Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Check Logfile


  • This topic is locked This topic is locked
7 replies to this topic

#1 smokenque

smokenque

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 18 November 2006 - 01:33 PM

My computer seems to be running slower than recent past while on internet.
I've checked using a speedometer at my provider and it seems OK there.
I've run Ad-Aware SE, Spybot and Ewido anti spyware software as well as AVG antivirus.
I've run Defrag and CCleaner as well as emptying trash.

Here is a copy of my log.. any help appreciated

A few lines from the bottom I see this entry (file missing) and don't know if it has any effect on the slowness or other issues.
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Logfile of HijackThis v1.99.1
Scan saved at 10:05:46 AM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\BILLSP~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/forgotPassword.a...e=true&RW=1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://local.live.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

BC AdBot (Login to Remove)

 


m

#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:25 AM

Posted 25 November 2006 - 04:43 PM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:25 AM

Posted 27 November 2006 - 03:06 PM

A few lines from the bottom I see this entry (file missing) and don't know if it has any effect on the slowness or other issues.
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

This is added by SpySweeper and it is likely that this file is missing, If you have removed SpySweeper, it can be fixed.

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

HijackThis is an analysis AND a repair tool. When you fix something in HijackThis, you are deleting a bad entry in the Windows Registry. In case of a mistake being made, there is a reversal for line entry deletions. HijackThis creates a new file which is a backup log of changes and you can reverse the line entry deletion. BUT...HijackThis needs a safe folder to keep these critical backup logs and a temp folder is definitely not safe as you might run Disk Cleanup and delete them.

Please place HijackThis into ITS OWN PERMANANT FOLDER.
  • You can do this by going to My Computer (Windows key+e).
  • Double click on C:
  • If the folder is hidden, click on show the contents of this folder.
  • Right-click on a blank space in the right column and select New > Folder
  • Name it HJT (C:\HJT\HijackThis.exe
  • Move HijackThis.exe into this folder.
  • When you run HijackThis is an analysis AND a repair tool. When you fix something in HijackThis, you are deleting a bad entry in the Windows Registry. In case of a mistake being made, there is a reversal for line entry deletions. HijackThis creates a new file which is a backup log of changes and you can reverse the line entry deletion. BUT...HijackThis needs a safe folder to keep these critical backup logs and a temp folder is definitely not safe as you might run Disk Cleanup and delete them. from the C:\HJT folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary.
If needed, here are two tutorials, HijackThis Folder Tutorial and How to Download, Extract and Run HijackThis.

Step 2

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
  • Download the latest Java Runtime Environment
    • Scroll down to where it says The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
    • Click the Download button to the right.
    • Check the box that says: Accept License Agreement.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • On your desktop, double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Step 3

Your HijackThis log is small. If you haven't done any of the following, please tell me in your next reply. If you have done any of the following, please follow the directions to correct the procedure and then post a new HijackThis log.
  • Have you already "fixed stuff" using HijackThis? If so, please restore all the backups and then post another log. Please do not do anything else until you get further instructions.
  • Have you used the following button in HJT: "Add checked to ignorelist" ?
    Such items would no longer appear in the HJT log ("ignored when scanning for hijacks") as they can only be viewed in Configuration>Ignorelist (button) unless you select the "Delete all" button for the Ignore list. Please start HijackThis in this method instead: hijackthis.exe /ihatewhitelists
  • Did you run the HijackThis scan in Safe Mode?
    Safe Mode starts Windows using only basic files and drivers (mouse, except serial mice; monitor; keyboard; mass storage; base video; default system services; and no network connections). If your computer does not start successfully using Safe Mode, you might need to use the Recovery Console feature to repair your system. Safe Mode loads a version of Windows that bypasses all but the most basic drivers and will not run any additional software. Windows XP Safe Mode provides you with a basic graphics driver (enough to display the user interface), access to your drives and windows configuration, and very little else. Safe Mode does not load auto loading software (browser hijackers for example) or device drivers. Malware may be hiding on your computer but scanning with HijackThis in Safe Mode will fail to show it. We need to be able to see everything that is loading in Normal Mode to detect the malware.
  • Are you using Selective Startup?
    This means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to enable those startup entries by doing the following:
    Please go to:
  • Start > Run, and type: MSConfig . Press Enter
  • In the General tab, Startup Selection, choose: Normal Startup-load all device drivers and services
  • Press OK until you are out of the program.
  • Reboot and post a new HijackThis log.
Step 4

Please download Ad-Aware SE.
Please check this link, Using Ad-Aware To Remove Spyware From Your Computer for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 5

To help prevent further infection, please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Step 6

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please download and install AVG Anti-Spyware (formerly Ewido).
  • Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security:
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
    • Wait until you see the Update successful message.
  • Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware..
  • Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Scan With AVG Anti-Spyware
  • Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you don’t know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
  • Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All boxes should be checked.
      • Under Possibly unwanted software:
        • All boxes should be checked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in Normal Mode.
Step 7

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, please write down the filenames and locations and post that in your reply.

