Skip to main content

bamajim

10.4K Posts

June 22nd, 2008 11:00

gustav01

That's quite an infection you have there. It will take a couple of runs at this to completely remove it so please be patient

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :


  • Restart your computer
  • After your computer starts, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.


  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log













Microsoft MVP Consumer-Security

 


"The world is what you make of it"




gustav01

10 Posts

June 22nd, 2008 12:00

Hi and first thanks for your help!

here is the report from SDFix

 

SDFix: Version 1.195
Run by Gustavo on Sun 06/22/2008 at 05:58 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :

Name :
aspimgr
sysrest.sys

Path :
C:\WINDOWS\system32\aspimgr.exe
\??\C:\WINDOWS\system32\sysrest.sys

aspimgr - Deleted
sysrest.sys - Deleted

 

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\SYSTEM32\LSASS6~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHQGHU.EXE - Deleted
C:\3E.TMP - Deleted
C:\46.TMP - Deleted
C:\47.TMP - Deleted
C:\48.TMP - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted
C:\WINDOWS\system32\23B.tmp - Deleted
C:\WINDOWS\system32\TFTP2908 - Deleted
C:\WINDOWS\system32\TFTP5320 - Deleted
C:\DOCUME~1\Gustavo\LOCALS~1\Temp\Binaries1.zip  - Deleted
C:\svhost.exe  - Deleted
C:\WINDOWS\s32.txt  - Deleted
C:\WINDOWS\system32\braviax.exe  - Deleted
C:\WINDOWS\system32\winivstr.exe  - Deleted
C:\WINDOWS\ws386.ini  - Deleted
C:\WINDOWS\system32\ntos.exe  - Deleted
C:\WINDOWS\system32\sysrest.sys  - Deleted
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted

 

Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed


Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 06:13:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :

 


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Gustavo\\Local Settings\\Temp\\.tt6C.tmp"="C:\\Documents and Settings\\Gustavo\\Local Settings\\Temp\\.tt6C.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 28 Feb 2004         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 12 Nov 2004        37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Tue  6 Jan 2004        52,224 ...H. --- "C:\Documents and Settings\Gustavo\Application Data\Microsoft\Word\~WRL3363.tmp"
Sat 14 Apr 2007             8 A..H. --- "C:\Documents and Settings\Gustavo\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 14 Apr 2007             8 A..H. --- "C:\Documents and Settings\Gustavo\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 14 Apr 2007             8 A..H. --- "C:\Documents and Settings\Gustavo\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sat 14 Apr 2007             8 A..H. --- "C:\Documents and Settings\Gustavo\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

 

gustav01

10 Posts

June 22nd, 2008 12:00

And the HJT report

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:08 AM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lphc5n5j0e1el.exe
C:\WINDOWS\system32\sysrest32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\shc3n5j0e1el\shc3n5j0e1el.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe" /hide
O4 - HKLM\..\Run: [lphc5n5j0e1el] C:\WINDOWS\system32\lphc5n5j0e1el.exe
O4 - HKLM\..\Run: [SMshc3n5j0e1el] C:\Program Files\shc3n5j0e1el\shc3n5j0e1el.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\RunServices: [Microsoft Drivers] WSconf.exe
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [WinAC v4] klsuicbn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WinAC v4] klsuicbn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinAC v4] klsuicbn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WinAC v4] klsuicbn.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7160 bytes

bamajim

10.4K Posts

June 23rd, 2008 12:00

gustav01

You are most welcome.

Better, but we still; have some work to do.

1. Please download the Killbox.
  • 1)Save it to the desktop
    2) Rt Click->>Extract all->.Extract it to your Desktop
    3) Double Click Killbox.exe to run it
    4)Select " Delete on Reboot", and then select "All files".
    5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:


    C:\WINDOWS\system32\lphc5n5j0e1el.exe
    C:\WINDOWS\system32\sysrest32.exe
    C:\Program Files\shc3n5j0e1el\shc3n5j0e1el.exe


    6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
    7) Click the red-and-white " Delete File" button.  Click " Yes" at the Delete on Reboot prompt.











