View Full Version : Windows security disabled - No MS based programs connect to internet.
Redly Rocket
2007-02-07, 10:07
Hi again, After attempting to clean my system a few weeks ago (http://forums.spybot.info/showthread.php?t=10592) and contemplating a format the decision was made for me when My HDD failed and I put a new one in with a fresh system. All was going well but now none of my MS based programs (IE, Media player, MSN) can connect to the internet but Firefox is working fine.
I noticed spybot picked up something that said windows.security.disabler (or similar) so I clicked on fix and windows security has been blocking (I assume) MS programs.
I have tried turning firewalls on and off, opening ports ect.
Avast! said something about a kapersky module was running and conflicting but I cant remember visiting that site at all.
I have run a number of anti-malware products and they say my system is clean but I cannot for the life of me get any of the programs to connect. I have been religiously updating all the software to have an completely upto date machine but things still get thru.
Im currently doing an online scan (obviously not one that uses IE) but here is my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:00:00 PM, on 7/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NinjaSurfing\nsurfing.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DL\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.55.135.167:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ninja Surfing] C:\Program Files\NinjaSurfing\nsurfing.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170062564314
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Cheers, Red.
Ill PM my friendly helper from my last issues.
Redly Rocket
2007-02-07, 11:38
Ive done a bit of fiddling since my last post.
The online scan came up with nothing infecting my computer and here is my new HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 7:36:52 PM, on 7/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NinjaSurfing\nsurfing.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\DL\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.55.135.167:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ninja Surfing] C:\Program Files\NinjaSurfing\nsurfing.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170062564314
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Cheers, Red.
little eagle
2007-02-14, 22:15
Lets try running combofix.exe
Download it from one of the links below:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Redly Rocket
2007-02-15, 07:04
Start Time= Thu 15/02/2007 15:02:40.72
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-31 19:28:58 ( .D... ) "C:\Program Files\XP Codec Pack"
2007-03-31 18:51:38 ( .D... ) "C:\Program Files\MSXML 4.0"
2007-02-13 13:10:12 ( .D... ) "C:\Program Files\Tradewinds Legends"
2007-02-12 19:20:58 ( .D... ) "C:\Program Files\Tradewinds 2"
2007-02-12 19:20:22 ( .D... ) "C:\Program Files\ReflexiveArcade"
2007-02-12 17:27:02 0 ( A.... ) "C:\WINDOWS\system32\dlh9jkd1q8.exe"
2007-02-12 17:20:42 ( .D... ) "C:\Program Files\Shockwave.com"
2007-02-10 11:54:54 ( .D... ) "C:\Documents and Settings\Redly\Application Data\RecordPad"
2007-02-09 12:49:18 ( .D... ) "C:\Documents and Settings\Redly\Application Data\NCH Swift Sound"
2007-02-09 12:48:06 ( .D... ) "C:\Program Files\NCH Swift Sound"
2007-02-08 17:31:42 ( .D... ) "C:\Documents and Settings\Redly\Application Data\iriver"
2007-02-08 17:20:26 ( .D... ) "C:\Program Files\iriver"
2007-02-07 18:48:12 ( .D... ) "C:\Program Files\SpywareBlaster"
2007-02-07 18:47:46 ( .D... ) "C:\Program Files\SpywareGuard"
2007-02-07 14:58:48 ( .D... ) "C:\Program Files\Alwil Software"
2007-02-05 16:47:54 ( .D... ) "C:\Program Files\QuickTime"
2007-02-05 16:47:34 ( .D... ) "C:\Program Files\Apple Software Update"
2007-02-02 20:07:30 ( .D... ) "C:\Program Files\Microsoft.NET"
2007-02-02 20:07:18 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2007-02-02 20:06:46 ( .D... ) "C:\Program Files\Microsoft Office"
2007-02-02 19:58:30 ( .D... ) "C:\Program Files\WinRAR"
2007-02-02 14:16:48 ( .D... ) "C:\Program Files\NinjaSurfing"
2007-02-01 08:26:06 ( .D... ) "C:\Documents and Settings\Redly\Application Data\MailFrontier"
2007-01-30 22:09:06 ( .D... ) "C:\Program Files\eMule"
2007-01-30 21:53:50 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Samsung"
2007-01-30 21:45:50 5632 ( A.... ) "C:\Program Files\SAMSUNG\Samsung PC Studio 3\StarOpen.sys"
2007-01-30 21:34:38 ( .D... ) "C:\Program Files\SAMSUNG"
