Sign in to follow this  
benko77

StorageProtector

Recommended Posts

I didn’t download and install storage protector , but i’ve got the messages only and some bugs , and i have 2 icons on the desktop : windows update an help and support center.

The Ad-Aware 2007 did not find it.

Any advice how to fix this?

Share this post


Link to post
Share on other sites

Hello.Benko77 & Welcome

 

 

Download HJTInstall.exe to your Desktop.

 

    Doubleclick HJTInstall.exe to install it.
    By default it will install to C:\Program Files\Trend Micro\HijackThis .
    Click on Install.
    It will create a HijackThis icon on the desktop.
    Once installed, it will launch HijackThis.
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    Save the log to a convenient location as you'll need to post it soon.
    Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi.Benko77

 

I ask that you please post the log. I have a hard time looking at Attached files.

 

Gogo :)

Share this post


Link to post
Share on other sites

Sorry :)

 

Scan saved at 18:55:22, on 23.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

D:\Programs\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\KMaestro\KMaestro.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.f1time.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Benko\LOCALS~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.70:3124

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3EB470E4-8B99-4394-849D-D9214C954A6A} - C:\WINDOWS\System32\ilnn.dll (file missing)

O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - G:\Program\FlipAlbum 5 Suite\FpLaunch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bvnkzlzy.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [iCQ Lite] D:\Programs\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

O4 - HKLM\..\Run: [Ad-Watch] D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = D:\MS Office 2000\Office\OSA9.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\BetwayMPP\MPPoker.exe

O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programs\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programs\CDPoker\casino.exe

O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyPoker\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyPoker\PartyPoker\RunApp.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - WWW. Prefix: http://ehttp.cc/?

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132852199033

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.sportna-loterija.si/eigre/msrdp.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://betway.microgaming.com/betway/FlashAX.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7D4648AB-6AD3-4628-B70A-A28FC02C6017}: NameServer = 213.161.0.10,213.161.0.20

O17 - HKLM\System\CCS\Services\Tcpip\..\{CDF31E72-6969-47AC-9A54-758259B32731}: NameServer = 213.161.0.10,213.161.0.20

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB63D942-4493-4450-B3F5-00189A659270}: NameServer = 213.161.0.10,213.161.0.20

O20 - Winlogon Notify: bvnkzlzy - C:\WINDOWS\SYSTEM32\bvnkzlzy.dll

O20 - Winlogon Notify: hggdaya - hggdaya.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programs\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 8149 bytes

Share this post


Link to post
Share on other sites

Hi.Benko77

 

There's no need to be sorry. It's my eyes nothing more.

 

Download ComboFix from Here or Here to your Desktop.

 

Don't run just Yet!

 

==============================

 

NOTE: This next step I'm going to have you do. Is to be done only after you download the tool, above not before.

 

ESET NOD32 ANTIVIRUS

Please navigate to the system tray on the bottom right hand corner and look for a sign.

 

* click it -> click on the button.

* a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

 

You succesfully disabled the NOD32 Guard.

 

==============================

 

AD-AWARE AD-WATCH

 

* Right click on the Ad-Watch icon in the system tray.

* At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

o Active: This will turn Ad-Watch On\Off without closing it.

o Automatic: Suspicious activity will be blocked automatically.

* Uncheck both of those boxes.

* (When done, you can re-enable it using the same steps but this time check both boxes.)

 

NOTE: Again this is to be done only after downloading the tool, above not before.

 

==============================

 

Now run

 

[*]Double click combofix.exe and follow the prompts.

[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

 

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

 

===============================

 

Please make sure to turn on the Anti-Virus scanner after running the ComboFix tool, not before. I may need to have you disable it again at some point.

 

Gogo :)

Share this post


Link to post
Share on other sites

Have run combofix.exe

 

BTW: Don't know if this is important, but had to restart the computer after I ran combofix, because I haven't had any internet connection.

 

 

 

The combofix log file:

 

ComboFix 07-12-21.4 - Benko 2007-12-23 20:36:27.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.330 [GMT 1:00]

Running from: C:\Documents and Settings\Benko\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\bvnkzlzy.dllbox

 

.

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))

.

