1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Explorer crushes, Internet Explorer popups and error messages

Discussion in 'Virus & Other Malware Removal' started by lfojupiter, May 10, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. lfojupiter

    lfojupiter Thread Starter

    Joined:
    May 5, 2008
    Messages:
    8
    Hello everyone and thank you for participating in this wonderful site.

    My computer is a Pentium 4, 2.80 GHz, Running Windows XP Proffessional Version 2002 Service Pack 2.


    The problem I'm writing about has been there for about a year. All in all it's the same prolem ever since, but every once in a while some detail changes, like a new error message.
    Every about 5-15 minutes the Start Menu Taskbar and the desktop icons disappear (Explorer crushes). Most of the times they reappear shortly after, but sometimes they don't, and then I use task manager to run explorer and then they reappear. Yet, sometimes the computer stucks altogether, and I have to restart. In addition to that, many popups open when I surfe the web using Internet Explorer. The popup changes every few days, but in between it's always the same one.
    Another point is that while the crushing of explorer can occur anytime, it most often occurs while I open or close Internet Explorer windows.

    Sometimes I get an error message, and as I said, they change from time to time. But still, here are 2:

    rundll32.exe - Application Error

    The instruction at "0x74725956" referenced memory at "0x00a10004". The memory could not be "read".

    Click on ok to terminate program.
    Click on cancel to debug the program.


    Another error message:

    Microsoft Visual C++ Runtime Library


    Buffer overrun detected!

    Program: C:\WINDOWS\explorer.exe

    A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated.




    As I said, the problem first appeared about a year ago. Back than I had a firewall working but had no antivirus. Now I have an antivirus NOD32 installed, and when I run it it finds some problems it can't fix. And it also pops up sometimes about threats that are currently running, and I can choose to terminate or delete them, but it doesn't solve the problem either. Several anti malware programs got similar results.
    I found a post with a similar problem that was solved. Its title is: "Solved: Taskbar and Desktop Icons Gone and Can't Get Rid of Virus' or Malware??? Not sure" by Sweetsherry. But the solution is very specific for that user, and I can't apply it on my computer.

    On that post it seemed important to post the log of HijackThis, so I will also post mine:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:55:56, on 10/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\wincmd - new\TOTALCMD.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Download\Try 2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [BM13378bcf] Rundll32.exe "C:\WINDOWS\system32\ygnjulop.dll",s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [1004b853] rundll32.exe "C:\WINDOWS\system32\ycfadxoo.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Babylon.lnk = C:\Program Files\Babylon\Babylon.exe
    O4 - Global Startup: Total Commander.lnk = C:\Program Files\wincmd - new\TOTALCMD.EXE
    O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
    O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://tango.huji.ac.il/SNX/CSHELL/extender.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CE9CB3DC-42D5-4909-876D-F55CD4D44C0F}: NameServer = 212.150.49.10 62.90.42.110
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 5127 bytes


    And again, thanks a lot for your help.
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)


    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  3. lfojupiter

    lfojupiter Thread Starter

    Joined:
    May 5, 2008
    Messages:
    8
    Thank you for your help.

    Combofix log:

