Hijack This Log[RESOLVED]

[jslong17]

I've done a full scan with cw shredder, c cleaner, AVG Free, Spy bot S&D, and sys clean as well as HJT I just need some help to see if there any other problems hiding on the drive

Thanks, Joey

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:36:00 AM, on 10/26/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\system32\ps2.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Owner\Desktop\sysclean.com

C:\Documents and Settings\Owner\Desktop\sysclean.exe

E:\Spybot - Search & Destroy\SpybotSD.exe

E:\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

E:\CCleaner\CCleaner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: 0 - {00FE8D32-9AFD-4853-25AC-A0C91F2FD991} - C:\Program Files\MSN Gaming Zone\qudasulu189.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll

O2 - BHO: (no name) - {A9C833ED-A67A-4690-9F27-A59B935A7CDA} - C:\Program Files\Messenger\meroze83122.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R

O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O20 - Winlogon Notify: awttuuv - awttuuv.dll (file missing)

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rtemehdofse.html

[mikex]

An admin will move this post to the Malware section of Besttechie. Once they have you all clean please feel free to post back to the PC Support area for any issues you have that are not malware related.

Mike

[Andro1d]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Step 1

Download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
  
• Double-click on DSS.exe to run it, and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Step 2

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

[jslong17]

Ok, i downloaded the programs and ran them, not having anymore problems, took a few scans but i think i finally got the little buggers.

[jslong17]

Thank you to all who helped me, and sorry i posted on the wrong board the first go around.

[Andro1d]

Could you please post the log just to be sure you are clean.

[jslong17]

I will post the extra.txt log file on request

Deckard's System Scanner v20071014.68

Run by Owner on 2007-11-07 08:01:01

Computer is in Safe Mode.

--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:01:04 AM, on 11/7/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

G:\dss.exe

C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: 0 - {00FE8D32-9AFD-4853-25AC-A0C91F2FD991} - C:\Program Files\MSN Gaming Zone\qudasulu189.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)

O2 - BHO: (no name) - {A9C833ED-A67A-4690-9F27-A59B935A7CDA} - C:\Program Files\Messenger\meroze83122.dll (file missing)

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R

O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\System32\ywtwxcpc.dll",sitypnow

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [iSMModule4] "C:\Program Files\ISM\ISMModule4.exe"

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\ksdsrngl.exe

O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\mwintldt.exe

O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O20 - Winlogon Notify: awttuuv - awttuuv.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--

End of file - 6988 bytes

-- Files created between 2007-10-07 and 2007-11-07 -----------------------------

2007-11-06 08:31:27 0 dr-h----- C:\Documents and Settings\Owner\Recent

2007-11-05 11:21:10 3308 --a------ C:\WINDOWS\System32\tmp.reg

2007-11-02 14:20:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-02 10:35:30 0 d-------- C:\Program Files\Alwil Software

2007-10-30 12:53:08 0 dr-h----- C:\$VAULT$.AVG

2007-10-30 09:57:15 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7

2007-10-30 09:56:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2007-10-30 09:56:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-10-24 10:49:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2007-10-24 07:08:47 0 dr-h----- C:\Documents and Settings\Administrator\Recent

2007-10-22 16:03:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-22 15:59:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2007-10-22 15:59:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust

2007-10-22 15:59:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities

2007-10-22 15:59:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe

2007-10-22 15:59:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood

2007-10-22 15:59:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood

2007-10-22 15:59:34 0 dr------- C:\Documents and Settings\Administrator\My Documents

2007-10-22 15:59:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings

2007-10-22 15:59:34 0 dr------- C:\Documents and Settings\Administrator\Favorites

2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Desktop

2007-10-22 15:59:34 0 d---s---- C:\Documents and Settings\Administrator\Cookies

2007-10-22 15:59:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data

2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS

2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec

2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder

2007-10-22 15:59:33 0 d-------- C:\Documents and Settings\Administrator\WINDOWS

2007-10-22 15:59:33 0 d--h----- C:\Documents and Settings\Administrator\Templates

2007-10-22 15:59:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu

2007-10-22 15:59:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo

2007-10-22 15:59:32 843776 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT

2007-10-18 17:14:56 0 d-------- C:\WINDOWS\pss

-- Find3M Report ---------------------------------------------------------------

2007-11-05 09:09:58 0 d-------- C:\Program Files\support.com

2007-11-02 14:18:53 0 d-------- C:\Program Files\Common Files

2007-11-02 10:50:24 0 d-------- C:\Program Files\Messenger

2007-10-30 12:53:10 0 d-------- C:\Program Files\MSN Gaming Zone

2007-10-03 17:47:03 1499169 --ahs---- C:\WINDOWS\System32\kjkkj.bak2

2007-09-15 23:31:57 0 --a------ C:\WINDOWS\System32\kernel32.exe

2007-09-15 16:48:50 6448 --ahs---- C:\WINDOWS\System32\kjkkj.bak1

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00FE8D32-9AFD-4853-25AC-A0C91F2FD991}]

C:\Program Files\MSN Gaming Zone\qudasulu189.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]

C:\Program Files\ISM\BndDrive4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9C833ED-A67A-4690-9F27-A59B935A7CDA}]

C:\Program Files\Messenger\meroze83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]

"NvCplDaemon"="NvQTwk" []

"nwiz"="nwiz.exe" [05/03/2002 07:06 PM C:\WINDOWS\system32\nwiz.exe]

"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [05/09/2002 01:01 AM]

"DDCM"="C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" [06/08/2002 03:18 AM]

"DDCActiveMenu"="C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [06/08/2002 03:20 AM]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [12/19/2001 01:39 AM]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/15/2002 05:29 AM]

"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 06:39 PM]

"NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [02/27/2002 08:28 PM]

"NAV Agent"="c:\PROGRA~1\NORTON~1\navapw32.exe" [02/27/2002 08:27 PM]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [05/22/2002 01:28 AM]

"checktime"="c:\program files\HPSelect\Frontend\ct.exe" [01/26/2002 03:05 PM]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/25/2004 02:32 PM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/23/2005 11:08 PM]

"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [10/18/2005 02:33 PM]

"SearchIndexer"="C:\WINDOWS\System32\ywtwxcpc.dll" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [10/25/2007 11:20 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/19/2005 07:34 PM]

"ISMModule4"="C:\Program Files\ISM\ISMModule4.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"System"="lsass.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttuuv]

awttuuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\\WINDOWS\\System32\\jkkjk

-- End of Deckard's System Scanner: finished at 2007-11-07 08:01:25 ------------

[Andro1d]

Hi,

I am sorry to say that you are not completly clean, so pleae do the following.

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Step 1

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\System32\ywtwxcpc.dll",sitypnow

O4 - HKCU\..\Run: [iSMModule4] "C:\Program Files\ISM\ISMModule4.exe"

O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\ksdsrngl.exe

O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\mwintldt.exe

O20 - Winlogon Notify: awttuuv - awttuuv.dll (file missing)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please enter Safe Mode by using the Arrow Keys and then hit Enter.

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

ISM

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\ISM

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\ksdsrngl.exe

C:\WINDOWS\system32\mwintldt.exe

C:\WINDOWS\System32\ywtwxcpc.dl

After that, Reboot to Normal Mode.

Step 2

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs: On-Access and On-Demand

On-Access Scanners

As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners

As the name implies, are scanners that only run when you ask them to.

Such as, Online Scans and scanners that run on your machine but are not actively scanning your machine.

You are using three Antivirus Programs: Norton AntiVirus, AVG7, avast!. I would suggest you remove them all, except for AVG7 unless you have a paid subscription for Norton still active.

Step 3

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

Edited November 8, 2007 by MoNsTeReNeRgY22

[jslong17]

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, November 09, 2007 2:41:43 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 9/11/2007

Kaspersky Anti-Virus database records: 455400

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

Scan Statistics:

Total number of scanned objects: 73394

Number of viruses found: 2

Number of infected objects: 5

Number of suspicious objects: 0

Duration of the scan process: 01:19:47

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Owner\triggers.log Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF1652.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\L0000072.FCS Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\hp center\137903\Users\Default\Data\storydb.idx Object is locked skipped

C:\RECYCLER\S-1-5-21-1493418154-1974565712-2106517767-1003\Dc1.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{8E904BF0-20C9-4C3E-84AB-44454AF01CF8}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_468.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Andro1d]

Nice job your log looks clean!

How is it running?

Please use the following suggestion to help prevent reinfection.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
  

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

• Click Start, Settings, Control Panel
  
• Double-click the System icon
  
• Click the Performance tab, File System, Troubleshooting tab
  
• Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  
• Then uncheck "Turn off System Restore" which will create a new System Restore point
  
• Click OK
  

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.

DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing

[jslong17]

Thank you, you have been a tremendous help, I am updating everything now, and it is still running smoothly, (I know not to run more than one AV but I had to run both to get many viruses off this system, every time i used a new program i would find 5 to 10 more viruses. Thank you for your help again

[Andro1d]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.