2. Rerun Hijackthis (scan only) and place checks beside the following entries
  • O4 - HKLM\..\Run: [lphc5n5j0e1el] C:\WINDOWS\system32\lphc5n5j0e1el.exe
    O4 - HKLM\..\Run: [SMshc3n5j0e1el] C:\Program Files\shc3n5j0e1el\shc3n5j0e1el.exe
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
    O4 - HKLM\..\RunServices: [Microsoft Drivers] WSconf.exe
    O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
    O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
    O4 - HKUS\S-1-5-18\..\Run: [WinAC v4] klsuicbn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [WinAC v4] klsuicbn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinAC v4] klsuicbn.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WinAC v4] klsuicbn.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log



















Microsoft MVP Consumer-Security

 


"The world is what you make of it"




gustav01

10 Posts

June 24th, 2008 04:00

Here is the HJT log,I noticed that O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
still onthe new log.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:40 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6042 bytes

gustav01

10 Posts

June 24th, 2008 11:00

Here is the log

 


+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.2
+
+  By bamajim
+
+++++++++++++++++++++++++++++++++

=== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"WinAC v4"="klsuicbn.exe"
"tgcmdprovidersbc"="\"c:\\program files\\support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf /nosystray"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"dscactivate"="\"C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\""
"DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


=== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus COLOR 580"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_AICN03.EXE /P22 \"EPSON Stylus COLOR 580\" /O6 \"USB001\" /M \"Stylus COLOR 580\""
"Yahoo! Pager"="1"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"Polar Sync"=""
"DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"


=== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

6/23/2008 7:00:16 PM    1276822    C:\!KillBox
6/23/2008 7:00:16 PM    406    C:\!KillBox\Logs
6/22/2008 5:40:05 AM    4294055    C:\SDFix
6/22/2008 5:40:12 AM    4294055    C:\SDFix\SDFix
6/22/2008 5:40:12 AM    2418552    C:\SDFix\SDFix\apps
6/22/2008 5:40:15 AM    348896    C:\SDFix\SDFix\apps\Replace
6/22/2008 5:40:16 AM    6880    C:\SDFix\SDFix\apps\Replace\w2k
6/22/2008 5:40:16 AM    7168    C:\SDFix\SDFix\apps\Replace\xp
6/23/2008 6:00:57 AM    0    C:\SDFix\SDFix\backupreg
6/23/2008 6:00:57 AM    35132    C:\SDFix\SDFix\backups
6/22/2008 5:52:19 AM    954421    C:\SDFix\SDFix\backups_old
6/19/2008 5:23:53 AM    608    32    C:\aaw7boot.log
6/24/2008 5:39:33 AM    3191    32    C:\Files.txt
6/23/2008 6:09:49 AM    266391552    38    C:\hiberfil.sys
6/22/2008 5:51:52 AM    82096919    C:\WINDOWS\ERUNT
6/22/2008 5:52:05 AM    41056168    C:\WINDOWS\ERUNT\SDFIX
6/23/2008 6:00:55 AM    4493312    C:\WINDOWS\ERUNT\SDFIX\Users
6/23/2008 6:00:55 AM    4468736    C:\WINDOWS\ERUNT\SDFIX\Users\00000001
6/23/2008 6:00:57 AM    24576    C:\WINDOWS\ERUNT\SDFIX\Users\00000002
6/22/2008 5:51:52 AM    41040751    C:\WINDOWS\ERUNT\SDFIX_First_Run
6/22/2008 5:52:03 AM    4481024    C:\WINDOWS\ERUNT\SDFIX_First_Run\Users
6/22/2008 5:52:03 AM    4456448    C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001
6/22/2008 5:52:05 AM    24576    C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002
6/22/2008 9:00:52 PM    0    32    C:\WINDOWS\0.log
6/19/2008 8:04:48 PM    13425    32    C:\WINDOWS\afuwedipyx.dl
6/19/2008 5:37:34 AM    11105    32    C:\WINDOWS\dity._dl
6/19/2008 8:04:49 PM    16357    32    C:\WINDOWS\elevyso.bin
6/19/2008 8:04:49 PM    12484    32    C:\WINDOWS\elexagahaj.dl
6/19/2008 5:37:36 AM    16493    32    C:\WINDOWS\fowu.dat
6/23/2008 5:19:02 AM    250592    32    C:\WINDOWS\ntbtlog.txt
6/19/2008 8:04:49 PM    18618    32    C:\WINDOWS\pumamasagu.reg
6/22/2008 7:04:34 PM    1409    32    C:\WINDOWS\QTFont.for
6/22/2008 7:04:33 PM    54156    34    C:\WINDOWS\QTFont.qfn
6/19/2008 5:37:35 AM    12004    32    C:\WINDOWS\ryrejaga.inf
6/23/2008 5:46:08 AM    120    32    C:\WINDOWS\setupact.log
6/23/2008 5:46:08 AM    0    32    C:\WINDOWS\setuperr.log
6/19/2008 8:04:48 PM    18136    32    C:\WINDOWS\tyfekaw.dl
6/19/2008 5:37:34 AM    19016    32    C:\WINDOWS\xykiken.pif
6/19/2008 5:37:37 AM    14014    32    C:\WINDOWS\ykel.lib
6/21/2008 7:51:11 AM    315400    C:\WINDOWS\SYSTEM32\NtmsData
6/20/2008 6:12:37 AM    60928    32    C:\WINDOWS\SYSTEM32\blphc5n5j0e1el.scr
6/19/2008 5:37:37 AM    12220    32    C:\WINDOWS\SYSTEM32\gajybarew.bin
6/8/2008 5:52:47 AM    307    32    C:\WINDOWS\SYSTEM32\kkk.txt
6/19/2008 5:37:37 AM    14103    32    C:\WINDOWS\SYSTEM32\licevedu.bat
6/20/2008 6:12:01 AM    90838    32    C:\WINDOWS\SYSTEM32\phc5n5j0e1el.bmp
6/8/2008 5:51:17 AM    57856    32    C:\WINDOWS\SYSTEM32\spoolsv.exe
6/8/2008 5:52:49 AM    308    32    C:\WINDOWS\SYSTEM32\windows.txt

