Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Wit Hkernels. 64 Error At Start Up


  • Please log in to reply
14 replies to this topic

#1 Nitsugajr

Nitsugajr

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 28 January 2006 - 03:42 PM

I have read the previous post on this topic and I have failed to remove the error during the startup. I also am having trouble with symantec wanting to continue to install when it's already on the sys tray. Any help is appreciated.

Gus

Logfile of HijackThis v1.99.1
Scan saved at 9:38:09 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.exe
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\system32\MsiExec.exe
C:\Program Files\HijackThis\HijackThis.exe
F:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\system32\kernels64.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll

BC AdBot (Login to Remove)

 


m

#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 29 January 2006 - 06:12 AM

Hello Nitsugajr. :thumbsup:

Click on Start | Run and type msconfig in the 'Run' box.

When the System Configuration Utility opens, click on the 'Startup Tab' and make sure there is a checkmark beside each entry.
Ensure the 'General Tab' has the "normal startup" option checked.
Reboot when asked to by Windows to complete any change.

Please Re-scan with HijackThis and post the new log.

Thank you,
ourwilly. :flowers:

#3 Nitsugajr

Nitsugajr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 29 January 2006 - 01:42 PM

Thanks for the reply. Since I have added Zone Alarm. Now at startup I windows cannot find the kernel for AVG.

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 7:36:54 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "F:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "F:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: gEFXWr - {6C15FC92-C6BF-5638-758E-53C47FA1011B} - F:\WINDOWS\system32\jo.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - F:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 31 January 2006 - 02:16 PM

Hello Nitsugajr.

Please Note - It is strongly recommended that you only have
one firewall and one Anti-virus running on one system.

As You have just installed ZoneAlarm Firewall

Your Hijack log is showing entries from Symantec & AVG.

As both Symantec & AVG programs seem to be causing you problems
please uninstall both Anti-Virus Software. Then Re-install the Anti-virus
Software you wish to Keep.

I would also like to ask for information about the Set-Up for System Mechanic Professional.
and if you feel this would cause any confliction to what you have installed already.

Please print out these Instruction's for when you are in Safe Mode

Step 1.

Disable Microsoft AntiSpyware's real-time protection.

* Click on Tools | Settings.
* In the left pane, click on Real-time Protection.
* Under Startup Options uncheck: "Enable the microsoft AntiSpyware Security Agents on startup (recommended)".
* Under Real-time spyware threat protection uncheck: "Enable real-time spyware threat protection (recommended)".
* Click the Save button and close MSAS.
* Right click on the MSAS system tray icon and select Shutdown Microsoft AntiSpyware.

Please make sure that you can view all hidden files.
Instructions on how to do this can be found here: How to see hidden files in Windows

Close any windows that are open.
Open HijackThis and select "Do A System Scan Only"
and place a "checkmark" next to all these entries:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O21 - SSODL: gEFXWr - {6C15FC92-C6BF-5638-758E-53C47FA1011B} - F:\WINDOWS\system32\jo.dll (file missing)

and select "Fix checked".


Download WinPFind.zip from Here
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Now Reboot your computer into Safe Mode.

Navigate then Right-Click on and Delete this Bold Entry: (If found)

F:\WINDOWS\system32\kernels64.exe

Stay in Safe Mode
Open the C:\WinPFind folder and double-click on WinPFind.exe.
- Click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt.
Pleased copy that log to your next reply.

Now Reboot your computer into Normal Mode.

I would like to ask is your Task Manager working "OK"..? (Ctrl, Alt + Delete)

Please Re-Scan with HijackThis.
and post the new HJT log.
along with the WinPFind.txt

ourwilly.

#5 Nitsugajr

Nitsugajr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 31 January 2006 - 04:34 PM

Hello our willy,

As I type I am trying to follow your instructions. Here are the following problems I am having.

