Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser hijack

Unread postby johnwoods » July 25th, 2007, 5:11 pm

Hi, I keep getting the message from SG alert that my IE setting has been changed. Everytime I click on the button to restore the old value, it keeps coming back again and again endlessly with the same message.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:29:53 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\JUSearch\juspc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&mem= ... PL&O=A&UT=
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Show All Original Images - "res://C:\Program Files\Juno6\qsacc\appres.dll/228"
O8 - Extra context menu item: Show Original Image - "res://C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9114986265
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
johnwoods
Active Member
 
Posts: 6
Joined: July 25th, 2007, 4:56 pm
Advertisement
Register to Remove

Unread postby askey127 » July 28th, 2007, 6:48 am

Hi johnwoods,
-----------------------------------------------------------
Disable WinPatrol
- Right Click the 'Scotty Dog' icon in the system tray
- Click Options
- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
-Click the X to end program.
- Right Click the 'Scotty Dog' icon in the system tray again
- Click Exit Program
WinPatrol is now disabled and will not start at bootup.
-----------------------------------------------------------
Disable SpywareGuard
- Right Click the running icon of Spywareguard to open the program.
- Then go to Menu, File, Exit.
- Confirm the program is closed.
- Reboot your machine for the changes to take effect.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&mem= ... PL&O=A&UT=
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.
-----------------------------------------------------------
Use Add/Remove Programs In Control Panel
Close any programs you may have running, ESPECIALLY your web browser
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

JUSearch
Any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name.

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
------------------------------------------------------------
Then download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the fourth one down on the page, called Java Runtime Environment (JRE) 6 Update 2
Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby johnwoods » July 28th, 2007, 11:33 pm

Hi askey127,
Thanks for your help.

I disabled WinPatrol according to your instruction. But, I thought it was a good program for removing unwanted cookies.

I tried several times to disable SpywareGuard, but each time upon reboot the icon is still running in the system tray and the same dialog box about SG alert on "IE setting has been changed" re-appeared.

Finally, I just right click SG icon in the system tray which brought up the SG window and clicked on File then Exit without rebooting. From there I opened HJT and ran the scan and checked the 10 items you listed followed by Fix Checked.

Then I went to Add/Remove Programs and removed J2SE Runtime Environment 5.0 Update 2.

I couldn't find JUSearch in Add/Remove, but I found the folder in C:\Program Files\JUSearch which contained several files including uninstal program.

I also found SG program in Add/Remove Programs and in C:\Document and Setting\Startmenu\Startup\SpywareGuard.

I didn't download the latest version of Java yet and didn't do another scan of HJT until I hear from you regarding what I should do about the SG and JUSearch problems. Please let me know what I need to do before I proceed any further.

Thanks

JW
johnwoods
Active Member
 
Posts: 6
Joined: July 25th, 2007, 4:56 pm

Unread postby askey127 » July 29th, 2007, 6:14 am

You can go ahead and Uninstall SpywareGuard, then Reboot.
It's easy enough to re-install.

Then see if you can delete the entire \JUSearch\ folder
Download the newest Java
Then post a new HJT log. Tell what comes up as your home page.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby johnwoods » July 29th, 2007, 4:41 pm

Hi Askey,
I removed SG and uninstalled JuSeaarch successfully. Upon reboot I received no more dialog box from SG alert and the SG icons are no longer in desktop sreen or system tray.

My internet homepage remains the same, i.e. the homepage of my IP Juno.

I clicked on the link you provided to download latest version of Java and found there are several to choose from such as:

    JDK 6 Update 2
    JDK 6 Update 1 with Java EE 5 SDK Update 3 Preview 2
    JDK 6 Update 2 with NetBeans 5.5.1
    Java Runtime Environment (JRE) 6 Update 2
    plus more...


I didn't know which one to choose so I picked the top one on the list, i.e. JDK 6 Update 2. Then there is the option of offline or online install. The online install is much smaller in byte size, only a few hundred kb vs offline 65.5 Mb. So at first I chose the online version. But, upon running the setup while still online, I received a message that the installation was not successful. So I deleted the setup icon on my desktop by right click on the icon and then delete.

I tried again to download Java on the link you gave but this time my Sygate firewall came up with a dialog box asking whether I allow google.com to access some site for a dll file. Since I didn't respond in time while trying to read the message in details, the connection to Java site was unseccessful and I received a page stating that it cannot open the webpage.

After several attempts I managed to get to the Java download page again but the download was very slow (transfer rate was around 5.6kb/second) that it required 3 hrs and 30 min. My last check was 2 hours later and it said 1 hr 30 min remaining. Three and the half hrs later when I checked back, my internet connection was disrupted and I had to try agin to do the download from square one. But, since it again required more than 3 hrs for the download, I just grew frustrated and had to cancel it for now.

Anyway here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:18:24 AM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Show All Original Images - "res://C:\Program Files\Juno6\qsacc\appres.dll/228"
O8 - Extra context menu item: Show Original Image - "res://C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9114986265
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
johnwoods
Active Member
 
Posts: 6
Joined: July 25th, 2007, 4:56 pm

Unread postby askey127 » July 29th, 2007, 5:50 pm

The correct one is this : Java Runtime Environment (JRE) 6 Update 2
I believe it's the fourth one down.
Any others should be removed first.
Sorry I should have made it more clear.

Your log looks clean.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby johnwoods » July 30th, 2007, 12:01 pm

Thanks Askey. I downloaded and installed the Java Runtime Environment (JRE) 6 Update 2 successfully.