    ComboFix 08-05-09.1 - haim 05/11/2008 13:14:10.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.56 [GMT 3:00]
    Running from: C:\Documents and Settings\haim\Desktop\ComboFix.exe
    * Created a new restore point
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\005EA6F5\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0291C94F\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
    C:\Program Files\MyWay
    C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
    C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT
    C:\Program Files\MyWay\SrchAstt\Cache\001169A4
    C:\Program Files\MyWay\SrchAstt\Cache\003A8D90
    C:\Program Files\MyWay\SrchAstt\Cache\files.ini
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\system32\akhdqkdk.ini
    C:\WINDOWS\system32\alueblmi.ini
    C:\WINDOWS\system32\asbsvwrk.ini
    C:\WINDOWS\system32\birfdytr.dll
    C:\WINDOWS\system32\bkqusnlh.ini
    C:\WINDOWS\system32\bnuxhvop.dll
    C:\WINDOWS\system32\bshvtfaa.ini
    C:\WINDOWS\system32\bxceetew.dll
    C:\WINDOWS\system32\cbadd.ini
    C:\WINDOWS\system32\cbadd.ini2
    C:\WINDOWS\system32\cggtckmd.dll
    C:\WINDOWS\system32\crqpekyv.ini
    C:\WINDOWS\system32\cspyirpv.ini
    C:\WINDOWS\system32\csxvcdmf.dll
    C:\WINDOWS\system32\ddabc.dll
    C:\WINDOWS\system32\dhoxqvia.dll
    C:\WINDOWS\system32\dylwpdhf.ini
    C:\WINDOWS\system32\eabnfnbo.dll
    C:\WINDOWS\system32\efguvmyl.dll
    C:\WINDOWS\system32\ehvbagmq.dll
    C:\WINDOWS\system32\ekoefaqs.ini
    C:\WINDOWS\system32\eqnvpnsg.dll
    C:\WINDOWS\system32\evkssxfy.dll
    C:\WINDOWS\system32\fhdpwlyd.dll
    C:\WINDOWS\system32\fjlsesiw.dll
    C:\WINDOWS\system32\fmbjqmyd.dll
    C:\WINDOWS\system32\fmilpbwx.dll
    C:\WINDOWS\system32\fwhgkqct.ini
    C:\WINDOWS\system32\gamhwkqd.ini
    C:\WINDOWS\system32\ggnrehdg.ini
    C:\WINDOWS\system32\hjwgtuod.dll
    C:\WINDOWS\system32\hwulmdqa.dll
    C:\WINDOWS\system32\idtnjjvv.dll
    C:\WINDOWS\system32\ileorywv.dll
    C:\WINDOWS\system32\imcdjelc.ini
    C:\WINDOWS\system32\imgqoktm.dll
    C:\WINDOWS\system32\jarabifc.dll
    C:\WINDOWS\system32\jgdywwsw.dll
    C:\WINDOWS\system32\kcfvcmsn.dll
    C:\WINDOWS\system32\kispbgnn.dll
    C:\WINDOWS\system32\klmwfedk.dll
    C:\WINDOWS\system32\kmcvsfam.ini
    C:\WINDOWS\system32\kqrqqmux.dll
    C:\WINDOWS\system32\lcosgjth.dll
    C:\WINDOWS\system32\lgneevtr.dll
    C:\WINDOWS\system32\llglaguu.dll
    C:\WINDOWS\system32\lmefukks.ini
    C:\WINDOWS\system32\loxbivmp.ini
    C:\WINDOWS\system32\lwaieuiw.ini
    C:\WINDOWS\system32\lymvugfe.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mljlmftv.ini
    C:\WINDOWS\system32\mpcopgwt.dll
    C:\WINDOWS\system32\mpgwgmjr.ini
    C:\WINDOWS\system32\mpvwwrhb.ini
    C:\WINDOWS\system32\mqnywogs.dll
    C:\WINDOWS\system32\mremcngy.ini
    C:\WINDOWS\system32\mxbdjhys.dll
    C:\WINDOWS\system32\mxkbrrfb.dll
    C:\WINDOWS\system32\ncxnnfsp.dll
    C:\WINDOWS\system32\nngbpsik.ini
    C:\WINDOWS\system32\nrnoqhkm.dll
    C:\WINDOWS\system32\nsmcvfck.ini
    C:\WINDOWS\system32\ohppxlrf.dll
    C:\WINDOWS\system32\ooxdafcy.ini
    C:\WINDOWS\system32\oqdfeikk.dll
    C:\WINDOWS\system32\orucfdsu.ini
    C:\WINDOWS\system32\pgwobdwh.dll
    C:\WINDOWS\system32\pjrxpdgr.dll
    C:\WINDOWS\system32\pknyfdue.dll
    C:\WINDOWS\system32\pqfeinnp.dll
    C:\WINDOWS\system32\ptmjarpv.dll
    C:\WINDOWS\system32\qfqguuan.dll
    C:\WINDOWS\system32\qteadogt.ini
    C:\WINDOWS\system32\qxdiydtc.dll
    C:\WINDOWS\system32\rjrcaqjp.dll
    C:\WINDOWS\system32\shfcdurg.dll
    C:\WINDOWS\system32\shsbulnn.dll
    C:\WINDOWS\system32\sqafeoke.dll
    C:\WINDOWS\system32\tckypwgy.dll
    C:\WINDOWS\system32\tcqkghwf.dll
    C:\WINDOWS\system32\tgodaetq.dll
    C:\WINDOWS\system32\trovjrcn.dll
    C:\WINDOWS\system32\tsafxxbu.dll
    C:\WINDOWS\system32\unxogebw.dll
    C:\WINDOWS\system32\vidhaywt.dll
    C:\WINDOWS\system32\vprajmtp.ini
    C:\WINDOWS\system32\vutyfrja.dll
    C:\WINDOWS\system32\wbegoxnu.ini
    C:\WINDOWS\system32\wbownsul.ini
    C:\WINDOWS\system32\wjwogjgh.dll
    C:\WINDOWS\system32\wnrokqss.dll
    C:\WINDOWS\system32\xwbplimf.ini
    C:\WINDOWS\system32\ycfadxoo.dll
    C:\WINDOWS\system32\ycvffnmf.dll
    C:\WINDOWS\system32\ygncmerm.dll
    C:\WINDOWS\system32\ygnjulop.dll
    C:\WINDOWS\system32\ygwpykct.ini
    C:\WINDOWS\system32\yncbqorw.dll
    C:\WINDOWS\system32\yvkxushe.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-10 22:17 2,112 ----a-w C:\WINDOWS\system32\mkiobrih.exe
    2008-05-09 22:16 2,112 ----a-w C:\WINDOWS\system32\moelrtit.exe
    2008-05-09 22:00 --------- d-----w C:\Program Files\Java
    2008-05-09 21:58 --------- d-----w C:\Program Files\Common Files\Java
    2008-05-08 22:10 2,112 ----a-w C:\WINDOWS\system32\xpqygmmt.exe
    2008-05-07 22:14 2,112 ----a-w C:\WINDOWS\system32\mfpsxpxv.exe
    2008-05-06 22:11 2,112 ----a-w C:\WINDOWS\system32\wpwvwiuh.exe
    2008-05-06 22:08 104,512 ----a-w C:\WINDOWS\system32\nwajfexs.dll
    2008-05-04 22:04 104,512 ----a-w C:\WINDOWS\system32\chftwkff.dll
    2008-04-30 15:59 --------- d-----w C:\Program Files\wincmd - new
    2008-04-26 22:34 --------- d-----w C:\Program Files\Daemon
    2008-04-22 15:28 97,856 ----a-w C:\WINDOWS\system32\ermhyrnp.dll
    2008-04-21 15:27 97,344 ----a-w C:\WINDOWS\system32\lnfbqjeh.dll
    2008-04-20 15:25 96,320 ----a-w C:\WINDOWS\system32\hfbfdnfb.dll
    2008-04-16 23:05 95,808 ----a-w C:\WINDOWS\system32\counkylh.dll
    2008-04-14 18:31 --------- d-----w C:\Program Files\DOSBox-0.72
    2008-04-12 23:04 3,648 ----a-w C:\WINDOWS\system32\jgeuafdu.dll
    2008-04-09 21:50 3,648 ----a-w C:\WINDOWS\system32\yyvnyphl.dll
    2008-04-08 21:26 3,648 ----a-w C:\WINDOWS\system32\ltaupifu.dll
    2008-04-02 21:07 88,128 ----a-w C:\WINDOWS\system32\btivtluc.dll
    2008-03-31 21:05 91,712 ----a-w C:\WINDOWS\system32\rabljsbw.dll
    2008-03-29 21:07 90,176 ----a-w C:\WINDOWS\system32\yrvurfsx.dll
    2008-03-29 21:01 86,592 ----a-w C:\WINDOWS\system32\qvcbnoup.dll
    2008-03-26 18:12 92,736 ----a-w C:\WINDOWS\system32\byvjuyqp.dll
    2008-03-24 21:16 93,248 ----a-w C:\WINDOWS\system32\ryitsqvk.dll
    2008-03-23 21:13 92,736 ----a-w C:\WINDOWS\system32\kryjbpuk.dll
    2008-03-22 21:10 86,592 ----a-w C:\WINDOWS\system32\aydnleix.dll
    2008-03-16 20:50 99,904 ----a-w C:\WINDOWS\system32\ocwbbuuv.dll
    2008-03-12 20:35 93,760 ----a-w C:\WINDOWS\system32\ehjgbrgi.dll
    2008-03-11 20:36 93,248 ----a-w C:\WINDOWS\system32\vykmxiuh.dll
    2008-03-09 20:24 89,664 ----a-w C:\WINDOWS\system32\ivgluiiy.dll
    2008-03-08 20:30 92,224 ----a-w C:\WINDOWS\system32\xnnqggth.dll
    2008-03-05 21:13 96,832 ----a-w C:\WINDOWS\system32\vagjmfoe.dll
    2008-03-05 21:04 91,712 ----a-w C:\WINDOWS\system32\agfxgjpr.dll
    2008-03-03 21:11 95,296 ----a-w C:\WINDOWS\system32\aouglbfu.dll
    2008-03-01 21:00 91,712 ----a-w C:\WINDOWS\system32\cbbgjgqd.dll
    2008-02-28 15:13 91,712 ----a-w C:\WINDOWS\system32\nbdyqhvv.dll
    2008-02-26 20:51 94,784 ----a-w C:\WINDOWS\system32\njwblkmp.dll
    2008-02-20 20:01 94,784 ----a-w C:\WINDOWS\system32\nkkwsbfi.dll
    2008-02-20 19:58 91,712 ----a-w C:\WINDOWS\system32\oylfenuq.dll
    2008-02-19 20:01 89,152 ----a-w C:\WINDOWS\system32\dcguaxmv.dll
    2008-02-18 20:05 93,248 ----a-w C:\WINDOWS\system32\awcbobeo.dll
    2008-02-16 19:58 92,736 ----a-w C:\WINDOWS\system32\vaijuitc.dll
    2008-01-13 18:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2004-10-01 12:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2004-05-21 14:07 47,920 ----a-w C:\Documents and Settings\haim\Application Data\GDIPFONTCACHEV1.DAT
    2004-05-08 08:13 49,152 --sha-w C:\WINDOWS\lbbho.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57ff2ff7-c87f-460d-94f5-b83f0ca00291}]
    C:\WINDOWS\system32\vstmskqi.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
    "PowerBar"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2007 10:24 PM 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM 286720]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01/26/2008 11:47 PM 950664]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
    "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [07/13/2004 04:19 PM 95352]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [08/04/2004 12:56 AM 53760 C:\WINDOWS\system32\narrator.exe]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-12-19 19:34:52 28672]
    Babylon.lnk - C:\Program Files\Babylon\Babylon.exe [2004-11-03 20:38:17 2052173]
    Total Commander.lnk - C:\Program Files\wincmd - new\TOTALCMD.EXE [2008-04-30 18:59:05 1075144]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlkli]
    qomlkli.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSVideo"= ucdvfw.dll
    "VIDC.YV12"= xl_yv12.dll
    "VIDC.XJPG"= camfc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    --a------ 05/13/2007 04:57 PM 5308416 C:\Program Files\eMule\emule.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:eMule
    "4672:UDP"= 4672:UDP:eMule-UDP