 

2007-12-23 20:02 . 2007-12-23 20:24 7,168 --a------ C:\WINDOWS\system32\windows

2007-12-23 18:54 . 2007-12-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-23 10:00 . 2007-12-23 20:39 14,033 --a------ C:\pos1DD9.tmp

2007-12-23 09:59 . 2007-12-23 20:39 8,033 --a------ C:\posEF.tmp

2007-12-23 09:59 . 2007-12-23 20:39 8,033 --a------ C:\pos5D8.tmp

2007-12-23 09:59 . 2007-12-23 20:39 7,033 --a------ C:\pos3E2.tmp

2007-12-23 08:21 . 2007-12-23 08:39 14,033 --a------ C:\pos1B4D.tmp

2007-12-23 08:20 . 2007-12-23 08:39 14,033 --a------ C:\pos1A8B.tmp

2007-12-23 00:52 . 2007-12-23 08:15 14,033 --a------ C:\pos1964.tmp

2007-12-22 22:33 . 2007-12-22 22:33 14,033 --a------ C:\pos176E.tmp

2007-12-22 22:32 . 2007-12-22 22:33 14,033 --a------ C:\pos16EA.tmp

2007-12-22 22:31 . 2007-12-22 22:32 14,033 --a------ C:\pos15EF.tmp

2007-12-22 21:33 . 2007-12-22 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-22 20:33 . 2007-12-22 20:33 14,033 --a------ C:\pos157C.tmp

2007-12-22 20:32 . 2007-12-22 20:32 14,033 --a------ C:\pos14C8.tmp

2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\PC Tools

2007-12-22 20:13 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-12-22 20:13 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-12-22 20:13 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-12-22 20:13 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-12-22 12:05 . 2007-12-22 12:06 14,033 --a------ C:\pos12D9.tmp

2007-12-22 12:00 . 2007-12-22 12:04 14,033 --a------ C:\posFF9.tmp

2007-12-22 09:09 . 2007-12-22 11:57 14,033 --a------ C:\posF9C.tmp

2007-12-22 09:08 . 2007-12-22 11:57 14,033 --a------ C:\posEAE.tmp

2007-12-22 00:19 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Netscape

2007-12-21 23:27 . 2007-12-21 23:28 14,033 --a------ C:\posD1B.tmp

2007-12-21 23:14 . 2007-12-21 23:26 14,033 --a------ C:\posB8F.tmp

2007-12-21 23:13 . 2007-12-21 23:26 14,033 --a------ C:\posA79.tmp

2007-12-21 22:59 . 2007-12-21 23:12 14,033 --a------ C:\pos9B1.tmp

2007-12-21 22:58 . 2007-12-21 23:12 14,033 --a------ C:\pos7E3.tmp

2007-12-21 22:10 . 2007-12-21 22:10 <DIR> d-------- C:\Folders Unknown

2007-12-21 02:13 . 2007-12-21 22:57 14,033 --a------ C:\pos679.tmp

2007-12-21 02:10 . 2007-12-21 02:10 143 --a------ C:\WINDOWS\system32\mcrh.tmp

2007-12-20 23:41 . 2007-12-21 02:10 14,033 --a------ C:\pos4D6.tmp

2007-12-20 20:52 . 2007-12-20 20:52 14,033 --a------ C:\pos3E6.tmp

2007-12-20 20:51 . 2007-12-20 20:52 14,033 --a------ C:\pos307.tmp

2007-12-20 18:49 . 2007-12-20 20:49 14,033 --a------ C:\pos1F3.tmp

2007-12-20 18:48 . 2007-12-20 20:49 14,033 --a------ C:\posFF.tmp

2007-12-20 14:07 . 2007-12-20 14:07 165,472 --a------ C:\WINDOWS\system32\ndskfdue.dll

2007-12-20 14:07 . 2007-12-20 14:07 165,472 --a------ C:\WINDOWS\system32\bvnkzlzy.dll

2007-12-18 01:16 . 2007-12-18 01:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-12-18 01:16 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2007-12-18 01:16 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2007-12-18 01:16 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2007-12-18 01:14 . 2007-12-18 01:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-12-03 18:34 . 2007-12-03 18:34 <DIR> d-------- C:\Program Files\AIHoldem

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\USA Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Titan Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Prestige Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Poker.com

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Noble Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\CDPoker

2007-11-26 18:31 . 2007-11-26 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS

2007-11-23 23:34 . 2007-11-23 23:34 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Nokia Multimedia Player

