-28F1907C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}7B074AD44891-0629-6AB4-045E-B34B22FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}7E9706363A89-DB0B-6444-6BE3-F5256281{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}DB58E500316A-24AB-EE54-6677-7BC9E626{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}223FEA576685-AE78-C254-2BB2-2712420A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}BAF8E8DC9389-D0F8-3AC4-B271-FFC31BC0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}B3FB2389670A-9B39-1704-C6BD-1BF19421{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}A971E00E3FFE-D47A-C484-13F4-C470DEF6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}02F54B6414AB-1E59-10C4-CE15-BE0FA283{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}320F8714A773-22AB-CE54-FFBA-595BC375{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}CC85046087C9-E12A-4A44-0E56-C9EEA1C3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}942108F4FF57-BC0B-1724-45CD-BB393822{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}D5D18D0590EC-A0F8-2ED4-C6CD-BF01C212{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}D829E319FD5F-01EB-D414-E0BD-362C72E8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}331AFAA7857D-B0C8-0714-33F8-311DD181{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}DE54A8ECB61A-943A-5CC4-67DB-9A064189{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}BB05F9499445-1798-E014-8FE4-F31796DB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}0E3827F1A850-B92A-9604-73CE-100FA7C2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}6095E00D4FBB-6CE8-BC44-F038-04D87CBC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}897CB6717095-1B78-5B54-E1A6-00326559{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}9B64556D6359-DDD8-A184-DCE3-AF22844D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}BEA888158FBE-8E49-7FF4-D049-65F174C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}E40623C9C678-438B-2034-A0AA-BA688005{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}119323A3BE95-6DC9-E8D4-9C77-588986A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}BA40B9ABCEE3-1019-1B74-582A-6027750A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}698C8F895D6A-B569-A844-6AF1-7CF7E36F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}8AFF75A85721-1B6B-D774-A9D4-907F979F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}53DC0363CDB4-4699-EB34-2933-200284FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}36C9DB33E716-6158-7C94-0B8E-B43ACBAD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}0BF231C646D8-77B8-DD04-BEEE-067A678B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}954001F3E070-122A-1BD4-050C-C64EA391{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}4D8F46393FCA-FF48-1174-3070-BF982082{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}596596488B3C-CF6A-9F44-95C0-F3EE55A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}6E9478D7FE43-EC39-7BB4-35FE-04C97133{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}C02C5EF4B3CE-6199-1154-CCDE-D5EF8CE9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}88ABAC41BAE3-45CB-C7B4-FABB-6C279E4D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}F2A7FED41E0D-121A-17B4-BFD5-A8ED48A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}13840D5B252A-169B-1E94-0D01-29BD3806{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\pgtshlld
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\nidnsdr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\ytpme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\23lserspg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\ifpnxesm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\23rtcdaol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\nbilbaj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\nlcalik
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\evif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
Directory of C:\WINDOWS\system32
{D4E972C6-BBAF-4B7C-BC54-3EAB14CABA88}.exe
{9EC8FE5D-EDCC-4511-9916-EC3B4FE5C20C}.exe
{BF482002-3392-43BE-9964-4BDC3630CD35}.exe
{18ACFB80-0D5B-4885-B4CB-D65A1E3CF9EF}.exe
{2582303B-6545-479E-B4B8-0CDE18F211C6}.exe
{9FDB11D6-F3EB-4B37-A978-66D88EB2943D}.exe
{21F2D5E3-F40C-4DB5-B5A6-91010B014C31}.exe
{A4CC061D-5616-4DB8-A657-A8848025378E}.exe
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
Logfile of HijackThis v1.99.1
Scan saved at 07:41:39, on 18/09/06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Documents and Settings\Gary\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: (no name) - {73F932BA-C28E-F9E6-151F-1CE3932626B2} - _ctcp.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iptsr.exe] C:\WINDOWS\System32\iptsr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37800.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6024B5E6-493B-46CC-BBA5-6DB3087B6DC1}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{70ECCC78-D855-4B13-A095-BC7B2BED87E7}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ACDSee 32
ACDSee for PENTAX
Acoustica CD/DVD Label Maker
Ad-aware 6 Personal
Adobe Reader 6.0.1
Amazing CD & DVD Burner
ATI Display Driver
AVG Free Edition
Belkin Wireless Access Point Wizard
CCleaner (remove only)
CDex extraction audio
CleanUp!
CM 03-04
DivX Player
DivX Pro Codec Adware
EA.com Matchup
EA.com Update
Google Earth
HijackThis 1.99.1
hp deskjet 3420 series (Remove only)
iPod for Windows 2005-06-26
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_12
LimeWire 4.10.9
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office 97, Professional Edition
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
Nokia Connectivity Cable Driver
Nokia PC Suite
PowerDVD
PPLive 1.1.0.7
PPStream
Pro Evolution Soccer 4
QuickTime
RealPlayer
Return to Castle Wolfenstein
Spybot - Search & Destroy 1.4
Synacast Plug-in 1.1.0.7
True Sword
TVAnts 1.0
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Yahoo! Toolbar
ZoneAlarm
-
ACDSee 32
ACDSee for PENTAX
Acoustica CD/DVD Label Maker
Ad-aware 6 Personal
Adobe Reader 6.0.1
Amazing CD & DVD Burner
ATI Display Driver
AVG Free Edition
Belkin Wireless Access Point Wizard
CCleaner (remove only)
CDex extraction audio
CleanUp!
CM 03-04
DivX Player
DivX Pro Codec Adware
EA.com Matchup
EA.com Update
Google Earth
HijackThis 1.99.1
hp deskjet 3420 series (Remove only)
iPod for Windows 2005-06-26
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_12
LimeWire 4.10.9
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office 97, Professional Edition
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
Nokia Connectivity Cable Driver
Nokia PC Suite
PowerDVD
PPLive 1.1.0.7
PPStream
Pro Evolution Soccer 4
QuickTime
RealPlayer
Return to Castle Wolfenstein
Spybot - Search & Destroy 1.4
Synacast Plug-in 1.1.0.7
True Sword
TVAnts 1.0
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Yahoo! Toolbar
ZoneAlarm
-
Hi,
I need the Ewido scan log, you posted two uninstall lists. Thanks.
Also a new hijackthis log