Do you think I can enable WinPatrol now or should I remove it and download another one?
johnwoods
Active Member
 
Posts: 6
Joined: July 25th, 2007, 4:56 pm

Unread postby askey127 » July 30th, 2007, 2:36 pm

You can go into Start, All Programs, WinPatrol, WinPatrol to start the program again.
You should be good to go.
If you have any other questions or any problems later, we will be here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby johnwoods » July 31st, 2007, 12:51 pm

Thank you very much for your help, Askey.

One more thing if you don't mind. The WinPatrol has listed a startup list of programs that start up upon reboot. Can you help me to determine those that do not need to be in the startup list?

WinPatrol Startup Programs
7/31/2007 11:38


hpWirelessAssistant
HP Wireless Assistant.exe
hp Wireless Assistant Module
Version: 1, 1, 1, 2
Copyright 2004
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
Click for Plus Info



ATIPTA
atiptaxx.exe
ATI Desktop Control Panel
Version: 6.14.10.5142
Copyright (C) 1998-2005 ATI Technologies Inc.
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Click for Plus Info



SynTPLpr
SynTPLpr.exe
TouchPad Driver Helper Application
Version: 7.13.0.1 02Feb05
Copyright (C) Synaptics, Inc. 1996-2004
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Click for Plus Info



SynTPEnh
SynTPEnh.exe
Synaptics TouchPad Enhancements
Version: 7.13.0.1 02Feb05
Copyright (C) Synaptics, Inc. 1996-2004
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Click for Plus Info



iTunesHelper
iTunesHelper.exe
iTunesHelper Module
Version: 4.7.0.42
© 2003-2004 Apple Computer, Inc. All Rights Reserved.
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\iTunes\iTunesHelper.exe
Click for Plus Info



LSBWatcher
lsburnwatcher.exe
LightScribe Burn Watcher
Version: 4, 10, 14, 0
Copyright (C) 2004
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
Click for Plus Info



eabconfg.cpl
EabServr.exe /Start
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
Click for Plus Info



HPDJ Taskbar Utility
hpztsb05.exe
Version: 2,128,0,0
Copyright (c) Hewlett-Packard Company 1999-2002
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
Click for Plus Info



SmcService
smc.exe -startgui
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
Click for Plus Info



AVG7_CC
avgcc.exe /STARTUP
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
Click for Plus Info



HP Software Update
HPWuSchd2.exe
Hewlett-Packard Product Assistant
Version: 050.000.146.000
Copyright (C) Hewlett-Packard Co. 1995-2004
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Click for Plus Info



SunJavaUpdateSched
jusched.exe
Java(TM) Platform SE binary
Version: 6.0.20.6
Copyright © 2004
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
Click for Plus Info



MSMSGS
msmsgs.exe /background
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Messenger\msmsgs.exe /background
Click for Plus Info



Spamihilator
spamihilator.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Spamihilator\spamihilator.exe
Click for Plus Info



swg
GoogleToolbarNotifier.exe
GoogleToolbarNotifier
Version: 2, 0, 301, 1654
Copyright © 2005-2007
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Click for Plus Info



FinePixViewer
QuickDCF.exe
Exif Launcher
Version: 1, 1, 0, 0
Copyright 2000-2001 FUJI PHOTO FILM CO.,LTD.
Location: Windows Startup Group
Path: C:\Program Files\Exif Launcher\QuickDCF.exe
Click for Plus Info



Microsoft Office StartUp
OSA9.EXE
Microsoft Office 2000 component
Version: 9.0.3720
Copyright© Microsoft Corporation 1994-1999. All rights reserved.
Location: Windows Startup Group
Path: C:\Program Files\Microsoft Office\Office\OSA9.EXE
Click for Plus Info
johnwoods
Active Member
 
Posts: 6
Joined: July 25th, 2007, 4:56 pm

Unread postby askey127 » July 31st, 2007, 2:50 pm

johnwoods,
All these functions can be accessed from Start, Programs, whether or not they start automatically.
If you click Remove while any one of them is highlighted, it will no longer start automatically.

iTunesHelper, iTunesHelper.exe - If you call up iTunes all the time, then leave it. Otherwise remove it from startup.

LSBWatcher, lsburnwatcher.exe - This gives you Lightscribe labels (the ones shaded into the surface of CDs/DVDs) available at all times.
If you only use it occasionally, or not at all, I would remove it from startup.

EabServr.exe /Start - This enables the Compaq "Easy Access" buttons to work . You may or may not care.

HP Software Update, HPWuSchd2.exe This is primarily to send you update notices. I would remove it from startup

SunJavaUpdateSched - this Update service doesn't work very well and I would remove it from startup.
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

MSMSGS - Unless you get system messages from a System Administrator on a Network, you can remove this from startup
msmsgs.exe /background

FinePixViewer (Fuji) - If you need this at your fingertips, keep it in startup. Otherwise remove it.
QuickDCF.exe

Microsoft Office StartUp OSA9.EXE You don't need this and can remove it from startup.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby johnwoods » July 31st, 2007, 3:24 pm

Hi Askey, I removed all the recommendation you gave me. Once again, I want to thank you very much for all the help you gave me.

May God bless you and all the staffs of this forum.

John.
johnwoods
Active Member
 
Posts: 6
Joined: July 25th, 2007, 4:56 pm

Unread postby askey127 » July 31st, 2007, 4:56 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
If you are the topic starter, you will need a valid, working link to the closed topic, along with the user name used.
The user name must match the one in the linked thread linked to avoid having the email deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware