Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis - Help Please


  • Please log in to reply
37 replies to this topic

#1 anjo03

anjo03

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 08:09 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:31 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\svchost.exe
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] C:\WINDOWS\svchost.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 3641 bytes

Need Help ASAP!

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 17 November 2007 - 08:19 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum anjo03 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download/install Avira Antivirus[Free]:
http://www.free-av.com/
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 08:21 AM

sir its me again. anjo03

im in the pc of my cousin.

this pc has many trojans and viruses on it.

i shall be doing the scan,

#4 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 10:07 AM

Avira Anti-Virus
AntiVir PersonalEdition Classic

Report file date: Saturday, November 17, 2007  21:31



Scanning for 932510 virus strains and unwanted programs.



Licensed to:	  Avira AntiVir PersonalEdition Classic

Serial number:	0000149996-ADJIE-0001

Platform:		 Windows XP

Windows version:  (Service Pack 2)  [5.1.2600]

Username:		 SYSTEM

Computer name:	USER-B20F4A8692



Version information:

BUILD.DAT	: 270		   15603 Bytes   9/19/2007 13:32:00

AVSCAN.EXE   : 7.0.6.1	  290856 Bytes   8/23/2007 06:16:30

AVSCAN.DLL   : 7.0.6.0	   49192 Bytes   8/16/2007 05:23:52

LUKE.DLL	 : 7.0.5.3	  147496 Bytes   8/14/2007 08:32:48

LUKERES.DLL  : 7.0.6.1	   10280 Bytes   8/21/2007 05:35:22

ANTIVIR0.VDF : 6.40.0.0	11030528 Bytes   7/18/2007 07:27:16

ANTIVIR1.VDF : 7.0.0.0	 1640448 Bytes   9/13/2007 07:26:56

ANTIVIR2.VDF : 7.0.0.198   1206272 Bytes  11/11/2007 13:30:48

ANTIVIR3.VDF : 7.0.0.226	 98304 Bytes  11/16/2007 13:30:48

AVEWIN32.DLL : 7.6.0.34	3125760 Bytes  11/17/2007 13:30:48

AVWINLL.DLL  : 1.0.0.7	   14376 Bytes   2/26/2007 03:36:28

AVPREF.DLL   : 7.0.2.2	   25640 Bytes   7/18/2007 00:39:18

AVREP.DLL	: 7.0.0.1	  155688 Bytes   4/16/2007 06:16:24

AVPACK32.DLL : 7.3.0.15	 360488 Bytes	8/3/2007 01:46:02

AVREG.DLL	: 7.0.1.6	   30760 Bytes   7/18/2007 00:17:08

AVARKT.DLL   : 1.0.0.20	 278568 Bytes   8/28/2007 05:26:34

AVEVTLOG.DLL : 7.0.0.20	  86056 Bytes   7/18/2007 00:10:20

NETNT.DLL	: 7.0.0.0		7720 Bytes	3/8/2007 04:09:44

RCIMAGE.DLL  : 7.0.1.30	2342952 Bytes	8/7/2007 05:38:14

RCTEXT.DLL   : 7.0.62.0	  86056 Bytes   8/21/2007 05:50:38

SQLITE3.DLL  : 3.3.17.1	 339968 Bytes   7/23/2007 02:37:22



Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:, 

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium



Start of the scan: Saturday, November 17, 2007  21:31



The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

23 processes with 23 modules were scanned



Start scanning boot sectors:

Boot sector 'C:\'

	  [NOTE]	  No virus was found!

Boot sector 'D:\'

	  [NOTE]	  No virus was found!



Starting to scan the registry.

The registry was scanned ( '20' files ).





Starting the file scan:



Begin scan in 'C:\' <DISK1PART01>

C:\pagefile.sys

	  [WARNING]   The file could not be opened!

C:\Documents and Settings\user\Local Settings\Temp\sta3.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\Documents and Settings\user\Local Settings\Temp\s3gk

	  [DETECTION] Is the Trojan horse TR/Drop.IconAds.AB

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085389.exe

	  [DETECTION] Contains detection pattern of the dropper DR/Obfuscated.EN.563

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085409.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085415.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085444.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085445.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085452.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085477.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085478.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085483.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0085506.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0086506.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP113\A0086518.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP114\A0086536.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP114\A0086543.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP114\A0086569.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP114\A0086585.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP114\A0086610.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP115\A0086618.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP115\A0086625.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP116\A0086638.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP116\A0086645.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP116\A0086657.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086681.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086698.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086719.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086720.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086721.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086740.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086746.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086747.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086748.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086749.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

C:\System Volume Information\_restore{1E002DEC-B67F-45C6-87A9-B69A2A427658}\RP117\A0086750.exe

	  [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

	  [INFO]	  The file was deleted!