Step 8

Please download the ATF-Cleaner.
ATF-Cleaner features include:
  • Cleaning of all user temp folders, (only the administrator can use this feature.)
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. (You have the option of checking no if you want to save your passwords)
  • For Firefox or Opera
    • Click Firefox or Opera at the top and choose: Select All.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  • If needed, please see this tutorial, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 9

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Do not worry if they are not there:

ewido anti-spyware 4.0

Now we will address the HijackThis fixes.

Please run HijackThis and click [b[Scan[/b] Place checks next to the following entries (make sure not to miss any):

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. This is the item to fix in HijackThis:

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

ISUSPM Startup ISUSPM.exe ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

If you did not add the listed domain to the Trusted Zones yourself, have HijackThis fix it.

O15 - Trusted Zone: http://local.live.com

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 10

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 11

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 smokenque

smokenque
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 27 November 2006 - 08:24 PM

Thank you VERY much for this most complete reply.
1. Complete
2. Partially complete.. have questions. When I deleted everything in the Control Panel | Add or Delete Programs, I found only two entries After deleting them and rebooting the computer, there is still a Java icon on the Control Panel page. When I click on that, I get a popup that says "System Cannot find the Registry Key"
When I do a search for JAVA there are many entries still on the computer.. maybe they should be there.. I don't know. Unfortunately, I can only copy the file/folder names.. bot where they are located. Now, it appears, that I get the ability to copy them.. but can't seem to past them here into the message.

However, I think I should wait for an answer before proceeding based on this and the following...

Some are:
Folder- Java C:\Docs n Sett\Bill\App Data\Sun
Folder- JavaScripts " " " \ Adobe\Acrobat\7.0
Folder- javaws " " " \Sun\Java\ Deployment
File- adcjavas C:\i386
File- adojavas "
Installer- Java 2 Runtime Environmnt, SE v1.4.2_03 C:\i386
File- java C:\i386
File- javaw "
Folder- java C:\Windows
? Java Runtime Env 1.4.0 C:Windows\Downloaded Program Files
? " "
File? javaw.exe.1BE6A5E8.PF C: Windows\prefetch
File? javaws.exe-1C0E2667.pf "
Folder Java C:\Windows\Sun
File java C:\Windows\Sys32
Fild javaw "
File npDSJavaPeer.class NPDS
Folder Javascripts C:\Program Files\Adobe\Acrobat 7.0\Reader
File adojavas " \system\ado
File adcjavas " " \msadc
Folder Javascript " \Musicmatch\etc
File npDSJavaPeer.Class NPDS
File java.dll C:\ProgFiles\Quickbooks
File jave "
may more quickbooks files


Regarding further steps,
3, I haven't fixed stuff w/HJT yet, nor have I run it in safe mode, etc.
4. Already have Ad-Aware SE installed and use it every day.
5. I don't have SpywareBlaster yet.. but will get it.. I do have Spybot S&D and Ewido installed and use them every couple of days routinely.

That's all for the moment.. Again, thank you.

Edited by smokenque, 27 November 2006 - 08:46 PM.


#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:25 AM

Posted 28 November 2006 - 03:29 PM

After you fix the entries with HijackThis, some of those files will be gone. When you download the new version of Java Runtime Environment, you will have them or something like them again.

Don't worry about those files. Just do the fixes. This is a brief description of JavaScript and Java Runtime Environment. JavaScript is the scripting language of the Web. JavaScript is used in millions of Web pages to improve the design, validate forms, detect browsers, create cookies, and much more. The Java Runtime Environment (JRE) allows end-users to run Java applications.

All you need to do is uninstall the old Java Runtime Environment using the Add/Remove Programs. (Start > Control Panel > Add/Remove Programs > old version(s) of Java Runtime Environment > Remove)
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 smokenque

smokenque
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 29 November 2006 - 10:28 PM

Suebaby, I'm sorry to be so dense.. but, I don't want to do something wrong.

You mention above.. "After you fix the entries with HijackThis, some of those files will be gone"

I'm not sure what to "fix" with HJT. I deleted Java as you mentioned.. however, I don't know what boxes to check to fix with HJT. I believe the instructions say for me to wait until you or someone tells me what boxes to check.

Edited by smokenque, 29 November 2006 - 10:30 PM.


#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:25 AM

Posted 30 November 2006 - 12:02 PM

Sorry. I was not clear in my last reply. I understand that you want to be careful and I appreciate your asking questions. It helps me to be aware of communication problems that we all have at some time.

I'm not sure what to "fix" with HJT. I deleted Java as you mentioned.. however, I don't know what boxes to check to fix with HJT. I believe the instructions say for me to wait until you or someone tells me what boxes to check.

I gave you instructions on the HijackThis fixes in Step 9 in my post: posted Nov 27 2006, 03:06 PM. Scan with HijackThis and put a check mark by the entries I listed in Step 9.

Complete all the steps in my post: posted Nov 27 2006, 03:06 PM.

Other programs use java files so you do not have anything to worry about. When you removed the old Java Runtime Environment and installed the newest version, some of the files will be gone or replaced. I did not see any of the files you listed as being malware.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:25 AM

Posted 01 January 2007 - 11:49 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users