Author Topic: Oh Darn!!! I have the Zlob trojan - HELP Please....  (Read 30854 times)

0 Members and 1 Guest are viewing this topic.

Offline SpiritWind

  • Full Member
  • ***
  • Posts: 81
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #15 on: August 09, 2006, 10:23:01 PM »
 :D  Hi Cherubs :

      Many times the "MessengerPlus! 3" is the LOP spyware unless the spyware
     "component" has been "neutralized"; if you know nothing about this program
      More than likely it should be uninstalled UNLESS one of the Experts here suggest
      an alternative .
      Concerning antivirus programs : you know about having only 1 "resident"
      program ; if you want to run other antivirus programs it is best to run their
      ONLINE Scanner(s), not download,install, update then run in "safe mode" .
      And as mentioned earlier, your Sun Java is 5 Updates behind; therefore, it is a
      serious security risk . Recommend you uninstall it, then go to www.java.com
      and get their latest; perhaps this should be done AFTER the experts get you
      clean !?
For the BEST in what counts in Life :

www.tacf.org

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #16 on: August 09, 2006, 11:36:29 PM »
Well I have no idea if I've been doing the right thing. I took the java off, from my add and remove programs (hope that was right) there was J2SE Runtime Enviroment 5.0 Update 1 which was 117MB and then another one called Update 2 which was the same size.
I then installed from the last link given but it said there was an error during installation. I just started a game on my computer and could see everything so hope all is ok.


I just did the verify page for java and its installed but I cant see one picture, and it says I have to install the plug in, so I go to do that and it says I already have it and to take it off and reinstall again, I'm not going to do anything now until someone comes along to help. Will leave my computer and come back in an hour or so.

Ciao

Offline SpiritWind

  • Full Member
  • ***
  • Posts: 81
    • View Profile
Latest Sun Java
« Reply #17 on: August 10, 2006, 06:01:03 AM »
 :D  Hi :

      I just went to www.java.com/en and clicked "Manual Download" and saw :

     "Java Runtime Environment Version 5.0 Update 6" ( Should be Update 7 ) .

     With Sun Java, should always uninstall any "Update" that is NOT the last one ;
     so you were correct to uninstall, from Add/Remove Programs, "Update 1" and
     "Update 2". Since you are unsure as to IF you have installed their latest, you can
      look in your Add/Remove Programs to see if there is an "Update 6" or "Update 7".
      Can also go to Internet Options, then click "Advanced" and look down the menu
      for "Java" and see what it says there; if the "box" is unchecked, should put a
      "check" in the box ( assuming it says "Sun" ) .
     
     
For the BEST in what counts in Life :

www.tacf.org

Offline SpyDie

  • The Spyware Cooker
  • Administrator
  • Hero Member
  • *****
  • Posts: 2199
    • View Profile
    • The LandzDown Forum
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #18 on: August 10, 2006, 02:27:28 PM »
The HijackThis logfile looks OK, except for a few orphaned entries. Fix thsse entries but running a new scan and in the results window, check the boxes beside the entries I list and then click 'Fix'. It's that simple :)

F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)


They won't really change much on the system at all.

So does anything report any instances of the 'Zlob' trojan anymore? Also, it is highly recommended to keep your Java version up to date as SpiritWind has said.  :)

Oh and Winlogon.exe is the Windows Logon Manager. Without you can't logon or off ;)
Beta. Software undergoes beta testing shortly before it's released. Beta is Latin for 'still doesn't work.'

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #19 on: August 10, 2006, 07:07:53 PM »
Hi Again,

Thanks for your last post! I've just done what you said. Here is a copy of the latest scan. Could anyone please check to see if the Java is on it and updated. Its giving me an error 1722 and wont install properly, I tried the manual install also. But I'll try someone else's advice as soon as I get a free hour to play with. I think someone left a post for me yesterday which I'm still to follow so thanks heaps for that.

Heres the log I just did....

Logfile of HijackThis v1.99.1
Scan saved at 6:06:29 AM, on 11/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Middleware\CmSkype.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CmSkype] "C:\Program Files\Middleware\CmSkype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: ! Snipeville.Com - http://www.snipeville.com/ebay_add2.php
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.au
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/126p/html/gtdownlr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.2.7.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://littlecherubs.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131964732390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} (Eyeball Instant Messaging Control) - http://www.rsvp.com.au/chat/RSVPChat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Thanks again to everyone, you are all fantastic!! I'd be lost without you all.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7423
  • Liverpool FC - YNWA
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #20 on: August 10, 2006, 07:15:52 PM »
I don't see the O4 item relating to [SunJavaUpdateSched] and jusched.exe ...

You might try verifying the installation:  http://www.java.com/en/download/installed.jsp

If there is an installation error, you might try uninstalling Java again, and then trying to do a fresh upgrade to the newest version.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7423
  • Liverpool FC - YNWA
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #21 on: August 10, 2006, 07:17:36 PM »
If you need the direct link:  http://www.java.com/en/download/windows_ie.jsp
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #22 on: August 10, 2006, 07:33:28 PM »
Thanks heaps for that. I have to take my daughter out to dance comps all day today so I'll have to give it another go when I have time to think with no interuptions. I tried uninstalling yesterday and starting from scratch so hopefully the links you've given me are different. Here is the message I kept getting:

There is a problem with this Windows installer package. A program run as part of the setup did not finish as expected. Contact your support personnal or package vender.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7423
  • Liverpool FC - YNWA
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #23 on: August 10, 2006, 07:57:05 PM »
Quote
Q: I encountered the following error when running the J2SE installer:

This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.

A: There are several possible reasons:

Proxy server requires authentication;
network connection fails;
download manager software interrupts the download process, e.g., GetRight;
TSR (Terminate and Stay Resident) programs, like Norton AntiVirus, may distract the installation process.
To address these problems, please make sure third-party downloader/TSR programs are turned off and the network connection is setup properly.

Quote
Q: Error 1722. There is a problem with this windows installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vender.

A: This is caused by previous unsuccessful install/uninstall of software through MSI engine. This problem will usually disappear if the users run the installer again.



Source:  http://java.sun.com/j2se/1.4.2/docs/guide/deployment/installation/windows/iftw-update/faq.html

... refers to an old version, but maybe helps?  The second reference seems to indicate the Add/Remove didn't work properly.  Maybe running it a second time will do the trick?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7423
  • Liverpool FC - YNWA
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #24 on: August 10, 2006, 08:02:28 PM »
Found this:  http://www.java.com/en/download/help/error_1722.xml

Complete instructions found here ... should do the trick.

 :D
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #25 on: August 11, 2006, 11:38:14 AM »
Hi again,

Heres the scan I just did, thought I'd post one more to check if everything is still ok. There seems to be no more zlob that thats good. But I still cant get java to install correctly, will have to tackle that one again tomorrow.

Logfile of HijackThis v1.99.1
Scan saved at 9:39:19 PM, on 11/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Middleware\CmSkype.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\WINDOWS\system32\wisptis.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CmSkype] "C:\Program Files\Middleware\CmSkype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: ! Snipeville.Com - http://www.snipeville.com/ebay_add2.php
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.au
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/126p/html/gtdownlr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.2.7.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://littlecherubs.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131964732390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} (Eyeball Instant Messaging Control) - http://www.rsvp.com.au/chat/RSVPChat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #26 on: August 11, 2006, 11:39:04 AM »
Spiritwind - I never found it down the list under internet options??

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7423
  • Liverpool FC - YNWA
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #27 on: August 11, 2006, 12:28:53 PM »
I think this Java page will do the trick:  http://www.java.com/en/download/help/error_1722.xml
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #28 on: August 11, 2006, 09:42:36 PM »
 :( Well I've been at it since I got up, I've tried both the different ways and I am still getting the 1722 message. I have no traces of any viruses anymore which is good but for some reason am unable to get java back on. I've followed all the links to all error messages so its no use showing me those, I now need someone thats maybe gone through it themselves. I'm stuck!! I"ve uninstalled I dont know how many times. The only thing different from what the all the help pages said of the name of the file, on the page links you've all given me it says the file name should be 1.4 something but the one you get is 1.5 which I'm guessing is the latest download. I haven't even found a 7 one which someone mentioned. Please Help!!

Offline SpiritWind

  • Full Member
  • ***
  • Posts: 81
    • View Profile
Sun Java & "Error 1722"
« Reply #29 on: August 12, 2006, 04:18:07 PM »
 :D  Hi Cherubs :

      Regarding your "Error 1722", I believe the best info is at :

      http://www.java.com/en/download/help/5000040100.xml .

      Since the Error Message is about "Windows Installer Package", look in your
      Add/Remove Programs and let us know if either "Windows Installer 3.1
     ( KB893803 ) " or "Windows Live Safety Scanner     1.06 MB" are there !?
       If & when you have the latest & current Sun Java, it should say :
      "J2SE Runtime Environment 5.0 Update 7" in your Add/Remove Programs, though
       I am puzzled WHY it says "Update 6" on the Java site !?
For the BEST in what counts in Life :

www.tacf.org