Begin scan in 'D:\' <DISK1PART02>

D:\ZoneLabs.ZoneAlarm.Security.Suite.v7.0.302.000-ZWT\setup.exe

	  [DETECTION] Is the Trojan horse TR/Drop.Delf.XO

	  [INFO]	  The file was deleted!





End of the scan: Saturday, November 17, 2007  23:03

Used time:  1:31:40 min



The scan has been done completely.



   4040 Scanning directories

 236917 Files were scanned

	 36 viruses and/or unwanted programs were found

	  0 Files were classified as suspicious:

	 36 files were deleted

	  0 files were repaired

	  0 files were moved to quarantine

	  0 files were renamed

	  1 Files cannot be scanned

 236881 Files not concerned

	859 Archives were scanned

	  1 Warnings

	  1 Notes


#5 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 10:14 AM

ComboFix 07-11-08.3 - user 2007-11-17 23:11:39.1 - [color=red][b]FAT32[/b][/color]x86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.304 [GMT 8:00]

Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

 * Created a new restore point

.



(((((((((((((((((((((((((   Files Created from 2007-10-17 to 2007-11-17  )))))))))))))))))))))))))))))))

.



2007-11-17 23:10	51,200	--a------	C:\WINDOWS\NirCmd.exe

2007-11-17 21:26	<DIR>	d--------	C:\Program Files\Avira

2007-11-17 21:26	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Avira

2007-11-17 21:22	<DIR>	d--------	C:\TDdownload

2007-11-17 21:08	<DIR>	d--------	C:\Program Files\Trend Micro

2007-11-17 00:04	74,752	--a------	C:\WINDOWS\system32\gzmrotate.dll

2007-11-12 22:18	76,288	--a------	C:\WINDOWS\system32\_gzmrotate.dll

2007-10-29 14:30	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default

2007-10-29 14:09	<DIR>	d--------	C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar

2007-10-19 21:10	<DIR>	d--------	C:\Program Files\Google

2007-10-19 10:57	<DIR>	d--------	C:\Documents and Settings\user\keel



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-17 12:59	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx

2007-11-17 12:59	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat

2007-11-17 12:59	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-17 12:59	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat

2007-10-08 11:27	---------	d-----w	C:\Program Files\NetGames

2007-10-04 11:31	---------	d-----w	C:\Program Files\AMPED

2007-09-29 14:40	---------	d-----w	C:\Program Files\softnyx

2007-09-29 09:13	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\MailFrontier

2007-09-29 08:50	---------	d-----w	C:\Documents and Settings\user\Application Data\MailFrontier

2007-09-17 08:37	65,536	----a-w	C:\WINDOWS\IFinst27.exe

.



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-17 21:30]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"WinProfile"=sndcfg16.exe



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 nwprovau



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

C:\Program Files\VDOTool\TBPanel.exe /A



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]

C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

SkyTel.EXE



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

sm56hlpr.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]

C:\WINDOWS\VMSnap3.EXE



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinProfile]

sndcfg16.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet



R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys

R3 ZSMC303;A4 TECH PC Camera H;C:\WINDOWS\system32\Drivers\usbVM303.sys

S2 ColdFusion Management Repository;ColdFusion Management Repository Server;"C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14058b24-4569-11dc-aaae-fcd502bfe9e3}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

\Shell\Explore\Command - F:\Desktop.exe

\Shell\Open\Command - F:\Desktop.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe7830e-3ea2-11dc-aa9c-b2e3d03f5208}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

\Shell\Explore\Command - G:\Desktop.exe

\Shell\Open\Command - G:\Desktop.exe



*Newly Created Service* - ANTIVIRSCHEDULER

*Newly Created Service* - ANTIVIRSERVICE

*Newly Created Service* - AVGIO

*Newly Created Service* - AVGNTFLT

*Newly Created Service* - AVIPBB

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-11-15 09:08:02 C:\WINDOWS\Tasks\At1.job"

- C:\Documents and Settings\user\Templates\Brengkolang.com

.

**************************************************************************



catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-17 23:13:10

Windows 5.1.2600 Service Pack 2 FAT NTAPI



scanning hidden processes ... 



scanning hidden autostart entries ...



scanning hidden files ... 



scan completed successfully 

hidden files: 0 



**************************************************************************

.

Completion time: 2007-11-17 23:13:46

.