2007-11-23 19:10 . 2007-11-23 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2007-11-23 19:05 . 2007-11-23 19:05 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2007-11-23 19:05 . 2007-11-23 19:05 <DIR> d-------- C:\Program Files\Common Files\Nokia

2007-11-23 19:04 . 2007-11-23 19:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2007-11-23 19:04 . 2007-11-23 19:04 <DIR> d-------- C:\Program Files\DIFX

2007-11-23 19:04 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2007-11-23 19:04 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-11-23 19:04 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2007-11-23 19:04 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2007-11-23 19:04 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2007-11-23 19:04 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2007-11-23 18:59 . 2007-11-23 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll

.

 

((((((((((((((((((((((((((((( [email protected]_10.00.45.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EB470E4-8B99-4394-849D-D9214C954A6A}]

C:\WINDOWS\System32\ilnn.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-12-20 14:07 165472 --a------ C:\WINDOWS\system32\bvnkzlzy.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeyMaestro"="C:\KMaestro\KMaestro.exe" [2002-04-30 11:01]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34]

"ICQ Lite"="D:\Programs\ICQLite\ICQLite.exe" []

"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" []

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 C:\WINDOWS\mixer.exe]

"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" []

"Ad-Watch"="D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - D:\MS Office 2000\Office\OSA9.EXE [1999-02-17 23:05:56]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bvnkzlzy]

bvnkzlzy.dll 2007-12-20 14:07 165472 C:\WINDOWS\system32\bvnkzlzy.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdaya]

hggdaya.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

C:\Program Files\webHancer\Programs\whSurvey.exe

 

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]

R2 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07]

S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 01:54]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-23 19:38:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-23 20:41:04

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\bvnkzlzy.dll

.

Completion time: 2007-12-23 20:41:48

C:\ComboFix2.txt ... 2007-12-23 10:02

.

2007-12-22 02:02:11 --- E O F ---

Share this post


Link to post
Share on other sites

Hi.Benko77

 

1. Close any open browsers.

 

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.

 

File::

C:\pos1DD9.tmp

C:\posEF.tmp

C:\pos5D8.tmp

C:\pos3E2.tmp

C:\pos1B4D.tmp

C:\pos1A8B.tmp

C:\pos1964.tmp

C:\pos176E.tmp

C:\pos16EA.tmp

C:\pos15EF.tmp

C:\pos157C.tmp

C:\pos14C8.tmp

C:\pos12D9.tmp

C:\posFF9.tmp

C:\posF9C.tmp

C:\posEAE.tmp

C:\posD1B.tmp

C:\posB8F.tmp

C:\posA79.tmp

C:\pos9B1.tmp

C:\pos7E3.tmp

C:\pos679.tmp

C:\WINDOWS\system32\mcrh.tmp

C:\pos4D6.tmp

C:\pos3E6.tmp

C:\pos307.tmp

C:\pos1F3.tmp

C:\posFF.tmp

C:\WINDOWS\system32\ndskfdue.dll

C:\WINDOWS\system32\bvnkzlzy.dll

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EB470E4-8B99-4394-849D-D9214C954A6A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bvnkzlzy]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdaya]

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it will produce a log for you at "C:\ComboFix.txt"

 

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

Then come back here with both the HijackThis log and ComboFix.txt

 

 

Gogo :)

Share this post


Link to post
Share on other sites

ComboFix 07-12-21.4 - Benko 2007-12-24 6:00:18.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.191 [GMT 1:00]

Running from: C:\Documents and Settings\Benko\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Benko\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\pos12D9.tmp

C:\pos14C8.tmp

C:\pos157C.tmp

C:\pos15EF.tmp

C:\pos16EA.tmp

C:\pos176E.tmp

C:\pos1964.tmp

C:\pos1A8B.tmp

C:\pos1B4D.tmp

C:\pos1DD9.tmp

C:\pos1F3.tmp

C:\pos307.tmp

C:\pos3E2.tmp

C:\pos3E6.tmp

C:\pos4D6.tmp

C:\pos5D8.tmp

C:\pos679.tmp

C:\pos7E3.tmp

C:\pos9B1.tmp

C:\posA79.tmp

C:\posB8F.tmp

C:\posD1B.tmp

C:\posEAE.tmp

C:\posEF.tmp

C:\posF9C.tmp

C:\posFF.tmp

C:\posFF9.tmp

C:\WINDOWS\system32\bvnkzlzy.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\ndskfdue.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\pos12D9.tmp