2007-01-30 20:42:16 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Adobe"
2007-01-30 20:41:26 ( .D... ) "C:\Program Files\Common Files\Adobe"
2007-01-30 20:41:26 ( .D... ) "C:\Program Files\Adobe"
2007-01-30 16:20:44 ( .D... ) "C:\Program Files\MSBuild"
2007-01-30 16:15:54 ( .D... ) "C:\Program Files\Reference Assemblies"
2007-01-30 01:32:48 ( .D... ) "C:\Program Files\Common Files\ODBC"
2007-01-30 01:32:44 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2007-01-30 01:32:44 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2007-01-30 01:32:44 ( .D... ) "C:\Program Files\Common Files"
2007-01-30 01:30:52 62 ( A.SH. ) "C:\Documents and Settings\Redly\Application Data\desktop.ini"
2007-01-29 22:48:56 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Help"
2007-01-29 22:47:54 ( .D... ) "C:\Program Files\MSN Messenger"
2007-01-29 22:32:00 ( .D... ) "C:\Program Files\Windows Media Connect 2"
2007-01-29 22:27:26 ( .D... ) "C:\Program Files\Windows Defender"
2007-01-29 22:21:00 139264 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2007-01-29 22:21:00 135168 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2007-01-29 22:21:00 135168 ( A.... ) "C:\WINDOWS\system32\java.exe"
2007-01-29 22:18:54 ( .D... ) "C:\Program Files\Java"
2007-01-29 22:18:50 ( .D... ) "C:\Program Files\Common Files\Java"
2007-01-29 22:17:34 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Sun"
2007-01-29 21:59:34 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2007-01-29 21:27:50 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Talkback"
2007-01-29 21:26:56 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Mozilla"
2007-01-29 21:22:54 ( .D... ) "C:\Documents and Settings\Redly\Application Data\MSNInstaller"
2007-01-29 21:19:56 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Lavasoft"
2007-01-29 21:19:34 ( .D... ) "C:\Program Files\Lavasoft"
2007-01-29 21:17:48 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Macromedia"
2007-01-29 21:14:30 ( .D... ) "C:\Program Files\Mozilla Firefox"
2007-01-29 18:41:38 ( .D... ) "C:\Program Files\Intel"
2007-01-29 18:40:12 ( .D... ) "C:\Program Files\DIFX"
2007-01-29 18:38:48 ( .D... ) "C:\Program Files\HPQ"
2007-01-29 18:37:32 ( .D... ) "C:\Program Files\Synaptics"
2007-01-29 18:34:44 ( .D... ) "C:\Program Files\ATI Technologies"
2007-01-29 18:29:18 ( .D... ) "C:\Program Files\Zone Labs"
2007-01-29 18:26:18 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2007-01-29 18:26:18 ( .D... ) "C:\Program Files\Analog Devices"
2007-01-29 18:23:34 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2007-01-29 18:19:54 ( .D... ) "C:\Program Files\HP"
2007-01-29 18:08:00 ( .D.H. ) "C:\Program Files\Uninstall Information"
2007-01-29 18:08:00 ( .D... ) "C:\Documents and Settings\Redly\Application Data\Identities"
2007-01-29 18:07:54 ( .DS.. ) "C:\Documents and Settings\Redly\Application Data\Microsoft"
2007-01-29 17:56:00 ( .D... ) "C:\Program Files\xerox"
2007-01-29 17:56:00 ( .D... ) "C:\Program Files\microsoft frontpage"
2007-01-29 17:55:38 0 ( A.... ) "C:\AUTOEXEC.BAT"
2007-01-29 17:54:18 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2007-01-29 17:53:22 ( .D... ) "C:\Program Files\Common Files\Services"
2007-01-29 17:53:18 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2007-01-29 17:53:04 ( .D... ) "C:\Program Files\Movie Maker"
2007-01-29 17:52:52 ( .D... ) "C:\Program Files\NetMeeting"
2007-01-29 17:52:48 ( .D... ) "C:\Program Files\Outlook Express"
2007-01-29 17:52:40 ( .D... ) "C:\Program Files\Common Files\System"
2007-01-29 17:52:36 ( .D... ) "C:\Program Files\Internet Explorer"
2007-01-29 17:52:02 ( .D... ) "C:\Program Files\ComPlus Applications"
2007-01-29 17:51:46 ( .D... ) "C:\Program Files\Windows Media Player"
2007-01-29 17:51:46 ( .D... ) "C:\Program Files\Online Services"
2007-01-29 17:51:38 ( .D... ) "C:\Program Files\Messenger"
2007-01-29 17:51:34 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2007-01-29 17:50:54 ( .D... ) "C:\Program Files\MSN"
2007-01-29 17:50:52 ( .D... ) "C:\Program Files\Windows NT"
2007-01-16 02:32:08 689280 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2007-01-16 02:23:20 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
2007-01-08 14:29:54 394160 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2007-01-08 14:29:54 394160 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2007-01-08 14:29:40 75512 ( A.... ) "C:\WINDOWS\zllsputility.exe"
2007-01-08 14:29:14 1087216 ( A.... ) "C:\WINDOWS\system32\zpeng24.dll"