=== Files under "\Administrator\Startup" Last 30 Days======


=== Files under "\All Users\Startup" Last 30 Days======


=== Folders under "\Program Files" Last 30 Days======

6/22/2008 3:19:16 PM    3338846    C:\Program Files\Malwarebytes' Anti-Malware
6/22/2008 3:19:17 PM    246557    C:\Program Files\Malwarebytes' Anti-Malware\Languages
6/21/2008 8:26:28 AM    403715    C:\Program Files\Trend Micro
6/21/2008 8:26:28 AM    403715    C:\Program Files\Trend Micro\HijackThis
6/23/2008 7:22:39 PM    1384    C:\Program Files\Trend Micro\HijackThis\backups

=== Files under "\System32\Drivers" Last 30 Days======

6/22/2008 3:19:17 PM    17144    32    C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
6/22/2008 3:19:17 PM    34296    32    C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys

=== Files under "\User\Local Settings\Temp" Last 30 Days======

6/23/2008 6:48:11 AM    0    32    C:\Documents and Settings\Gustavo\Local Settings\Temp\.tt13.tmp
6/23/2008 6:29:35 AM    0    32    C:\Documents and Settings\Gustavo\Local Settings\Temp\.tt30.tmp
6/23/2008 6:31:49 AM    268    32    C:\Documents and Settings\Gustavo\Local Settings\Temp\AUInst.log
6/23/2008 7:00:16 PM    16384    32    C:\Documents and Settings\Gustavo\Local Settings\Temp\~DF70F5.tmp

=== Files and Folders under "All Users\Application Data" Last 30 Days======

6/22/2008 3:19:18 PM    747649    C:\Documents and Settings\All Users\Application Data\Malwarebytes
6/22/2008 3:19:18 PM    747649    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
6/19/2008 8:04:49 PM    16433    32    C:\Documents and Settings\All Users\Application Data\esir.ban
6/19/2008 5:37:34 AM    12852    32    C:\Documents and Settings\All Users\Application Data\ipes.dll
6/19/2008 5:37:37 AM    11869    32    C:\Documents and Settings\All Users\Application Data\mosepahube.sys
6/19/2008 5:37:35 AM    10600    32    C:\Documents and Settings\All Users\Application Data\muqa._dl
6/19/2008 5:37:34 AM    13270    32    C:\Documents and Settings\All Users\Application Data\nonoje.ban
6/19/2008 5:37:37 AM    18347    32    C:\Documents and Settings\All Users\Application Data\tohacuqiho.inf
6/19/2008 8:04:49 PM    15079    32    C:\Documents and Settings\All Users\Application Data\ygihijab.exe
6/19/2008 8:04:48 PM    12677    32    C:\Documents and Settings\All Users\Application Data\zetufysof.exe
6/19/2008 5:37:36 AM    14581    32    C:\Documents and Settings\All Users\Application Data\zozuvaweko.db

=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\


=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\

 

bamajim

10.4K Posts

June 24th, 2008 11:00

gustav01

I think we have some things hiding from us

1. Go HERE and download File Lister.
  • Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt






Copy and paste the contents of that log in your reply.