C:\pos14C8.tmp

C:\pos157C.tmp

C:\pos15EF.tmp

C:\pos16EA.tmp

C:\pos176E.tmp

C:\pos1964.tmp

C:\pos1A8B.tmp

C:\pos1B4D.tmp

C:\pos1DD9.tmp

C:\pos1F3.tmp

C:\pos307.tmp

C:\pos3E2.tmp

C:\pos3E6.tmp

C:\pos4D6.tmp

C:\pos5D8.tmp

C:\pos679.tmp

C:\pos7E3.tmp

C:\pos9B1.tmp

C:\posA79.tmp

C:\posB8F.tmp

C:\posD1B.tmp

C:\posEAE.tmp

C:\posEF.tmp

C:\posF9C.tmp

C:\posFF.tmp

C:\posFF9.tmp

C:\WINDOWS\system32\bvnkzlzy.dll

C:\WINDOWS\system32\bvnkzlzy.dllbox

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\ndskfdue.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))

.

 

2007-12-24 05:06 . 2007-12-24 05:06 7,168 --a------ C:\WINDOWS\system32\windows

2007-12-23 20:51 . 2007-12-24 06:03 14,033 --a------ C:\pos2056.tmp

2007-12-23 20:50 . 2007-12-24 06:02 14,033 --a------ C:\pos1FBF.tmp

2007-12-23 18:54 . 2007-12-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-23 10:00 . 2007-12-23 20:39 14,033 --a------ C:\pos1DC0.tmp

2007-12-23 08:21 . 2007-12-23 08:39 14,033 --a------ C:\pos1B3B.tmp

2007-12-23 08:20 . 2007-12-23 08:39 14,033 --a------ C:\pos1A81.tmp

2007-12-23 00:52 . 2007-12-23 08:15 14,033 --a------ C:\pos1956.tmp

2007-12-22 22:33 . 2007-12-22 22:33 14,033 --a------ C:\pos1769.tmp

2007-12-22 22:32 . 2007-12-22 22:33 14,033 --a------ C:\pos16E7.tmp

2007-12-22 22:31 . 2007-12-22 22:31 14,033 --a------ C:\pos15DF.tmp

2007-12-22 21:33 . 2007-12-22 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-22 20:33 . 2007-12-22 20:33 14,033 --a------ C:\pos1578.tmp

2007-12-22 20:32 . 2007-12-22 20:32 14,033 --a------ C:\pos14C3.tmp

2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\PC Tools

2007-12-22 20:13 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-12-22 20:13 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-12-22 20:13 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-12-22 20:13 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-12-22 12:05 . 2007-12-22 12:06 14,033 --a------ C:\pos12D6.tmp