2007-01-08 14:29:00 83696 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2007-01-08 14:29:00 71408 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2007-01-08 14:28:58 100080 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2007-01-08 14:28:58 46832 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2007-01-08 14:28:56 472816 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2007-01-08 14:28:54 272112 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2007-01-08 14:28:54 71408 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2007-01-08 14:28:52 157424 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2007-01-08 14:28:52 104176 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2007-01-08 14:28:52 83696 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2007-01-02 15:19:46 10980776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-12-08 12:02:00 251672 ( A.... ) "C:\WINDOWS\system32\xactengine2_5.dll"
2006-11-29 13:06:18 3426072 ( A.... ) "C:\WINDOWS\system32\d3dx9_32.dll"
2006-11-27 17:45:40 60416 ( ..... ) "C:\WINDOWS\system32\tzchange.exe"
2006-11-17 11:34:40 91848 ( A.... ) "C:\WINDOWS\HPBroker.dll"
2006-11-15 11:38:22 15128 ( A.... ) "C:\WINDOWS\system32\x3daudio1_1.dll"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"RecordPadRun"="\"C:\\Program Files\\NCH Swift Sound\\RecordPad\\recordpad.exe\" -logon"
"iHP-100"="C:\\Program Files\\iriver\\HSeries\\iHPDetect.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Ninja Surfing"="C:\\Program Files\\NinjaSurfing\\nsurfing.exe"
"iPlusAgent"="\"C:\\Program Files\\iriver\\iriver plus\\iAgent.exe\""
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: Thu 15/02/2007 15:03:08.03
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
little eagle
2007-02-15, 14:03
Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found - if found, so don't worry it tells that there were no files found.
In case hidden files were found, Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.
Redly Rocket
2007-02-16, 07:32
02/16/07 09:22:59 [Info]: BlackLight Engine 1.0.55 initialized
02/16/07 09:22:59 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/16/07 09:22:59 [Note]: 7019 4
02/16/07 09:22:59 [Note]: 7005 0
02/16/07 09:23:12 [Note]: 7006 0
02/16/07 09:23:14 [Note]: 7011 1856
02/16/07 09:23:15 [Note]: 7026 0
02/16/07 09:23:15 [Note]: 7026 0
02/16/07 09:23:33 [Note]: FSRAW library version 1.7.1021
02/16/07 13:05:21 [Note]: 7007 0
It said nothing was found.
Cheers, Red.
little eagle
2007-02-16, 12:45
Can you delete your copy of combofix.exe.
Rescan with HJT and post a new log here.
Also please describe how your computer behaves at the moment.
Redly Rocket
2007-02-19, 14:23
None of my Microsoft programs connect to the internet. eg. Media player wont stream vids, or MSN wont connect to the net (if there was an edit button I would edit my 1st post as I missed out on putting a vital 't' on the end of can-t). IE just started working again for some unknown reason and I have tried disabling ALL firewalls and such related protection to find a way to connect. Very confusing and it only happened after I got infected and cleared the windows.security.disabler malwear with spybot.
haven't tried installing windows components but now that IE is working ill update my windows ect.
Cheers, Red.
Logfile of HijackThis v1.99.1
Scan saved at 10:02:51 PM, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe
C:\Program Files\iriver\HSeries\iHPDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iriver\iriver plus\iAgent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\DL\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.55.135.167:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iriver\HSeries\iHPDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ninja Surfing] C:\Program Files\NinjaSurfing\nsurfing.exe
O4 - HKCU\..\Run: [iPlusAgent] "C:\Program Files\iriver\iriver plus\iAgent.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170062564314
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
little eagle
2007-02-20, 12:58
Click \start\run\then type in or copy and paste in
sfc /scannow not the space between c and /
You must be logged on as a member of the Administrators group to run sfc.
If sfc discovers that a protected file has been overwritten, it retrieves the correct version of the file from the
%systemroot%\system32\dllcache folder, and then replaces the incorrect file.
Try this link if you have any trouble.
http://www.updatexp.com/scannow-sfc.html
Also you can try removing IE7 in add and remove programs.
This topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.