Tech Support Forum - View Single Post

suebaby41 · 04-25-2007, 11:20 AM

Step 1

I noticed that you have some programs that need to be updated.

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer after all Java components are removed.

Please download the latest Java Runtime Environment.

Scroll down to where it says Java Runtime Environment (JRE) 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Click the Download button to the right.
Check the box that says: Accept License Agreement.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
On your desktop, double-click on jre-6-windows-i586.exe to install the newest version.

After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page.

Step 2

Your "Adobe Reader" is out of date.
You may want to download the latest version,
Adobe® Reader® 8.

Step 3

Please place HijackThis into ITS OWN PERMANANT FOLDER.

You can do this by going to My Computer (Windows key+e).
Double click on C:
If the folder is hidden, click on show the contents of this folder.
Right-click on a blank space in the right column and select New > Folder
Name it HJT (C:\HJT\HijackThis.exe
Move HijackThis.exe into this folder.
When you run HijackThis.exe from the [color=dark red]"C:\HJT"[/color] folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary.

If needed, here are two tutorials, HijackThis Folder Tutorial and How to Download, Extract and Run HijackThis.

Step 4

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 5

Please download Spybot-S&D.
Please check this link, Using Spybot- Search and Destroy To Remove Spyware From Your Computer, for instructions on how to download, install and use Spybot-S&D. Run this program as soon as possible.

Step 6

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please download and install AVG Anti-Spyware (formerly Ewido).

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security:
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
- Wait until you see the Update successful message.
Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware..
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Scan With AVG Anti-Spyware. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process.

Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you don’t know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
  - Under How to act?
    - Click on Recommended Action and choose Quarantine from the popup menu.
  - Under How to scan?
    - All boxes should be checked.
  - Under Possibly unwanted software:
    - All boxes should be checked.
  - Under Reports:
    - Select Automatically generate report after every scan and uncheck Only if threats were found.
  - Under What to scan?
    - Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Step 7

The ATF-Cleaner program is for XP and Windows 2000 only.[/b]
ATF-Cleaner features include:

Cleaning of all user temp folders, administrator only can use this feature.
Cleaning of the Java cache, which seems to be harboring more and more malware.
Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.

Please download the ATF-Cleaner by Atribune.
Instructions:

Double-click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Prefetch (Windows XP) only
- Java Cache
The rest are optional - if you want to remove them all, check Select All.
Click the Empty Selected button.
When you get the Done Cleaning message, click OK.

If you use the Firefox browser:

Click Firefox at the top and choose: Select All.
Click the Empty Selected button.
When you get the Done Cleaning message, click OK.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser:

Click Opera at the top and choose: Select All.
Click the Empty Selected button.
When you get the Done Cleaning message, click OK.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 8

Please disconnect from the Internet. Please close ALL browser windows (including this one).

We need to disable your Spyware Doctor as it may interfere with the fixes that we need to make.

If there is an OnGuard icon in the lower right task bar, right click on the icon and disable OnGuard or from within the program, Spyware Doctor, click the OnGuard button on the left side and uncheck Activate OnGuard .
Leave OnGuard inactivated or disabled until your computer is clean.

Be sure to activate OnGuard when your computer is clean.

We need to disable your SpywareGuard as it may interfere with the fixes that we need to make.

Open SpywareGuard
Click on Menu
Click on File
Exit.

Don't forget to re-start SpywareGuard when your machine is clean.

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

O16 - DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} (MinWebLauncher Control) - http://www.playran.com/game/MinWebLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - http://www.gamengame.com/KALogoutComponent.cab

These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

DLACTRLW.EXE (Sonic CD/DVD burning applications) process can be removed to free up resources without compromising system performance. Related to Sonic CD/DVD burning applications. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself. Item(s) to fix in HijackThis:

O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

There is a small program that will prevent QuickTime from resetting itself.
Please download Engraph-QuickTime-Killer This is a free utility from EnGraph software. For more information about EnGraph, go to www.engraph.com. This application is intended for people that use or consume Sprint Video Mail, as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me. This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime.

steam.exe (GameSpy Steam; Half-Life Valve Game) process can be removed to free up resources without compromising system performance. steam.exe is a utility used to test patches for the Half-Life Valve game. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent

bittorrent.exe (BitTorrent, Inc) process can be removed to free up resources without compromising system performance. bittorrent.exe is a process from BitTorrent, Inc.. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

If you did not add the listed domain to the Trusted Zones yourself, have HijackThis fix it.

O15 - Trusted Zone: *.myspace.com

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 9

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 10

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.

