Solved: javasys.exe virus found

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

carlo_scute

Thread Starter
Joined
May 13, 2005
Messages
172
my avg free edition encountered trojan,what do i do?
delete or heal?

c:\WINDOWS\java\javasys.exe virus found-
trojan horse Dowloader.Agent.13.L
 
Joined
Jul 26, 2002
Messages
46,349
Delete it.

Also please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

carlo_scute

Thread Starter
Joined
May 13, 2005
Messages
172
here's my notepad logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:10:31 AM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Carlo\My Documents\Hijack this\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120604688000
O17 - HKLM\System\CCS\Services\Tcpip\..\{564BB5C3-9718-4846-9EB8-DB5B45D7EA23}: NameServer = 210.23.234.33 210.23.234.65
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Joined
Jul 26, 2002
Messages
46,349
I don't see anything in your log.

Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it. Click "Print Report". The report will open in your browser. Go to File > Save As and save the file to your desktop. Under "Save as type" click the dropdown menu and choose "Text file (*.txt) and save it as a text file.

Post a new HiJackThis log along with the report from the Housecall scan
 

carlo_scute

Thread Starter
Joined
May 13, 2005
Messages
172
Logfile of HijackThis v1.99.1
Scan saved at 11:09:18 AM, on 7/8/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Documents and Settings\Carlo\My

Documents\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download

Protection -

{4A368E80-174F-4872-96B5-0B27DDD11DB2} -

C:\Program

Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client]

C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer]

C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk =

C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL

.EXE/3000
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program

Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate

/v6/V5Controls/en/x86/client/wuweb_site.c

ab?1120604688000
O17 -

HKLM\System\CCS\Services\Tcpip\..\{564BB5

C3-9718-4846-9EB8-DB5B45D7EA23}:

NameServer = 210.23.234.33 210.23.234.65
O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service

(Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet

Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

______________________________________


trend:
Trend Micro Housecall Virus Scan


Results:
We have detected 0 infected file(s) with 0 virus(es) on your
computer. Only 0 out of 0 infected files are displayed:
- 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected FileAssociated Virus NameAction Taken




Trojan/Worm Check

What we checked:
Malicious activity by a Trojan horse program. Although a
Trojan seems like a harmless program, it contains malicious
code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your
computer. Only 0 out of 0 Trojan horse programs and worms are
displayed: - 0 worm(s)/Trojan(s) passed, 0
worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s)
undeletable
Trojan/Worm NameTrojan/Worm TypeAction Taken




Spyware Check1 spyware program removed

What we checked:
Whether personal information was tracked and reported by
spyware. Spyware is often installed secretly with legitimate
programs downloaded from the Internet.
Results:
We have detected 1 spyware(s) on your computer. Only 0 out of
0 spywares are displayed: - 0 spyware(s) passed, 0
spyware(s) no action available
- 1 spyware(s) removed, 0 spyware(s) unremovable
Spyware NameSpyware TypeAction Taken
SPYW_FPTLBAR.100SpywareRemoval successful




Microsoft Vulnerability Check22 vulnerabilities detected

What we checked:
Microsoft known security vulnerabilities. These are issues
Microsoft has identified and released Critical Updates to fix.