    R2 cpextender;Check Point SSL Network Extender;C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [06/10/2007 04:48 PM]
    R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [03/12/2007 04:26 PM]
    S3 DCamUSBPA;PC-Camera (6029);C:\WINDOWS\system32\DRIVERS\snpcp106.sys [05/16/2002 03:38 PM]
    S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [11/29/2001 04:10 PM]
    S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [01/26/2004 08:42 PM]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-11 00:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-11 13:23:05
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    .
    **************************************************************************
    .
    Completion time: 05/11/2008 13:26:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-11 10:26:16

    Pre-Run: 3,925,622,784 bytes free
    Post-Run: 4,238,213,120 bytes free

    265 --- E O F --- 2007-11-19 01:45:16



    HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:28:16, on 11/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\wincmd - new\TOTALCMD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Download\Try 2\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: {19200ac0-f38b-5f49-d064-f78c7ff2ff75} - {57ff2ff7-c87f-460d-94f5-b83f0ca00291} - C:\WINDOWS\system32\vstmskqi.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Babylon.lnk = C:\Program Files\Babylon\Babylon.exe
    O4 - Global Startup: Total Commander.lnk = C:\Program Files\wincmd - new\TOTALCMD.EXE
    O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
    O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://tango.huji.ac.il/SNX/CSHELL/extender.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: qomlkli - qomlkli.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 5645 bytes
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download the attached file CFScript.txt to your Desktop


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this user's computer only!!!!