2007-12-22 12:00 . 2007-12-22 12:04 14,033 --a------ C:\posFEE.tmp

2007-12-22 09:09 . 2007-12-22 11:57 14,033 --a------ C:\posF9B.tmp

2007-12-22 09:08 . 2007-12-22 11:57 14,033 --a------ C:\posEA5.tmp

2007-12-22 00:19 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Netscape

2007-12-21 23:27 . 2007-12-21 23:28 14,033 --a------ C:\posD11.tmp

2007-12-21 23:14 . 2007-12-21 23:26 14,033 --a------ C:\posB8E.tmp

2007-12-21 23:13 . 2007-12-21 23:26 14,033 --a------ C:\posA76.tmp

2007-12-21 22:59 . 2007-12-21 23:12 14,033 --a------ C:\pos99F.tmp

2007-12-21 22:58 . 2007-12-21 23:12 14,033 --a------ C:\pos7D5.tmp

2007-12-21 22:10 . 2007-12-21 22:10 <DIR> d-------- C:\Folders Unknown

2007-12-21 02:13 . 2007-12-21 22:57 14,033 --a------ C:\pos664.tmp

2007-12-20 23:42 . 2007-12-21 02:10 14,033 --a------ C:\pos5D7.tmp

2007-12-20 23:41 . 2007-12-21 02:10 14,033 --a------ C:\pos4CA.tmp

2007-12-20 20:52 . 2007-12-20 20:52 14,033 --a------ C:\pos3DE.tmp

2007-12-20 20:51 . 2007-12-20 20:51 14,033 --a------ C:\pos300.tmp

2007-12-20 18:49 . 2007-12-20 20:49 14,033 --a------ C:\pos1F2.tmp

2007-12-20 18:48 . 2007-12-20 20:49 14,033 --a------ C:\posFC.tmp

2007-12-18 01:16 . 2007-12-18 01:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-12-18 01:16 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2007-12-18 01:16 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2007-12-18 01:16 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2007-12-18 01:14 . 2007-12-18 01:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-12-03 18:34 . 2007-12-03 18:34 <DIR> d-------- C:\Program Files\AIHoldem

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\USA Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Titan Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Prestige Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Poker.com

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Noble Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\CDPoker

2007-11-26 18:31 . 2007-11-26 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-23 22:34 --------- d-----w C:\Documents and Settings\Benko\Application Data\Nokia Multimedia Player

2007-11-23 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite

2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\PCSuite

2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\Nokia

2007-11-23 18:04 --------- d-----w C:\Program Files\PC Connectivity Solution

2007-11-23 18:04 --------- d-----w C:\Program Files\DIFX

2007-11-23 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations

2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll

.

 

((((((((((((((((((((((((((((( [email protected]_10.00.45.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeyMaestro"="C:\KMaestro\KMaestro.exe" [2002-04-30 11:01]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34]

"ICQ Lite"="D:\Programs\ICQLite\ICQLite.exe" []

"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" []

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 C:\WINDOWS\mixer.exe]

"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" []

"Ad-Watch"="D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - D:\MS Office 2000\Office\OSA9.EXE [1999-02-17 23:05:56]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

C:\Program Files\webHancer\Programs\whSurvey.exe

 

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]

R2 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07]

S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 01:54]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-24 05:03:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-24 06:06:05

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-24 6:07:37 - machine was rebooted

.

2007-12-22 02:02:11 --- E O F ---

Share this post


Link to post
Share on other sites

Hi.Benko77

 

Sorry for all the delay on this. I am having big problems with my wireless so it may seem like I've forgot about you this is not so. I'm just about able to post anything at all. But I will try as long as I have a connection.

 

1. Close any open browsers.

 

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.

 

File::

C:\pos2056.tmp

C:\pos1FBF.tmp

C:\pos1DC0.tmp

C:\pos1B3B.tmp

C:\pos1A81.tmp

C:\pos1956.tmp

C:\pos1769.tmp

C:\pos16E7.tmp

C:\pos15DF.tmp

C:\pos1578.tmp

C:\pos14C3.tmp

C:\pos12D6.tmp

C:\posFEE.tmp

C:\posF9B.tmp

C:\posEA5.tmp

C:\posD11.tmp

C:\posB8E.tmp

C:\posA76.tmp

C:\pos99F.tmp

C:\pos7D5.tmp

C:\pos664.tmp

C:\pos5D7.tmp

C:\pos4CA.tmp

C:\pos3DE.tmp

C:\pos300.tmp

C:\pos1F2.tmp

C:\posFC.tmp

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it will produce a log for you at "C:\ComboFix.txt"

 

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

Then come back here with both the HijackThis log and ComboFix.txt

 

 

Gogo :(

Share this post


Link to post
Share on other sites

No problem.

I am very grateful for your help.

It seems that the main part was taken care of as I haven't had any new popups from the last fix. :(

 

And Merry Christmas and Happy Holidays! Best wishes to you and your family.

 

 

 

 

 

ComboFix 07-12-21.4 - Benko 2007-12-25 9:32:53.4 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.248 [GMT 1:00]

Running from: C:\Documents and Settings\Benko\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Benko\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\pos12D6.tmp

C:\pos14C3.tmp

C:\pos1578.tmp

C:\pos15DF.tmp

C:\pos16E7.tmp

C:\pos1769.tmp

C:\pos1956.tmp

C:\pos1A81.tmp

C:\pos1B3B.tmp

C:\pos1DC0.tmp

C:\pos1F2.tmp

C:\pos1FBF.tmp

C:\pos2056.tmp

C:\pos300.tmp

C:\pos3DE.tmp

C:\pos4CA.tmp

C:\pos5D7.tmp

C:\pos664.tmp

C:\pos7D5.tmp

C:\pos99F.tmp

C:\posA76.tmp

C:\posB8E.tmp

C:\posD11.tmp

C:\posEA5.tmp

C:\posF9B.tmp

C:\posFC.tmp

C:\posFEE.tmp

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\pos12D6.tmp

C:\pos14C3.tmp

C:\pos1578.tmp

C:\pos15DF.tmp

C:\pos16E7.tmp

C:\pos1769.tmp

C:\pos1956.tmp

C:\pos1A81.tmp

C:\pos1B3B.tmp

C:\pos1DC0.tmp

C:\pos1F2.tmp

C:\pos1FBF.tmp

C:\pos2056.tmp

C:\pos300.tmp

C:\pos3DE.tmp

C:\pos4CA.tmp

C:\pos5D7.tmp

C:\pos664.tmp

C:\pos7D5.tmp

C:\pos99F.tmp

C:\posA76.tmp

C:\posB8E.tmp

C:\posD11.tmp

C:\posEA5.tmp

C:\posF9B.tmp

C:\posFC.tmp

C:\posFEE.tmp

 

.

((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))

.

 

2007-12-24 05:06 . 2007-12-24 05:06 7,168 --a------ C:\WINDOWS\system32\windows

2007-12-23 20:51 . 2007-12-24 06:03 14,033 --a------ C:\pos204E.tmp

2007-12-23 20:50 . 2007-12-24 06:02 14,033 --a------ C:\pos1FB8.tmp

2007-12-23 18:54 . 2007-12-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-23 10:01 . 2007-12-23 20:39 14,033 --a------ C:\pos1F33.tmp

2007-12-23 10:00 . 2007-12-23 20:39 14,033 --a------ C:\pos1DB0.tmp

2007-12-23 08:21 . 2007-12-23 08:39 14,033 --a------ C:\pos1B33.tmp

2007-12-23 08:20 . 2007-12-23 08:39 14,033 --a------ C:\pos1A7E.tmp

2007-12-23 00:52 . 2007-12-23 08:15 14,033 --a------ C:\pos194D.tmp

2007-12-22 22:33 . 2007-12-22 22:33 14,033 --a------ C:\pos1761.tmp

2007-12-22 22:32 . 2007-12-22 22:32 14,033 --a------ C:\pos16E1.tmp

2007-12-22 22:31 . 2007-12-22 22:31 14,033 --a------ C:\pos15D8.tmp

2007-12-22 21:33 . 2007-12-22 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-22 20:33 . 2007-12-22 20:33 14,033 --a------ C:\pos1572.tmp

2007-12-22 20:32 . 2007-12-22 20:32 14,033 --a------ C:\pos14B9.tmp

2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\PC Tools

2007-12-22 20:13 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-12-22 20:13 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-12-22 20:13 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-12-22 20:13 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-12-22 12:05 . 2007-12-22 12:05 14,033 --a------ C:\pos12B8.tmp

2007-12-22 12:00 . 2007-12-22 12:04 14,033 --a------ C:\posFEA.tmp

2007-12-22 09:09 . 2007-12-22 11:57 14,033 --a------ C:\posF96.tmp

2007-12-22 09:08 . 2007-12-22 11:57 14,033 --a------ C:\posE9B.tmp

2007-12-22 00:19 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Netscape

2007-12-21 23:27 . 2007-12-21 23:27 14,033 --a------ C:\posD00.tmp

2007-12-21 23:14 . 2007-12-21 23:26 14,033 --a------ C:\posB83.tmp

2007-12-21 23:13 . 2007-12-21 23:26 14,033 --a------ C:\posA70.tmp

2007-12-21 22:59 . 2007-12-21 23:12 14,033 --a------ C:\pos98B.tmp

2007-12-21 22:58 . 2007-12-21 23:12 13,033 --a------ C:\pos7E6.tmp

2007-12-21 22:10 . 2007-12-21 22:10 <DIR> d-------- C:\Folders Unknown

2007-12-21 02:13 . 2007-12-21 22:57 14,033 --a------ C:\pos64D.tmp

2007-12-20 23:42 . 2007-12-21 02:10 14,033 --a------ C:\pos5D4.tmp

2007-12-20 23:41 . 2007-12-21 02:10 14,033 --a------ C:\pos4B8.tmp

2007-12-20 20:52 . 2007-12-20 20:52 14,033 --a------ C:\pos3D2.tmp

2007-12-20 20:51 . 2007-12-20 20:51 14,033 --a------ C:\pos2FC.tmp

2007-12-20 18:49 . 2007-12-20 20:49 14,033 --a------ C:\pos1EE.tmp

2007-12-20 18:48 . 2007-12-20 20:49 14,033 --a------ C:\posF7.tmp

2007-12-18 01:16 . 2007-12-18 01:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-12-18 01:16 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2007-12-18 01:16 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2007-12-18 01:16 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2007-12-18 01:14 . 2007-12-18 01:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-12-03 18:34 . 2007-12-03 18:34 <DIR> d-------- C:\Program Files\AIHoldem

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\USA Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Titan Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Prestige Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Poker.com

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Noble Poker

2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\CDPoker

2007-11-26 18:31 . 2007-11-26 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-23 22:34 --------- d-----w C:\Documents and Settings\Benko\Application Data\Nokia Multimedia Player

2007-11-23 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite

2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\PCSuite

2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\Nokia

2007-11-23 18:04 --------- d-----w C:\Program Files\PC Connectivity Solution

2007-11-23 18:04 --------- d-----w C:\Program Files\DIFX

2007-11-23 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations

2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll

.

 

((((((((((((((((((((((((((((( [email protected]_10.00.45.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeyMaestro"="C:\KMaestro\KMaestro.exe" [2002-04-30 11:01]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34]

"ICQ Lite"="D:\Programs\ICQLite\ICQLite.exe" []

"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" []

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 C:\WINDOWS\mixer.exe]

"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" []

"Ad-Watch"="D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - D:\MS Office 2000\Office\OSA9.EXE [1999-02-17 23:05:56]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

C:\Program Files\webHancer\Programs\whSurvey.exe

 

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]

R2 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07]

S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 01:54]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-25 08:33:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-25 09:35:21

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-25 9:35:58

C:\ComboFix2.txt ... 2007-12-24 06:07

.

2007-12-22 02:02:11 --- E O F ---

Share this post


Link to post
Share on other sites

Hey.Benko77

 

Sorry I have not forgot about you. Just been having problems of my own on this laptop. Let's try running this tool.

 

 

Download SDFix and save it to your Desktop.

 

* Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

* Reboot into Safe Mode: ( without networking support !)

°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.

Choose Safe Mode from the menu that will appear and press Enter.

 

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

 

Gogo :blink:

Share this post


Link to post
Share on other sites

SDFix: Version 1.119

 

Run by Benko on Äet 27.12.2007 at 23:02

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

No Trojan Files Found

 

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-28 00:58:36

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files:

---------------

 

 

Files with Hidden Attributes:

 

Fri 22 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 27 Jun 2007 20,480 ...H. --- "C:\Documents and Settings\Benko\My Documents\~WRL0001.tmp"

Wed 27 Jun 2007 20,992 ...H. --- "C:\Documents and Settings\Benko\My Documents\~WRL0003.tmp"

Sat 1 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Downloadd4a7c846fe5e74c3056c3e240c1ffeb\BIT4.tmp"

Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fdb6\BIT2B.tmp"

Tue 18 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Fri 22 Sep 2006 20 A..H. --- "C:\Documents and Settings\Benko\My Documents\My Music\License Backup\drmv1lic.bak"

Fri 22 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Benko\My Documents\My Music\License Backup\drmv1key.bak"

Fri 22 Sep 2006 9,655 A.SH. --- "C:\Documents and Settings\Benko\My Documents\My Music\License Backup\drmv2key.bak"

Sat 23 Sep 2006 19,968 ...H. --- "C:\Documents and Settings\Benko\Application Data\Microsoft\Word\~WRL0003.tmp"

Sat 23 Sep 2006 23,040 ...H. --- "C:\Documents and Settings\Benko\Application Data\Microsoft\Word\~WRL0001.tmp"

 

Finished!

Share this post


Link to post
Share on other sites

Hi.Benko77

 

Please update your Java, and show me, a new Hijack-This log.

 

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Let me know in your next reply how things are now.

 

Gogo :)

Share this post


Link to post
Share on other sites
Sign in to follow this