	--- E O F ---


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 17 November 2007 - 10:57 AM

Click Start/Run,type CMD then press Ok.
At the command prompt copy and paste the following command,then press Enter:
DEL C:\WINDOWS\Tasks\At*.job

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\_gzmrotate.dll
C:\WINDOWS\IFinst27.exe
Folder::
C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default
C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinProfile"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14058b24-4569-11dc-aaae-fcd502bfe9e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe7830e-3ea2-11dc-aa9c-b2e3d03f5208}]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#7 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 01:17 PM

ComboFix 07-11-08.3 - user 2007-11-18  2:02:41.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.304 [GMT 8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\_gzmrotate.dll
C:\WINDOWS\system32\gzmrotate.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default
C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar\selected.xml
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\_gzmrotate.dll
C:\WINDOWS\system32\gzmrotate.dll

.
(((((((((((((((((((((((((   Files Created from 2007-10-17 to 2007-11-17  )))))))))))))))))))))))))))))))
.

2007-11-17 23:10	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-11-17 21:26	<DIR>	d--------	C:\Program Files\Avira
2007-11-17 21:26	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Avira
2007-11-17 21:08	<DIR>	d--------	C:\Program Files\Trend Micro
2007-10-19 21:10	<DIR>	d--------	C:\Program Files\Google
2007-10-19 10:57	<DIR>	d--------	C:\Documents and Settings\user\keel

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 18:04	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-17 18:04	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-17 18:04	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 18:04	32	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-08 11:27	---------	d-----w	C:\Program Files\NetGames
2007-10-04 11:31	---------	d-----w	C:\Program Files\AMPED
2007-09-29 14:40	---------	d-----w	C:\Program Files\softnyx
2007-09-29 09:13	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\MailFrontier
2007-09-29 08:50	---------	d-----w	C:\Documents and Settings\user\Application Data\MailFrontier
.

(((((((((((((((((((((((((((((   snapshot@2007-11-17_23.13.16.28   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 02:57:12	163,328	----a-w	C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-11-17 13:03:00	4,212	---h--w	C:\WINDOWS\system32\zllictbl.dat
+ 2007-11-17 18:08:14	4,212	---h--w	C:\WINDOWS\system32\zllictbl.dat
- 2007-11-17 13:03:52	59,932	----a-w	C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2007-11-17 18:06:12	59,932	----a-w	C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-17 21:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
C:\WINDOWS\VMSnap3.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinProfile]
sndcfg16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys
R3 ZSMC303;A4 TECH PC Camera H;C:\WINDOWS\system32\Drivers\usbVM303.sys
S2 ColdFusion Management Repository;ColdFusion Management Repository Server;"C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam"

*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 02:09:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-18  2:13:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-17 23:13
.
	--- E O F ---

Sir, If you may please can you help me how to change the start-up window and the start menu. cause there is somekind of problem

#8 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 01:31 PM

Here Is The Start Menu Problem.

I'll Take A Pic From The Start-Up Problem I was talking about.

Attached Files

  • Attached File  HJT.JPG   80.98KB   19 downloads


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 17 November 2007 - 05:17 PM

Which version of XP is installed,Home or Professional.
Post the new Hijackthis log as requested above please.
Posted Image
Posted Image

#10 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 06:57 PM

SIR THE VERSION OF MY XP IS PROFESSIONAL..

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 17 November 2007 - 07:29 PM

Post the new Hijackthis log as requested please.
Posted Image
Posted Image

#12 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 17 November 2007 - 11:08 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:12 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] C:\WINDOWS\svchost.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 3431 bytes

Here You Go.

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 18 November 2007 - 04:34 AM

Why have you removed/uninstalled Avira Antivirus[Free],i did'nt ask you to do that,please reinstall it.

After posting you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised.
Doing so can result in system changes which may not show it the log you already posted.
Further, any modifications you make may cause confusion and could complicate any/the malware removal process.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] C:\WINDOWS\svchost.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
Exit Hijackthis.

Please run F-Secure Online Virus Scanner using Internet Explorer:
http://support.f-secure.com/enu/home/ols.shtml
In the opening page read:
1.General
2.System requirements
3.Start your scan,then click on 'Start scanning'.
The 'Internet Explorer-Security Warning' box will pop up,click on 'Install'
Read the Licence Agreement,then click on 'Accept'.
In the next window that opens click on 'Custom Scan'.
Under 'Virus Scan Options',make sure 'Scan whole system' is selected.
Under 'Other Scan Options',make sure the following are selected:
'Scan programs and documents'
'Scan all files'
'Scan whole system for rootkits'
'Scan whole system for spyware'
'Scan inside archives'
'Use advanced heuristics'
Then click on 'Start'.
The 'scanner components and databases' will then be downloaded,this will take some time.
The virus scan will then start automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#14 anjo03

anjo03
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 18 November 2007 - 08:08 AM

sorry for that sir.

i shall do what you command. update the java first?.

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 18 November 2007 - 08:49 AM

Thanks :thumbsup:
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users