    =======================================


    Please download ATF Cleaner by Atribune.

    This program is for XP, Windows 2000, and Vista

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click
    • No at the prompt.

    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.



    ========================================


    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
     

    Attached Files:

  5. lfojupiter

    lfojupiter Thread Starter

    Joined:
    May 5, 2008
    Messages:
    8
    Ever since I ran ComboFix, my computer got much much better. Explorer doesn't crash anymore, and I don't get any popups while using Internet Explorer. Is it still necessary to take all the steps you wrote about? Do they carry any risks?

    Thanks a lot for your help.
     
  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Well it may seem good, but there is malware still present on your machine. But, if you feel that its fixed then by all means mark it solved.
     
  7. lfojupiter

    lfojupiter Thread Starter

    Joined:
    May 5, 2008
    Messages:
    8
    I did as you instructed.

    Combofix report:

    ComboFix 08-05-09.1 - haim 05/12/2008 19:08:00.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.57 [GMT 3:00]
    Running from: C:\Documents and Settings\haim\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\haim\Desktop\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Documents and Settings\All Users\Application Data\ezsid.dat
    C:\Program Files\Uninstall_CDS.exe
    C:\WINDOWS\lbbho.dll
    C:\WINDOWS\system32\agfxgjpr.dll
    C:\WINDOWS\system32\aouglbfu.dll
    C:\WINDOWS\system32\awcbobeo.dll
    C:\WINDOWS\system32\aydnleix.dll
    C:\WINDOWS\system32\btivtluc.dll
    C:\WINDOWS\system32\byvjuyqp.dll
    C:\WINDOWS\system32\cbbgjgqd.dll
    C:\WINDOWS\system32\chftwkff.dll
    C:\WINDOWS\system32\counkylh.dll
    C:\WINDOWS\system32\dcguaxmv.dll
    C:\WINDOWS\system32\ehjgbrgi.dll
    C:\WINDOWS\system32\ermhyrnp.dll
    C:\WINDOWS\system32\hfbfdnfb.dll
    C:\WINDOWS\system32\ivgluiiy.dll
    C:\WINDOWS\system32\jgeuafdu.dll
    C:\WINDOWS\system32\kryjbpuk.dll
    C:\WINDOWS\system32\lnfbqjeh.dll
    C:\WINDOWS\system32\ltaupifu.dll
    C:\WINDOWS\system32\mfpsxpxv.exe
    C:\WINDOWS\system32\mkiobrih.exe
    C:\WINDOWS\system32\moelrtit.exe
    C:\WINDOWS\system32\nbdyqhvv.dll
    C:\WINDOWS\system32\njwblkmp.dll
    C:\WINDOWS\system32\nkkwsbfi.dll
    C:\WINDOWS\system32\nwajfexs.dll
    C:\WINDOWS\system32\ocwbbuuv.dll
    C:\WINDOWS\system32\oylfenuq.dll
    C:\WINDOWS\system32\qvcbnoup.dll
    C:\WINDOWS\system32\rabljsbw.dll
    C:\WINDOWS\system32\ryitsqvk.dll
    C:\WINDOWS\system32\vagjmfoe.dll
    C:\WINDOWS\system32\vaijuitc.dll
    C:\WINDOWS\system32\vykmxiuh.dll
    C:\WINDOWS\system32\wpwvwiuh.exe
    C:\WINDOWS\system32\xnnqggth.dll
    C:\WINDOWS\system32\xpqygmmt.exe
    C:\WINDOWS\system32\yrvurfsx.dll
    C:\WINDOWS\system32\yyvnyphl.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\ezsid.dat
    C:\Program Files\Uninstall_CDS.exe
    C:\WINDOWS\lbbho.dll
    C:\WINDOWS\system32\agfxgjpr.dll
    C:\WINDOWS\system32\aouglbfu.dll
    C:\WINDOWS\system32\awcbobeo.dll
    C:\WINDOWS\system32\aydnleix.dll
    C:\WINDOWS\system32\btivtluc.dll
    C:\WINDOWS\system32\byvjuyqp.dll
    C:\WINDOWS\system32\cbbgjgqd.dll
    C:\WINDOWS\system32\chftwkff.dll
    C:\WINDOWS\system32\counkylh.dll
    C:\WINDOWS\system32\dcguaxmv.dll
    C:\WINDOWS\system32\ehjgbrgi.dll
    C:\WINDOWS\system32\ermhyrnp.dll
    C:\WINDOWS\system32\hfbfdnfb.dll
    C:\WINDOWS\system32\ivgluiiy.dll
    C:\WINDOWS\system32\jgeuafdu.dll
    C:\WINDOWS\system32\kryjbpuk.dll
    C:\WINDOWS\system32\lnfbqjeh.dll
    C:\WINDOWS\system32\ltaupifu.dll
    C:\WINDOWS\system32\mfpsxpxv.exe
    C:\WINDOWS\system32\mkiobrih.exe
    C:\WINDOWS\system32\moelrtit.exe
    C:\WINDOWS\system32\nbdyqhvv.dll
    C:\WINDOWS\system32\njwblkmp.dll
    C:\WINDOWS\system32\nkkwsbfi.dll
    C:\WINDOWS\system32\nwajfexs.dll
    C:\WINDOWS\system32\ocwbbuuv.dll
    C:\WINDOWS\system32\oylfenuq.dll
    C:\WINDOWS\system32\qvcbnoup.dll
    C:\WINDOWS\system32\rabljsbw.dll
    C:\WINDOWS\system32\ryitsqvk.dll
    C:\WINDOWS\system32\vagjmfoe.dll
    C:\WINDOWS\system32\vaijuitc.dll
    C:\WINDOWS\system32\vykmxiuh.dll
    C:\WINDOWS\system32\wpwvwiuh.exe
    C:\WINDOWS\system32\xnnqggth.dll
    C:\WINDOWS\system32\xpqygmmt.exe
    C:\WINDOWS\system32\yrvurfsx.dll
    C:\WINDOWS\system32\yyvnyphl.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-09 22:00 --------- d-----w C:\Program Files\Java
    2008-05-09 21:58 --------- d-----w C:\Program Files\Common Files\Java
    2008-04-30 15:59 --------- d-----w C:\Program Files\wincmd - new
    2008-04-26 22:34 --------- d-----w C:\Program Files\Daemon
    2008-04-14 18:31 --------- d-----w C:\Program Files\DOSBox-0.72
    2004-05-21 14:07 47,920 ----a-w C:\Documents and Settings\haim\Application Data\GDIPFONTCACHEV1.DAT
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Program Files\DOSBox-0.72 ----