Results:
We have detected 22 vulnerability/vulnerabilities on your
computer. Only 0 out of 0 vulnerabilities are displayed.
Risk LevelIssueHow to Fix
CriticalThis is a remote code execution
vulnerability that exists in the Internet
Explorer. It allows remote code execution on an
affected system. An attacker could exploit this
vulnerability by constructing a malicious Web
Page. The said routine could allow remote code
execution if a user visited a malicious Web site.
An attacker who successfully exploited this
vulnerability could take complete control of an
affected system. However, significant user
interaction is required to exploit this
vulnerability. MS04-038
ImportantThis security advisory explains the two
discovered vulnerabilities in Microsoft Word for
Windows 6.0 Converter, which is used by WordPad in
converting Word 6.0 to WordPad file format. Once
exploited, this remote code execution
vulnerability could allow a malicious user or a
malware to take complete control of the affected
system if the affected user is currently logged on
with administrative privileges. MS04-041
CriticalA remote code execution vulnerability
exists in HyperTerminal because of a buffer
overrun. If a user is logged on with administrator
privileges, an attacker could exploit the
vulnerability by constructing a malicious
HyperTerminal session file that could potentially
allow remote code execution and then persuade a
user to open this file. This malicious file may
enable the attacker to gain complete control of
the affected system. This vulnerability could also
be exploited through a malicious Telnet URL if
HyperTerminal had been set as the default Telnet
client. MS04-043
ImportantThis security update addresses and
resolves two windows vulnerabilites, both of which
may enable the current user to take control of the
affected system. Both of these vulnerabilites
require that the curernt user be able to log on
locally and execute programs. They cannot be
exploited remotely, or by anonymous users. A
privilege elevation vulnerability exists in the
way that the Windows Kernel launches applications.
This vulnerability could allow the current user to
take complete control of the system. A privilege
elevation vulnerability exists in the way that the
LSASS validates identity tokens. This
vulnerability could allow the current user to take
complete control of the affected system. MS04-044
CriticalThis update resolves a newly-discovered,
publicly reported vulnerability. A vulnerability
exists in the HTML Help ActiveX control in Windows
that could allow information disclosure or remote
code execution on an affected system. MS05-001
ImportantThis is an information disclosure
vulnerability. An attacker who successfully
exploits this vulnerability could remotely read
the user names for users who have an open
connection to an available shared resource.
MS05-007
ImportantThis remote code execution vulnerability
exists in the way Windows handles drag-and-drop
events. An attacker could exploit the
vulnerability by constructing a malicious Web page
that could potentially allow an attacker to save a
file on the users system if a user visited a
malicious Web site or viewed a malicious e-mail
message. MS05-008
CriticalThis remote code execution vulnerability
exists in the processing of PNG image formats. An
attacker who successfully exploits this
vulnerability could take complete control of an
affected system. MS05-009
CriticalThis remote code execution vulnerability
exists in Server Message Block (SMB). It allows an
attacker who successfully exploits this
vulnerability to take complete control of the
affected system. MS05-011
CriticalThis privilege elevation vulnerability
exists in the way that the affected operating
systems and programs access memory when they
process COM structured storage files. This
vulnerability could grant a currently logged-on
user to take complete control of the system.;This
remote code execution vulnerability exists in OLE
because of the way that it handles input
validation. An attacker could exploit the
vulnerability by constructing a malicious document
that could potentially allow remote code
execution. MS05-012
CriticalThis vulnerability exists in the DHTML
Editing Component ActiveX Control. This
vulnerability could allow information disclosure
or remote code execution on an affected system.
MS05-013
CriticalThis update resolves known vulnerabilities
affecting Internet Explorer. An attacker who
successfully exploits these vulnerabilities could
take complete control of an affected system. An
attacker could then install programs; view,
change, or delete data; or create new accounts
with full user rights. MS05-014
CriticalA remote code execution vulnerability
exists in the Hyperlink Object Library. This
problem exists because of an unchecked buffer
while handling hyperlinks. An attacker could
exploit the vulnerability by constructing a
malicious hyperlink which could potentially lead
to remote code execution if a user clicks a
malicious link within a Web site or e-mail
message. MS05-015
ImportantA remote code execution vulnerability
exists in the Windows Shell because of the way
that it handles application association. If a user
is logged on with administrative privileges, an
attacker who successfully exploited this
vulnerability could take complete control of the
affected system. However, user interaction is
required to exploit this vulnerability. MS05-016
ImportantThis security bulletin resolves
newly-discovered, privately-reported
vulnerabilities affecting Windows. An attacker who
successfully exploited the most severe of these
vulnerabilities could take complete control of an
affected system. An attacker could then install
programs; view, change, or delete data; or create
new accounts with full user rights. MS05-018
CriticalThis security bulletin resolves newly
discovered, privately-reported vulnerabilities
affecting Windows. An attacker who successfully
exploited the most severe of these vulnerabilities
could take complete control of an affected system.
An attacker could then install programs; view,
change, or delete data; or create new accounts
with full user rights. However, an attacker who
successfully exploited the most severe of these
vulnerabilities would most likely cause the
affected system to stop responding. MS05-019
CriticalThis security bulletin resolves three
newly-discovered, privately-reported
vulnerabilities affecting Internet Explorer. If a
user is logged on with administrative user rights,
an attacker who successfully exploited any of
these vulnerabilities could take complete control
of an affected system. An attacker could then
install programs; view, change, or delete data; or
create new accounts with full user rights.
MS05-020
CriticalThis security bulletin resolves the
following vulnerabilities affecting Internet
Explorer.; The PNG Image Rendering Memory
Corruption vulnerability could allow an attacker
to execute arbitrary code on the system because of
a vulnerability in the way Internet Explorer
handles PNG images.; The XML Redirect Information
Disclosure vulnerability could allow an attacker
to read XML data from another Internet Explorer
domain because of a vulnerability in the way
Internet Explorer handles certain requests to
display XML content. MS05-025
CriticalHTML Help is the standard help system for
the Windows platform. Authors can use it to create
online Help files for a software application or
content for a multimedia title or a Web site.
This vulnerability in HTML Help could allow
attackers to execute arbitrary code on the
affected system via a specially crafted Compiled
Windows Help (CHM) file, because it does not
completely validate input data. MS05-026
CriticalA remote code execution vulnerability
exists in the Microsofts implementation of the
Server Message Block (SMB) protocol, which could
allow an attacker to execute arbitrary codes to
take complete control over a target system. This
vulnerability could be exploited over the
Internet. An attacker would have to transmit a
specially crafted SMB packet to a target system to
exploit it. However, failure to successfully
exploit the vulnerability could only lead to a
denial of service. MS05-027
ModerateThis vulnerability could enable an
attacker to spoof trusted Internet content because
security prompts can be disguised by a Microsoft
Agent character. MS05-032
ModerateThis vulnerability in the Microsoft Telnet
client could allow an attacker to gain sensitive
information about the affected system and read the
session variables of users who have open
connections to a malicious Telnet server.
MS05-033
 