04-25-2007, 11:20 AM	#8 (permalink)
suebaby41 Registered User Join Date: Nov 2004 Posts: 159 OS: WINXP	Re: ATi Fake driver Step 1 I noticed that you have some programs that need to be updated. Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove the older versions of Java Runtime Environment.. Close any programs you may have running, ESPECIALLY your web browser Click Start > Control Panel. Click Add/Remove Programs. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove all versions of Java. Reboot your computer after all Java components are removed. Please download the latest Java Runtime Environment. Scroll down to where it says Java Runtime Environment (JRE) 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Click the Download button to the right. Check the box that says: Accept License Agreement. The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. On your desktop, double-click on jre-6-windows-i586.exe to install the newest version. After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page. Step 2 Your "Adobe Reader" is out of date. You may want to download the latest version, Adobe® Reader® 8. Step 3 Please place HijackThis into ITS OWN PERMANANT FOLDER. You can do this by going to My Computer (Windows key+e). Double click on C: If the folder is hidden, click on show the contents of this folder. Right-click on a blank space in the right column and select New > Folder Name it HJT (C:\HJT\HijackThis.exe Move HijackThis.exe into this folder. When you run HijackThis.exe from the [color=dark red]"C:\HJT"[/color] folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary. If needed, here are two tutorials, HijackThis Folder Tutorial and How to Download, Extract and Run HijackThis. Step 4 You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Step 5 Please download Spybot-S&D. Please check this link, Using Spybot- Search and Destroy To Remove Spyware From Your Computer, for instructions on how to download, install and use Spybot-S&D. Run this program as soon as possible. Step 6 Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode. Please download and install AVG Anti-Spyware (formerly Ewido). Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security: Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active Internet connection to perform this) Wait until you see the Update successful message. Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware.. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Scan With AVG Anti-Spyware. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process. Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you don’t know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. Under How to scan? All boxes should be checked. Under Possibly unwanted software: All boxes should be checked. Under Reports: Select Automatically generate report after every scan and uncheck Only if threats were found. Under What to scan? Select Scan every file. Click on the Scan tab. Click on Complete System Scan to start the scan process. Let the program scan the machine. When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot in Normal Mode. Step 7 The ATF-Cleaner program is for XP and Windows 2000 only.[/b] ATF-Cleaner features include: Cleaning of all user temp folders, administrator only can use this feature. Cleaning of the Java cache, which seems to be harboring more and more malware. Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords. Please download the ATF-Cleaner by Atribune. Instructions: Double-click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch (Windows XP) only Java Cache The rest are optional - if you want to remove them all, check Select All. Click the Empty Selected button. When you get the Done Cleaning message, click OK. If you use the Firefox browser: Click Firefox at the top and choose: Select All. Click the Empty Selected button. When you get the Done Cleaning message, click OK. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use the Opera browser: Click Opera at the top and choose: Select All. Click the Empty Selected button. When you get the Done Cleaning message, click OK. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. If needed, Tutorial on ATF Cleaner with pictures. Do not run it yet. Step 8 Please disconnect from the Internet. Please close ALL browser windows (including this one). We need to disable your Spyware Doctor as it may interfere with the fixes that we need to make. If there is an OnGuard icon in the lower right task bar, right click on the icon and disable OnGuard or from within the program, Spyware Doctor, click the OnGuard button on the left side and uncheck Activate OnGuard . Leave OnGuard inactivated or disabled until your computer is clean. Be sure to activate OnGuard when your computer is clean. We need to disable your SpywareGuard as it may interfere with the fixes that we need to make. Open SpywareGuard Click on Menu Click on File Exit. Don't forget to re-start SpywareGuard when your machine is clean. Now we will address the HijackThis fixes. Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any): O16 - DPF: {5FFFA267-0B81-42B4-BE64-77B5C9FE287F} (MinWebLauncher Control) - http://www.playran.com/game/MinWebLauncher.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - http://www.gamengame.com/KALogoutComponent.cab These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries. DLACTRLW.EXE (Sonic CD/DVD burning applications) process can be removed to free up resources without compromising system performance. Related to Sonic CD/DVD burning applications. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis: O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself. Item(s) to fix in HijackThis: O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime There is a small program that will prevent QuickTime from resetting itself. Please download Engraph-QuickTime-Killer This is a free utility from EnGraph software. For more information about EnGraph, go to www.engraph.com. This application is intended for people that use or consume Sprint Video Mail, as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me. This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime. steam.exe (GameSpy Steam; Half-Life Valve Game) process can be removed to free up resources without compromising system performance. steam.exe is a utility used to test patches for the Half-Life Valve game. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis: O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent bittorrent.exe (BitTorrent, Inc) process can be removed to free up resources without compromising system performance. bittorrent.exe is a process from BitTorrent, Inc.. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis: O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized If you did not add the listed domain to the Trusted Zones yourself, have HijackThis fix it. *O15 - Trusted Zone: .myspace.com Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked. Step 9 Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer. Step 10 Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan. Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans. Please advise me of any problems you still have. __________________ You don't stop laughing when you get old; you get old when you stop laughing.**