    08/26/2007 09:33 PM 874 --a------ C:\Program Files\DOSBox-0.72\THANKS.txt
    08/26/2007 09:33 PM 46929 --a------ C:\Program Files\DOSBox-0.72\README.txt
    08/26/2007 09:33 PM 3611 --a------ C:\Program Files\DOSBox-0.72\INSTALL.txt
    08/26/2007 09:33 PM 24551 --a------ C:\Program Files\DOSBox-0.72\NEWS.txt
    08/26/2007 09:33 PM 243 --a------ C:\Program Files\DOSBox-0.72\AUTHORS.txt
    08/26/2007 09:33 PM 18332 --a------ C:\Program Files\DOSBox-0.72\COPYING.txt
    08/26/2007 09:14 PM 3200000 --a------ C:\Program Files\DOSBox-0.72\dosbox.exe
    08/26/2007 09:06 PM 7351 --a------ C:\Program Files\DOSBox-0.72\dosbox.conf
    08/17/2007 08:45 PM 13312 --a------ C:\Program Files\DOSBox-0.72\SDL_net.dll
    08/17/2007 08:44 PM 331776 --a------ C:\Program Files\DOSBox-0.72\SDL.dll
    07/30/2007 11:08 AM 1608 --a------ C:\Program Files\DOSBox-0.72\zmbv\README.txt
    04/14/2008 09:31 PM 35296 --a------ C:\Program Files\DOSBox-0.72\uninstall.exe
    03/02/2007 01:44 PM 94208 --a------ C:\Program Files\DOSBox-0.72\zmbv\zmbv.dll
    03/02/2007 01:04 PM 2103 --a------ C:\Program Files\DOSBox-0.72\zmbv\zmbv.inf

    ---- Directory of C:\Program Files\wincmd - new ----

    11/01/2006 02:44 AM 163 --a------ C:\Program Files\wincmd - new\_patch.bat
    09/14/2007 12:00 AM 977 --a------ C:\Program Files\wincmd - new\DEFAULT.BAR
    09/14/2007 12:00 AM 26 --a------ C:\Program Files\wincmd - new\NO.BAR
    09/14/2007 07:02 AM 9475 --a------ C:\Program Files\wincmd - new\KEYBOARD.TXT
    09/14/2007 07:02 AM 843 --a------ C:\Program Files\wincmd - new\TOTALCMD.EXE.MANIFEST
    09/14/2007 07:02 AM 7888 --a------ C:\Program Files\wincmd - new\CGLPTNT.SYS
    09/14/2007 07:02 AM 77312 --a------ C:\Program Files\wincmd - new\UNACEV2.DLL
    09/14/2007 07:02 AM 7680 --a------ C:\Program Files\wincmd - new\FRERES32.DLL
    09/14/2007 07:02 AM 7259 --a------ C:\Program Files\wincmd - new\CGLPT9X.VXD
    09/14/2007 07:02 AM 67264 --a------ C:\Program Files\wincmd - new\TCMADMIN.EXE
    09/14/2007 07:02 AM 639360 --a------ C:\Program Files\wincmd - new\WCMICONS.DLL
    09/14/2007 07:02 AM 565977 --a------ C:\Program Files\wincmd - new\TOTALCMD.HLP
    09/14/2007 07:02 AM 5111 --a------ C:\Program Files\wincmd - new\LANGUAGE\WCMD_ENG.MNU
    09/14/2007 07:02 AM 43008 --a------ C:\Program Files\wincmd - new\CABRK.DLL
    09/14/2007 07:02 AM 37888 --a------ C:\Program Files\wincmd - new\SFXHEAD.SFX
    09/14/2007 07:02 AM 3516 --a------ C:\Program Files\wincmd - new\REGISTER.RTF
    09/14/2007 07:02 AM 335040 --a------ C:\Program Files\wincmd - new\HISTORY.TXT
    09/14/2007 07:02 AM 33280 --a------ C:\Program Files\wincmd - new\TCUNINST.EXE
    09/14/2007 07:02 AM 3328 --a------ C:\Program Files\wincmd - new\WC32TO16.EXE
    09/14/2007 07:02 AM 2902984 --a------ C:\Program Files\wincmd - new\TOTALCMD.EXE.BAK
    09/14/2007 07:02 AM 2106 --a------ C:\Program Files\wincmd - new\SHARE_NT.EXE
    09/14/2007 07:02 AM 19743 --a------ C:\Program Files\wincmd - new\TOTALCMD.INC
    09/14/2007 07:02 AM 1568 --a------ C:\Program Files\wincmd - new\WCMICONS.INC
    09/14/2007 07:02 AM 136704 --a------ C:\Program Files\wincmd - new\UNRAR.DLL
    09/14/2007 07:02 AM 1214 --a------ C:\Program Files\wincmd - new\descript.ion
    09/14/2007 07:02 AM 1176 --a------ C:\Program Files\wincmd - new\TCUNINST.WUL
    09/14/2007 07:02 AM 106 --a------ C:\Program Files\wincmd - new\WCUNINST.WUL
    09/14/2007 07:02 AM 102400 --a------ C:\Program Files\wincmd - new\TCUNZLIB.DLL
    06/06/2006 05:25 PM 199168 --a------ C:\Program Files\wincmd - new\upx.exe
    04/30/2008 07:03 PM 1024 --a------ C:\Program Files\wincmd - new\wincmd.key
    04/30/2008 07:02 PM 32768 --a------ C:\Program Files\wincmd - new\WCMZIP32.DLL
    04/30/2008 07:02 PM 1075144 --a------ C:\Program Files\wincmd - new\TOTALCMD.EXE
    02/27/2007 01:38 PM 32256 --a------ C:\Program Files\wincmd - new\patch.exe