You may have to post the results in more than one reply











Microsoft MVP Consumer-Security

 


"The world is what you make of it"




gustav01

10 Posts

June 24th, 2008 11:00

=== Running Processes ======

System Idle Process   [0]  
System   [4]  
smss.exe   [608]   \SystemRoot\System32\smss.exe
csrss.exe   [688]  
winlogon.exe   [712]   winlogon.exe
services.exe   [756]   C:\WINDOWS\system32\services.exe
lsass.exe   [768]   C:\WINDOWS\system32\lsass.exe
svchost.exe   [948]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [1024]  
svchost.exe   [1120]   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   [1168]  
svchost.exe   [1220]  
aawservice.exe   [1592]   "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
explorer.exe   [1656]   C:\WINDOWS\Explorer.EXE
spoolsv.exe   [1844]   C:\WINDOWS\system32\spoolsv.exe
hkcmd.exe   [1916]   "C:\WINDOWS\System32\hkcmd.exe"
BCMSMMSG.exe   [1968]   "C:\WINDOWS\BCMSMMSG.exe"
tfswctrl.exe   [1980]   "C:\WINDOWS\system32\dla\tfswctrl.exe"
DSentry.exe   [2000]   "C:\WINDOWS\System32\DSentry.exe"
PCMService.exe   [2012]   "C:\Program Files\Dell\Media Experience\PCMService.exe"
tgcmd.exe   [220]   "C:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
realsched.exe   [256]   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
vptray.exe   [276]   "C:\Program Files\NavNT\vptray.exe"
apdproxy.exe   [360]   "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
qttask.exe   [368]   "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper.exe   [388]   "C:\Program Files\iTunes\iTunesHelper.exe"
avgas.exe   [500]   "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
guard.exe   [588]   "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
sprtcmd.exe   [596]   "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
E_AICN03.EXE   [424]   "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE" /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
DSAgnt.exe   [628]   "C:\Program Files\DellSupport\DSAgnt.exe" /startup
defwatch.exe   [732]   "C:\Program Files\NavNT\defwatch.exe"
rtvscan.exe   [956]   "C:\Program Files\NavNT\rtvscan.exe"
WZQKPICK.EXE   [1096]   "C:\Program Files\WinZip\WZQKPICK.EXE"
sprtsvc.exe   [1392]   "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /p dellsupportcenter
wdfmgr.exe   [1480]  
ViewpointService.exe   [1572]   "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
wscntfy.exe   [2444]   C:\WINDOWS\system32\wscntfy.exe
ViewMgr.exe   [2552]   "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
iPodService.exe   [3088]   "C:\Program Files\iPod\bin\iPodService.exe"
MSGSYS.EXE   [3204]   MsgSys.EXE
svchost.exe   [3296]   C:\WINDOWS\System32\svchost.exe -k imgsvc
alg.exe   [3716]  
wuauclt.exe   [3932]   "C:\WINDOWS\system32\wuauclt.exe"
iexplore.exe   [3772]   "C:\Program Files\Internet Explorer\iexplore.exe"
wscript.exe   [3868]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Gustavo\Desktop\FileLister.vbe"
wmiprvse.exe   [2516]  
wmiprvse.exe   [2888]  

=== Uninstall List From Registry ======

Adobe Flash Player ActiveX
Adobe Type Manager 4.0
Adobe Download Manager 2.0 (Remove Only)
AVG Anti-Spyware 7.5
BCM V.92 56K Modem
CCleaner (remove only)
Dell Digital Jukebox Driver
EPSON Printer Software
HijackThis 2.0.2
HP FontSmart
iPod for Windows 2006-03-23
iPod Updater 2004-10-20
iPod for Windows 2005-10-12
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
LimeWire 4.9.30
LiveUpdate 1.6 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
MGI PhotoSuite III (Remove Only)
Microsoft .NET Framework 1.1
MioNet
MP3 Wizard
MSN Music Assistant
Intel(R) PRO Network Adapters and Drivers
RealPlayer
SBC Connection Manager
Shockwave
Lernout & Hauspie TruVoice American English TTS Engine
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinZip
Yahoo! Toolbar
Yahoo! Toolbar
Microsoft Office 2000 SR-1 Premium
Microsoft Office 2000 SR-1 Professional
Microsoft Encarta Encyclopedia Standard 2004
Sonic Update Manager
Qualxserve Service Agreement
USB 2.0 IrDA Bridge
Dell Solution Center
Sonic DLA
Power-Tap Link
Microsoft Money 2004
iPod for Windows 2006-03-23
Dell Media Experience
Rhapsody Player Engine
WebFldrs XP
Google Earth
iTunes
Adobe® Photoshop® Album Starter Edition 3.0
QuickTime
iPod Updater 2004-10-20
WordPerfect Office 11
PowerDVD
Dell Networking Guide
Java 2 Runtime Environment, SE v1.4.2
DellSupport
Modem Helper
Jasc Paint Shop Pro 8 Dell Edition
Intel(R) Extreme Graphics Driver
Microsoft Money 2004 System Pack
Help and Support Customization
Sonic RecordNow!
DVDSentry
DS21Patch
Apple Software Update
Intel(R) PROSet
Adobe Reader 6.0.1
Microsoft .NET Framework 2.0 Service Pack 1
Norton AntiVirus Corporate Edition
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
Jasc Paint Shop Photo Album
iPod for Windows 2005-10-12
Ad-Aware 2007
Polar Precision Performance SW 4
Polar ProTrainer
Dell Support Center
Banctec Service Agreement