Joined
Jul 26, 2002
Messages
46,349
Looks like you're clean to me.

Go to Windows update and install all Security updates.
 

carlo_scute

Thread Starter
Joined
May 13, 2005
Messages
172
thanks again for the help :flrman1 , i really appreciate it a lot!if i do have problems,i will post it here on this thread that i started! thanks again!
 

carlo_scute

Thread Starter
Joined
May 13, 2005
Messages
172
i forgot to ask, is it safe to have a google toolbar in my browser or yahoo companion toolbar? or is it better to leave my browser alone as is without any additional toolbars?
 

carlo_scute

Thread Starter
Joined
May 13, 2005
Messages
172
in addition i'm running spybot-sd, spyware guard,spyware blaster,avg antivirus,zonealarm..is there anything i left out,my connection is dial up 56k internal modem by the way.
 

carlo_scute

Thread Starter
Joined
May 13, 2005
Messages
172
thanks! i went to trend micro for a complete scan again and i'm also posting a new hijack this log,
could you check them for me -flrman1?
your expert advice is a must, thanks!


Virus Scan 0 virus cleaned, 0 virus deleted


Results:
We have detected 0 infected file(s) with 0 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken




Spyware Check 4 spyware programs removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 4 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available
- 4 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
COOKIE_1236 Cookie Removal successful
COOKIE_1264 Cookie Removal successful
COOKIE_1738 Cookie Removal successful
COOKIE_3004 Cookie Removal successful




Microsoft Vulnerability Check No vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix




Logfile of HijackThis v1.99.1
Scan saved at 9:15:00 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Carlo\My Documents\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120604688000
O17 - HKLM\System\CCS\Services\Tcpip\..\{564BB5C3-9718-4846-9EB8-DB5B45D7EA23}: NameServer = 210.23.234.33 210.23.235.65
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top