    ((((((((((((((((((((((((((((( [email protected] 05-11-2008_13.25.52.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-11 10:22:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-11 15:45:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2007-11-19 13:28:30 57,208 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-05-11 19:37:04 57,208 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-19 13:28:30 388,914 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-05-11 19:37:04 388,914 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
    "PowerBar"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2007 10:24 PM 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM 286720]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01/26/2008 11:47 PM 950664]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
    "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [07/13/2004 04:19 PM 95352]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [08/04/2004 12:56 AM 53760 C:\WINDOWS\system32\narrator.exe]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-12-19 19:34:52 28672]
    Babylon.lnk - C:\Program Files\Babylon\Babylon.exe [2004-11-03 20:38:17 2052173]
    Total Commander.lnk - C:\Program Files\wincmd - new\TOTALCMD.EXE [2008-04-30 18:59:05 1075144]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSVideo"= ucdvfw.dll
    "VIDC.YV12"= xl_yv12.dll
    "VIDC.XJPG"= camfc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    --a------ 05/13/2007 04:57 PM 5308416 C:\Program Files\eMule\emule.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:eMule
    "4672:UDP"= 4672:UDP:eMule-UDP

    R2 cpextender;Check Point SSL Network Extender;C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [06/10/2007 04:48 PM]
    R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [03/12/2007 04:26 PM]
    S3 DCamUSBPA;PC-Camera (6029);C:\WINDOWS\system32\DRIVERS\snpcp106.sys [05/16/2002 03:38 PM]
    S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [11/29/2001 04:10 PM]
    S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [01/26/2004 08:42 PM]

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-12 00:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-12 19:10:53
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 05/12/2008 19:11:42
    ComboFix-quarantined-files.txt 2008-05-12 16:11:40

    Pre-Run: 4,320,706,560 bytes free
    Post-Run: 4,341,825,536 bytes free

    238 --- E O F --- 2007-11-19 01:45:16



    MBAM Report:

    Malwarebytes' Anti-Malware 1.12
    Database version: 742

    Scan type: Quick Scan
    Objects scanned: 36348
    Time elapsed: 4 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 5
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.CRT\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\haim\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\haim\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\haim\Application Data\RegistrySmart\Log\2007 Sep 20 - 12_28_21 AM_671.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\haim\Application Data\RegistrySmart\Log\2007 Sep 20 - 12_28_23 AM_750.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.


    Fresh HIjackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:38:55, on 12/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\wincmd - new\TOTALCMD.EXE
    C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Download\Try 2\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Babylon.lnk = C:\Program Files\Babylon\Babylon.exe
    O4 - Global Startup: Total Commander.lnk = C:\Program Files\wincmd - new\TOTALCMD.EXE
    O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
    O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://tango.huji.ac.il/SNX/CSHELL/extender.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 5439 bytes


    And once again, thank you so much for your help.
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Do you know what these folders are??

    DOSBox-0.72




    How is everything running??
     
  9. lfojupiter

    lfojupiter Thread Starter

    Joined:
    May 5, 2008
    Messages:
    8
    DOSBox-0.72 is a freeware that lets you run old DOS programs on windows. As far as I know there shouldn't be any problem with it, but I uninstalled it just to be on the safe side.

    The computer is working much better now, with no internet explorer popups, no explorer crashes and no error messages. Before I took the last actions you instructed there were a few messeges from the anti-virus that it found viruses, but since I ran ATF Cleaner and Malwarebytes Anti-Malware, I didn't get any of those as well, and the computer is just great.
     
  10. lfojupiter

    lfojupiter Thread Starter

    Joined:
    May 5, 2008
    Messages:
    8
    Well, I didn't understand.

    Do you think the problem is solved?
     
  11. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    I was just curious. Since everything is running well, lets finish up.


    Go to Start ---> Run ---> Type ComboFix /u and press Enter .


    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:

    • Download the latest version of Java Runtime Environment (JRE) 6u6.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.




    Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

    To SET A NEW RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    Graphics for doing this are in the following links if you need them.
    How to Create a Restore Point.
    How to use Cleanmgr.

    ======================================

    Here is some useful information on keeping your computer clean:
    1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
    2. Here are two great Preventive programs:
      • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
    3. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
      • Red for Warning
      • Yellow for Use Caution
      • Green for Safe
      • Grey for Unknown

      Here are the link to install SiteAdisor in Internet Explorer and Firefox
    4. Anti-Spyware Programs I Recommend:
      • Free Anti-Spyware Programs
    5. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Explorer crushes
  1. susb8383
    Replies:
    20
    Views:
    802
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/711121

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice