Can't run my shortcut.

I can’t run my Avast! why?
and I can’t use all the shortcut by a double click from my computer, but I can use them with a right click and open. the icon of the shortcut was right, and so the target…
I found some strange folder on my desktop named “%System Drive%”. and there’s 9 folders inside it, and no files detected… help me…

I can’t run the shortcut, if i double click on my shortcut, the icon will becomes transparent…
and I found some worms detected on my computer, on Volume Information folder… it’s dangerous?? Can I deleted them?

Hi ferdi_goh2889. Welcome to the forum.

Is avast! functioning at all? If you hover your mouse over the a-icon in the system tray how many providers does it say are running?

When you post a reply please include your operating system and the names of the worms detected. Are they only in the system volume information or elsewhere too?

hmm, on another shortcut, the program will be opened if i right-clicked and choose open. But, it doesn’t work to avast! shortcut…
my operatin system is Windows XP SP2.
sorry, i don’t know the names of the worms… But they founded on system volume information folder, but i’ve moved it to chest. sometimes, it found in system files too, file name is prodsvrs.exe
oh yeah, I have deleted one files which one infected with the virus… the files was in system volume information, it’s dangerous?

Hey, My explorer can’t show the address bar too… what a…???

The system volume information folder is part of system restore. This is not terribly dangerous as long as you don’t restore to an infected point. We’ll clean this up later.

For now, let’s try this.

Download Deckard’s System Scanner (DSS) to your Desktop.
[*]Close all applications and windows.
[*]Double-click on DSS.exe to run it, and follow the prompts.
[*]The scan may take a minute. When the scan is complete, a text file will open - Main.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard’s System Scanner to run and don’t let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt from the C:\Deckard\System Scanner folder into your next reply.

And again, is avast! currently running on your computer?

I can’t run the program… there’s some error in making restore point…

My avast! is running in start up as well… Avast protected my computer as well, I thought. I just can’t open avast on the shortcut…

OK. Download HijackThis and extract it to C:\HijackThis. Rename hijackthis.exe to hijackthat.exe, open the program and click the button that says “Do a system scan and save a log file”. Then post the contents of the log.

I have download Hijackthis a month ago.
and here’s the new log:

Logfile of HijackThis v1.99.1
Scan saved at 12:06:52 PM, on 1/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\soundman.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Program Files\Winamp\winampa.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\System32\CTSvcCDA.EXE
F:\WINDOWS\System32\wdfmgr.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\svchost.exe
D:\Program Files\Opera\Opera.exe
F:\Hijackthat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {086F3ADF-92EA-4415-877E-C7DD7DD64F14} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {61F772CB-F07A-47DB-957A-F7DEC6973D70} - F:\WINDOWS\System32\jkhfe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [SoundMan] soundman.exe
O4 - HKLM..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ATICCC] “F:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM..\Run: [QuickTime Task] “F:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM..\Run: [DataLayer] F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM..\Run: [System Files Updater] F:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKCU..\Run: [Yahoo! Pager] “D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 - HKCU..\Run: [Instant Access] F:\WINDOWS\System32\prodsrvs.exe /res
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip..{DE8C499B-523D-4647-864D-AE171A41CDD7}: NameServer = 85.255.114.4 85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137
O20 - Winlogon Notify: mljijgh - mljijgh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Management Service - Unknown owner - F:\WINDOWS\System32\dmwhz.exe

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from “Click the
Scan for Vundo button.” when VundoFix appears at reboot.

Post the VundoFix log and a new hjt log (run hjt this again, after VundoFix). Also upload F:\WINDOWS\System32\dmwhz.exe to Virus Total and post those results too.

Do you recognize the addresses in these lines

O17 - HKLM\System\CCS\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip..{DE8C499B-523D-4647-864D-AE171A41CDD7}: NameServer = 85.255.114.4 85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137

EDIT: See if you’re able to update Windows to Service Pack 2. You might not be able to at the moment but, if you can, please do.

You should also have a firewall. Here are links to Comodo and ZoneAlarm - take your pick

http://www.filehippo.com/download_comodo/

http://www.filehippo.com/download_zonealarm_free/

Your Java is also a bit out of date. Install Version 5 Update 11 or higher and uninstall all older versions (but post the VundoFix log before updating Java - I want to see what versions might be present)

http://www.java.com/en/download/manual.jsp

Hi Mauserme just thought I’d pop in Comboscan now fixes the wareout problem as well.

A few good links for you
START UP (04) programmes http://www.bleepingcomputer.com/startups/
CLSID (02 &03) http://www.castlecops.com/CLSID.html
SERVICES (023) http://www.castlecops.com/O23.html

85 tcip’s are wareout

Thanks essexboy.

Is it Comboscan or Combofix that will help?

DUH numpty I meant combofix

Edit read my sig ;D

Good Morning, Mauserme,

When I tried to upload the files these text appeared:
0 bytes size received / Se ha recibido un archivo vacio
What this means?
Ok, I’ll download Zone Alarm Later… Is it usefull? It’s ok to use Avast! and Zone Alarm at the same time?

No infected files were found

Vundo Fix LOG :
VundoFix V6.3.6

Checking Java version…

Java version is 1.5.0.6

Scan started at 1:09:23 AM 4/2/2007

Listing files found while scanning…

No infected files were found.


Hijack This LOG :
Logfile of HijackThis v1.99.1
Scan saved at 1:14:27 AM, on 4/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\System32\CTSvcCDA.EXE
F:\WINDOWS\System32\wdfmgr.exe
F:\WINDOWS\soundman.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
D:\Program Files\Winamp\winampa.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Hijackthat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {086F3ADF-92EA-4415-877E-C7DD7DD64F14} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {61F772CB-F07A-47DB-957A-F7DEC6973D70} - F:\WINDOWS\System32\jkhfe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [SoundMan] soundman.exe
O4 - HKLM..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ATICCC] “F:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM..\Run: [QuickTime Task] “F:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM..\Run: [DataLayer] F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM..\Run: [pwuzxtged] f:\windows\system32\pwuzxtged.exe pwuzxtged
O4 - HKLM..\Run: [System Files Updater] F:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKCU..\Run: [Yahoo! Pager] “D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 - HKCU..\Run: [Instant Access] F:\WINDOWS\System32\prodsrvs.exe /res
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137
O20 - Winlogon Notify: mljijgh - mljijgh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Management Service - Unknown owner - F:\WINDOWS\System32\dmwhz.exe

Goodmorning ferdi_goh,

Zone Alarm works fine with avast! but you will get a warning during installation about the Privacy Manager. This is not present in the free version so just click No on the warning. But I realize the latest version of Zone Alarm is a bit bloated with unnecessary options so, if you haven’t already installed ZA, go with Comodo instead.

The install Java Environment 5 Update 11. Open Add/Remove Programs and uninstall Java Environment 5 Update 6. Reboot.

Download ComboFix to your Desktop.

Close all other windows, double click combofix.exe and follow the prompts.

When finished, it will produce a log for you. Post that log and a hjt (using the renamed HijackThat) log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

Also with hjt, click the “Open the Misc Tools Section” button, then click “Open Uninstall Manager” and save the list. Post this list in addition to the logs mentioned above.

When I want to remove Java Environment 5.0 Update 6, there’s a warning : “The windows installer service could not be accessed.”
What’s wrong?

Here is Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:05:34 AM, on 4/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\soundman.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\System32\CTSvcCDA.EXE
F:\WINDOWS\System32\wdfmgr.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Hijackthat.exe
D:\Program Files\Opera\Opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {61F772CB-F07A-47DB-957A-F7DEC6973D70} - F:\WINDOWS\System32\jkhfe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [SoundMan] soundman.exe
O4 - HKLM..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ATICCC] “F:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM..\Run: [QuickTime Task] “F:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM..\Run: [DataLayer] F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM..\Run: [System Files Updater] F:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM..\Run: [ZoneAlarm Client] “D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKCU..\Run: [Yahoo! Pager] “D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip..{DE8C499B-523D-4647-864D-AE171A41CDD7}: NameServer = 85.255.114.4 85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip..{13CBFCFF-9378-409F-9652-3ED9D60895DD}: NameServer = 85.255.114.4,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.4 85.255.112.137
O20 - Winlogon Notify: mljijgh - mljijgh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Management Service - Unknown owner - F:\WINDOWS\System32\dmwhz.exe

And the list you asked:
6610 USB-Handset Manager
Adobe Flash Player 9 ActiveX
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
Avance AC’97 Audio
avast! Antivirus
Canon PhotoRecord
Canon PIXMA iP1000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Creative MediaSource
Cutter 4.3
Dungeon Siege 2 Broken World
Easy CD-DA Extractor 7.5
Easy-WebPrint
Enable S3 for USB Device
FlyakiteOSX
Gnumeric Spreadsheet (With Gtk+ 2.6.10) 1.6.3-win32-2
Guitar Pro 4
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
MetaTrader 4.00
Microsoft .NET Framework 2.0
Nokia Connectivity Cable Driver
Nokia PC Suite
NOMAD MuVo NX
OpenOffice.org 2.0
OpenTTD 0.5.0
Opera
PowerPlayer II
Pro Evolution Soccer 6
QuickTime
RTLSetup
Spybot - Search & Destroy 1.4
StarDict (remove only)
System Alert Popup
The Battle for Middle-earth ™ II
Winamp (remove only)
Windows Installer 3.0 (KB884016)
Windows Media Format Runtime
Windows Media Player 10
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZipGenius 5.5.1.468a
ZoneAlarm

I can’t post the combofix log, because there’s more than 10000 characters…
so, I’ll attached it…

It could be damaged. After posting the combofix log try this

Click Start
Click Run
In the box type “sfc /scannow” without the quotes

This will take a while to run but may fix the problem.

EDIT: Thanks for the combofix log. Was the hjt log from before or after combofix? I actully need hjt to be after.

I’m on my way to work - will check again later.