1. At startup I am getting an error that it could not initialize AVG Anti-virus kernel interface. Application cannot run. Therefore i am unable to uninstall. I did uninstall symantec as advised.
2. To make the clean up easier I have removed system mechanic ( if needed/recommended I will add again later)
3. Windows is unable to find MSAS. For some reason it is no longer in the sys tray.
4. Half the icons on my desktop are shown as a generic icon

Do you recommend I continue with the rest of your instructions?

V/r
Nitsugajr

Logfile of HijackThis v1.99.1
Scan saved at 10:34:10 PM, on 1/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: gEFXWr - {6C15FC92-C6BF-5638-758E-53C47FA1011B} - F:\WINDOWS\system32\jo.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by Nitsugajr, 31 January 2006 - 04:39 PM.


#6 Nitsugajr

Nitsugajr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 01 February 2006 - 02:43 PM

Ourwilly,

I did everything you told me to do in the post except uninstalling AVG and the MSAS part. Here is the WinPfind txt.

NO the task manager is not running correctly. The tabs and the option butons does not appear. Thanks again foryour help.

Nitsugajr

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/10/2004 1:00:00 PM 41397 F:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 9/28/2005 10:29:14 PM 693248 F:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 10:29:14 PM 693248 F:\WINDOWS\SYSTEM32\DivX.dll
PTech 11/4/2005 4:27:24 PM 534280 F:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 1/5/2006 4:41:02 AM 2827616 F:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/5/2006 4:41:02 AM 2827616 F:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 1:00:00 PM 708096 F:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 11/26/2005 5:58:18 AM 499712 F:\WINDOWS\SYSTEM32\ocmsv1_0.exe
Umonitor 8/10/2004 1:00:00 PM 657920 F:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 10/30/2005 8:49:02 PM 42496 F:\WINDOWS\SYSTEM32\swreg.exe
winsync 8/10/2004 1:00:00 PM 1309184 F:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in F:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/1/2006 8:26:24 PM S 2048 F:\WINDOWS\bootstat.dat
2/1/2006 8:25:28 PM H 24 F:\WINDOWS\ptJoY
2/1/2006 8:26:26 PM S 64 F:\WINDOWS\CSC\00000001
12/25/2005 9:48:26 AM S 64 F:\WINDOWS\CSC\00000002
1/31/2006 10:23:12 PM H 35870 F:\WINDOWS\system32\vsconfig.xml
1/28/2006 9:27:28 PM H 4212 F:\WINDOWS\system32\zllictbl.dat
1/3/2006 12:09:36 AM S 11223 F:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
2/1/2006 8:26:20 PM H 8192 F:\WINDOWS\system32\config\default.LOG
2/1/2006 8:26:36 PM H 1024 F:\WINDOWS\system32\config\SAM.LOG
2/1/2006 8:26:24 PM H 16384 F:\WINDOWS\system32\config\SECURITY.LOG
2/1/2006 8:26:38 PM H 73728 F:\WINDOWS\system32\config\software.LOG
2/1/2006 8:26:50 PM H 860160 F:\WINDOWS\system32\config\system.LOG
1/12/2006 3:01:36 AM H 1024 F:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
12/14/2005 12:33:26 PM S 1047 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
12/14/2005 12:33:26 PM S 1370 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
12/14/2005 12:33:26 PM S 126 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
12/14/2005 12:33:26 PM S 194 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
1/23/2006 3:26:34 PM HS 388 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\35a69c0f-576c-4ea0-a843-df49cf064310
1/23/2006 3:26:34 PM HS 24 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
2/1/2006 8:25:44 PM H 6 F:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 549888 F:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 110592 F:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 135168 F:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 80384 F:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 155136 F:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 358400 F:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 129536 F:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 380416 F:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 F:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 187904 F:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 618496 F:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 35840 F:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 25600 F:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 257024 F:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 36864 F:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 32768 F:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 114688 F:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 298496 F:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 28160 F:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 94208 F:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 148480 F:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 F:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 549888 F:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 135168 F:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 80384 F:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 155136 F:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 358400 F:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 129536 F:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 187904 F:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 618496 F:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 35840 F:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 25600 F:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 257024 F:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 36864 F:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 32768 F:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 114688 F:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 155648 F:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 298496 F:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 28160 F:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 94208 F:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 148480 F:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 F:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/23/2005 2:12:18 PM 890 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
7/22/2005 5:20:24 PM HS 84 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
1/27/2006 6:52:50 PM 2355 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
9/1/2005 7:38:48 PM 1730 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/22/2005 7:06:16 PM HS 62 F:\Documents and Settings\All Users\Application Data\desktop.ini
12/3/2005 12:43:28 PM 3 F:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
1/19/2006 5:27:04 PM 2151 F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
7/22/2005 5:20:24 PM HS 84 F:\Documents and Settings\Gus\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/22/2005 7:06:16 PM HS 62 F:\Documents and Settings\Gus\Application Data\desktop.ini
11/19/2005 10:15:16 PM 24560 F:\Documents and Settings\Gus\Application Data\GDIPFONTCACHEV1.DAT
10/8/2005 9:57:28 PM 560 F:\Documents and Settings\Gus\Application Data\ViewerApp.dat

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = F:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = F:\PROGRA~1\vso\COPYTO~1\COPYTO~1\CTCDSH~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = F:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = F:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = F:\PROGRA~1\vso\COPYTO~1\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = F:\PROGRA~1\vso\COPYTO~1\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = F:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = f:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar : F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : F:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : f:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar : F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray F:\WINDOWS\ehome\ehtray.exe
HPDJ Taskbar Utility F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
gcasServ "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
dvd43 F:\Program Files\dvd43\dvd43_tray.exe
AVG7_CC F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Zone Labs Client F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
iTunesHelper "F:\Program Files\iTunes\iTunesHelper.exe"
HP Software Update F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
DeviceDiscovery F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = F:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = F:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/1/2006 8:32:14 PM

ogfile of HijackThis v1.99.1
Scan saved at 8:43:20 PM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\WINDOWS\system32\msiexec.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by Nitsugajr, 01 February 2006 - 02:45 PM.


#7 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 02 February 2006 - 11:03 AM

Hello Nitsugajr.

Please Print out these Instruction's for when you are in Safe Mode

Follow these instruction carefully, If you have any problems
Please just continue onto the next step.

Note - We have disable MSAS Real Time for this fix to work,
This being the reason it is not showing in the system tray.

I have also included instruction's to remove AVG Anti-virus.
Which you can Re-Install later on.

To Begin Go to :
Start / Run / and type in services.msc then click OK
Scroll down and "Right click" on each of these.

AVG7 Alert Manager Server

Service: AVG7 Update Service


Select 'Properties' and set the "Service Status" option to "Stop"
Set "Startup type" to "Disabled", click Apply, then OK.


Close any windows that are open.
Open HijackThis and select "Do A System Scan Only"
and place a "checkmark" next to all these entries:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O21 - SSODL: gEFXWr - {6C15FC92-C6BF-5638-758E-53C47FA1011B} - F:\WINDOWS\system32\jo.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

and select "Fix checked".


Go to Add/Remove and Uninstall:

AVG If possible


Now Reboot your computer into Safe Mode.

Navigate then Right-Click on and Delete these Bold Entries:

F:\PROGRAM FILES\Grisoft.


Open the C:\WinPFind folder and double-click on WinPFind.exe.
- Click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt.
Pleased copy that log to your next reply.

Now Reboot your computer into Normal Mode.


Please Re-Scan with HijackThis.
and post the new HJT log.
along with the WinPFind.txt

Thank you,
ourwilly.

Edited by ourwilly, 02 February 2006 - 11:06 AM.


#8 Nitsugajr

Nitsugajr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 02 February 2006 - 01:34 PM

Hello Ourwilly,

I completed your instructions. AVG is not a problem.

Now at startup the problem seems to be microsoft broadband network program. It initiates a windows install at startup.

Task manager continues to run without the options/buttons.

Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 7:28:03 PM, on 2/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\WINDOWS\system32\dllhost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/10/2004 1:00:00 PM 41397 F:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 9/28/2005 10:29:14 PM 693248 F:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 10:29:14 PM 693248 F:\WINDOWS\SYSTEM32\DivX.dll
PTech 11/4/2005 4:27:24 PM 534280 F:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 1/5/2006 4:41:02 AM 2827616 F:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/5/2006 4:41:02 AM 2827616 F:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 1:00:00 PM 708096 F:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 11/26/2005 5:58:18 AM 499712 F:\WINDOWS\SYSTEM32\ocmsv1_0.exe
Umonitor 8/10/2004 1:00:00 PM 657920 F:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 10/30/2005 8:49:02 PM 42496 F:\WINDOWS\SYSTEM32\swreg.exe
winsync 8/10/2004 1:00:00 PM 1309184 F:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 1/19/2006 9:40:26 PM 752608 F:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in F:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/2/2006 6:35:06 PM S 2048 F:\WINDOWS\bootstat.dat
2/2/2006 6:34:04 PM H 24 F:\WINDOWS\ptJoY
2/1/2006 8:33:04 PM S 64 F:\WINDOWS\CSC\00000001
12/25/2005 9:48:26 AM S 64 F:\WINDOWS\CSC\00000002
2/2/2006 6:30:10 PM H 35870 F:\WINDOWS\system32\vsconfig.xml
1/28/2006 9:27:28 PM H 4212 F:\WINDOWS\system32\zllictbl.dat
1/3/2006 12:09:36 AM S 11223 F:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
2/2/2006 6:35:00 PM H 8192 F:\WINDOWS\system32\config\default.LOG
2/2/2006 7:16:44 PM H 1024 F:\WINDOWS\system32\config\SAM.LOG
2/2/2006 6:35:08 PM H 16384 F:\WINDOWS\system32\config\SECURITY.LOG
2/2/2006 7:17:48 PM H 57344 F:\WINDOWS\system32\config\software.LOG
2/2/2006 7:16:46 PM H 835584 F:\WINDOWS\system32\config\system.LOG
1/12/2006 3:01:36 AM H 1024 F:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
12/14/2005 12:33:26 PM S 1047 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
12/14/2005 12:33:26 PM S 1370 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
12/14/2005 12:33:26 PM S 126 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
12/14/2005 12:33:26 PM S 194 F:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
1/23/2006 3:26:34 PM HS 388 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\35a69c0f-576c-4ea0-a843-df49cf064310
1/23/2006 3:26:34 PM HS 24 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
2/2/2006 6:34:24 PM H 6 F:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 549888 F:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 110592 F:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 135168 F:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 80384 F:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 155136 F:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 358400 F:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 129536 F:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 380416 F:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 F:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 187904 F:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 618496 F:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 35840 F:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 25600 F:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 257024 F:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 36864 F:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 32768 F:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 114688 F:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 298496 F:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 28160 F:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 94208 F:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 148480 F:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 F:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 549888 F:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 135168 F:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 80384 F:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 155136 F:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 358400 F:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 129536 F:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 68608 F:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 187904 F:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 618496 F:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 35840 F:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 25600 F:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 257024 F:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 36864 F:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 32768 F:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 114688 F:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 155648 F:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 298496 F:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 28160 F:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 94208 F:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/10/2004 1:00:00 PM 148480 F:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 F:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/23/2005 2:12:18 PM 890 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
7/22/2005 5:20:24 PM HS 84 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
1/27/2006 6:52:50 PM 2355 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
9/1/2005 7:38:48 PM 1730 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/22/2005 7:06:16 PM HS 62 F:\Documents and Settings\All Users\Application Data\desktop.ini
12/3/2005 12:43:28 PM 3 F:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
1/19/2006 5:27:04 PM 2151 F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
7/22/2005 5:20:24 PM HS 84 F:\Documents and Settings\Gus\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/22/2005 7:06:16 PM HS 62 F:\Documents and Settings\Gus\Application Data\desktop.ini
11/19/2005 10:15:16 PM 24560 F:\Documents and Settings\Gus\Application Data\GDIPFONTCACHEV1.DAT
10/8/2005 9:57:28 PM 560 F:\Documents and Settings\Gus\Application Data\ViewerApp.dat

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = F:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = F:\PROGRA~1\vso\COPYTO~1\COPYTO~1\CTCDSH~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = F:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = F:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = F:\PROGRA~1\vso\COPYTO~1\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = F:\PROGRA~1\vso\COPYTO~1\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = F:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = f:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : F:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : f:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar : F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray F:\WINDOWS\ehome\ehtray.exe
HPDJ Taskbar Utility F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
dvd43 F:\Program Files\dvd43\dvd43_tray.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Zone Labs Client F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
iTunesHelper "F:\Program Files\iTunes\iTunesHelper.exe"
HP Software Update F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
DeviceDiscovery F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = F:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = F:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/2/2006 7:23:37 PM

Thanks again,
Nitsugajr

#9 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 02 February 2006 - 05:09 PM

Hello Nitsugajr.

Sorry to keep you waiting.

Open HijackThis and select "Do A System Scan Only"
and place a "checkmark" next to this entry
:

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

and select "Fix checked".

Now Please Go To:
Start | Programs | StartUp | Right Click On and Delete if present:
Microsoft Broadband Networking

Now Could you please Double-clicking anywhere in the border area of the Task Manager to get back the menu bar and tabs.

I would like to ask if you are having any other problems.

ourwilly. :thumbsup:

#10 Nitsugajr

Nitsugajr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 03 February 2006 - 01:31 AM

Ourwilly,

I have done everything and ther is no problem at startup. I do have a problem with 1/2 the icons on my desktop showing up as a generic icon. When I select the icon it refers to missing shortcut. Windows tries to locate it but it does not find it. I have mannualy browsed for them and some are missing and some are not. I have not deleted these programs.

Here is the latest log:

Logfile of HijackThis v1.99.1
Scan saved at 7:28:15 AM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again,
Nitsugajr

#11 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 03 February 2006 - 01:23 PM

Hello Nitsugajr.

Right-click and delete These shortcuts That are on your Desktop
and creating new ones by navigating to the Program or Files then
Right-Click and Select Send To Desktop.

ourwilly.

#12 Nitsugajr

Nitsugajr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 03 February 2006 - 04:20 PM

Hello Ourwilly,

I tried locating those files to create a new shortcut but for some reason they were corrupt and I've had to reinstall all of them. Everything else seems to be running just fine.

I am experiencing one more error. Itunes gives me an error when I try to install/uninstall it. I have tried in safe mode and regular. I have gone through the directory and manually deleted it with no success. I keep getting a windows 1719 installer error. Can you help with this?

Logfile of HijackThis v1.99.1
Scan saved at 11:27:59 PM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\msiexec.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe



I appreciate your help and support.

V/r
Nitsugajr

Edited by Nitsugajr, 03 February 2006 - 05:29 PM.


#13 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 04 February 2006 - 06:07 PM

Hello Nitsugajr.

Please read this Article on your Error message:
http://support.microsoft.com/default.aspx?...kb;en-us;315346

Please let me know how you get on.

ourwilly. :thumbsup:

#14 Nitsugajr

Nitsugajr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 09 February 2006 - 08:50 AM

Hello ourwilly,

I apologize for not replying sooner, I was out of town. I want to thank you for all your help. It seems that my CPU is running good at this time. What do you recommended to avoid all the mistakes I had before? Once again thanks for all your help.

Nitsugajr

#15 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 PM

Posted 09 February 2006 - 03:39 PM

Hello Nitsugajr.

Now your system is running fine I would like to recommend you:

Disable and then Re-Enable Windows XP System Restore.

Please read this Tutorial Simple and easy ways to keep your computer safe and secure on the Internet

Thank You,
ourwilly. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users