bamajim

10.4K Posts

June 24th, 2008 12:00

gustav01

1. Please download the Killbox.
  • 1)Save it to the desktop
    2) Rt Click->>Extract all->.Extract it to your Desktop
    3) Double Click Killbox.exe to run it
    4)Select " Delete on Reboot", and then select "All files".
    5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:


    C:\WINDOWS\afuwedipyx.dl
    C:\WINDOWS\dity._dl
    C:\WINDOWS\elevyso.bin
    C:\WINDOWS\elexagahaj.dl
    C:\WINDOWS\fowu.dat
    C:\WINDOWS\pumamasagu.reg
    C:\WINDOWS\ryrejaga.inf
    C:\WINDOWS\tyfekaw.dl
    C:\WINDOWS\xykiken.pif
    C:\WINDOWS\ykel.lib
    C:\WINDOWS\SYSTEM32\blphc5n5j0e1el.scr
    C:\WINDOWS\SYSTEM32\gajybarew.bin
    C:\WINDOWS\SYSTEM32\licevedu.bat
    C:\WINDOWS\SYSTEM32\phc5n5j0e1el.bmp
    C:\Documents and Settings\All Users\Application Data\esir.ban
    C:\Documents and Settings\All Users\Application Data\ipes.dll
    C:\Documents and Settings\All Users\Application Data\mosepahube.sys
    C:\Documents and Settings\All Users\Application Data\muqa._dl
    C:\Documents and Settings\All Users\Application Data\nonoje.ban
    C:\Documents and Settings\All Users\Application Data\tohacuqiho.inf
    C:\Documents and Settings\All Users\Application Data\ygihijab.exe
    C:\Documents and Settings\All Users\Application Data\zetufysof.exe
    C:\Documents and Settings\All Users\Application Data\zozuvaweko.db


    6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
    7) Click the red-and-white " Delete File" button.  Click " Yes" at the Delete on Reboot prompt.











2. Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log







Microsoft MVP Consumer-Security

 


"The world is what you make of it"




gustav01

10 Posts

June 25th, 2008 00:00

Here is the HJT log

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:44 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6074 bytes

bamajim

10.4K Posts

June 25th, 2008 00:00

gustav01

1. Rerun Hijackthis (scan only) and place checks beside the following entry
  • O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log









Microsoft MVP Consumer-Security

 


"The world is what you make of it"




gustav01

10 Posts

June 25th, 2008 01:00

Here is the HJT log

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:05 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6031 bytes

bamajim

10.4K Posts

June 25th, 2008 12:00

gustav01

 

Good work. How's your PC running now?

 



 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"


gustav01

10 Posts

June 25th, 2008 12:00

bamajim,

 

Thank you for your help, my PC is running good now.

what is the best way to prevent this infections?

bamajim

10.4K Posts

June 25th, 2008 12:00

gustav01

You are most welcome

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Disable and Enable System Restore
  • Lets create a clean System Restore point
    the instructions are here

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of
    Java Runtime Environment (JRE) 6.u6.
    Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    Click the " Download" button to the right.
    Check the box that says: " Accept License Agreement".
    The page will refresh.
    Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    Close any programs you may have running - especially your web browser.
    Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.













Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis
  • To a disc or a USB key, not your Hardrive

You may want to read this article" So how did I get infected in the first place" by Tony Klein

surf safe





























Microsoft MVP Consumer-Security

 


"The world is what you make of it"




Was this post helpful?

View All

No Events found!

Top