"WhenU" Malware - please help me![moved from xp] - Page 2

tetonbob · 05-21-2008, 11:11 PM

Quote:

Double click on the zip folder, then double click on the reg file within. Click yes to allow it to merge into your registry.

tetonbob · 05-21-2008, 11:13 PM

Hi, by editing your posts, I'll not be notified of new information or questions.

Please try to wait for my reply after you've asked one.

Thanks.

Next, I'd like a new HijackThis log, as previously requested.

lennonforever · 05-21-2008, 11:31 PM

I supposed that you wanted me to proceddd so here is the HIjackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:52 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: My Little Pony Registration.lnk = E:\ATR1.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145818117640
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10024 bytes

Thank you for being so patient with me. Now waht should I do, Bob?

tetonbob · 05-21-2008, 11:45 PM

Let's see if WhenU is gone from your Add or Remove Programs list once and for all.

Create an uninstall list:

Open HiJackThis
Click on the button " Open the Misc Tools section"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

lennonforever · 05-22-2008, 12:10 AM

Oh my word, Bob! I really think it's gone! Is it gone?

Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player 11
ArcSoft Picture Software
Barbie(TM) as Rapunzel
Barbie® As Sleeping Beauty
ccCommon
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hamtaro Wake Up Snoozer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp deskjet 3600
HP Deskjet printer preloaded drivers
HP Digital Imaging Album Printing 1.0
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.2 - Photosmart Cameras
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart printers preloaded drivers
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
Internet Worm Protection
InterVideo WinDVD Player
Java(TM) 6 Update 3
Java(TM) 6 Update 5
KBD
Kelly Club(TM) Pet Parade(TM) CD-ROM
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Mad About Cats
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.14)
MUSICMATCH® Jukebox
My Little Pony
NAVShortcut
Netflix Movie Viewer
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
OmniPass
Panda ActiveScan 2.0
PC-Doctor for Windows
PlayLinc
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealPlayer
RecordNow
S3Display
S3Gamma2
S3Info2
S3Overlay
Scooby-Doo(TM), Case File #2 The Scary Stone Dragon
Scooby-Doo(TM), Jinx At The Sphinx(TM)
Scooby-Doo(TM), Showdown in Ghost Town(TM)
Screensavers Installer Version 3
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
Smart Link 56K Voice Modem
Sonic Update Manager
SpamSubtract
SPBBC
SpywareBlaster 4.0
Symantec
Symantec KB-DocID:2003093015493306
toolkit
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP
Verizon Online Help and Support
Verizon Servicepoint 1.5.12
Viewpoint Media Player (Remove Only)
Weblink
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WordPerfect Productivity Pack
WordPerfect Productivity Pack

lennonforever · 05-22-2008, 12:18 AM

I am so exhausted, Bob. I am retiring for the night, er, I mean the morning.

tetonbob · 05-22-2008, 12:25 AM

Good job! It's gone.

LOL, me too..........these next steps you can do at your leisure.

We should take care of a couple more things...

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- In your case, it is:
- Java(TM) 6 Update 3
- Java(TM) 6 Update 5
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Other than that...............

Your logs appear clean.You should be good to go. We still have a few items to address.

C:\Deckard is DSS working folder. You can safely delete it. Also delete dss.exe and any other tools or logs from tools we used.

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache in a little while.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Clear & Reset System Restore's Cache

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
PC Safety and Security--What Do I Need?
Think Prevention!

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

lennonforever · 05-22-2008, 06:49 PM

Bob, your expertise is so greatly appreciated! Your patience and spot-on precise instructions were so fantastic. I really , really appreciate all you have done.

I am now going to proceed with the instructions you now have given me.
I will post again, after that, becasue I have a few last questions concerning maintenance and disposition of the items I downloaded for the 5-step removal process.
Thank you ever so much ,lennonf

lennonforever · 05-22-2008, 09:35 PM

Bob , this is the Secunia Scan as suggested by your last post. I dont understand this,

Why is it saying I should install the same Adobe application over and over again? Or is it?

Please advise me as to what to do, thank you

Home Corporate Website Jobs Mailing Lists RSS Blog Advertise

Software Inspectors

Scan Online

Personal (PSI)

Network (NSI 2.0)

Solutions For

Security Professionals

Security Vendors

Free Solutions For

Open Communities

Journalists & Media

Secunia Advisories

Search

Historic Advisories

Listed By Product

Listed By Vendor

Statistics / Graphs

Secunia Research

Report Vulnerability

About Advisories

Virus Information

Chronological List

Last 10 Virus Alerts

About Virus Information

Secunia Customers

Customer Area

Secunia: Online Software Inspector
The Secunia Online Software Inspector will inspect your operating system and software for insecure versions and missing security updates. A default inspection normally lasts 5-40 seconds, while a thorough inspection may take several minutes. Note: If you have anti-virus software or similar enabled, an inspection may increase significantly in duration.
Detection Statistics:

19 Applications Detected in Total
12 Insecure Versions Detected
7 Secure Versions Detected

Running For:
26 Minutes, 13 Seconds

Errors Detected:
0 Errors Detected
Enable thorough system inspection
Enable the Secunia Online Software Inspector to search for software installed in non-default locations.

Did you find this scan useful?
Then you might find it even more useful to run our powerful installable programs, capable of conducting very thorough and indepth scans.
Personal Edition (free) | Business Edition

Status / Currently Processing:

Detection completed successfully

Applications / Result Version Detected Status
Microsoft Windows XP Home Edition Service Pack 2

Adobe Reader 8.x 8.1.1.20
This installation of Adobe Reader 8.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 8.1.1.20, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 8.1.2.0.

Update Instructions:
Update to Adobe Reader 8.1.2.0 or later.
http://www.adobe.com/products/acrobat/readstep2.html

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28802 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
Apple QuickTime 7.x 7.2.0.240
This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.2.0.240, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 7.4.5.0.

Update Instructions:
Update to version 7.4.5.0 or later.
http://www.apple.com/quicktime/download/

NOTE: This version is not supported on Windows 2000.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA29650 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\QuickTime\QuickTimePlayer.exe
Microsoft Internet Explorer 7.x 7.0.6000.16640

Microsoft Outlook Express 6 6.00.2900.2180

Microsoft Windows Media Player 9.x 9.00.00.3250

Mozilla Firefox 2.0.x 2.0.0.14

Adobe Flash Player 9.x 9.0.115.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.115.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9e.ocx
Adobe Flash Player 9.x 9.0.47.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
Adobe Flash Player 9.x 9.0.47.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
Adobe Flash Player 9.x 9.0.115.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.115.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9e.ocx
Adobe Flash Player 9.x 9.0.47.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
Adobe Flash Player 9.x 9.0.47.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
Sun Java JRE 1.6.x / 6.x 6.0.60.2

Apple QuickTime 7.x 7.2.0.240
This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.2.0.240, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 7.4.5.0.

Update Instructions:
Update to version 7.4.5.0 or later.
http://www.apple.com/quicktime/download/

NOTE: This version is not supported on Windows 2000.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA29650 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\WINDOWS\system32\QuickTime.qts
Macromedia Flash Player 5.x 5.0.42.0
This installation of Macromedia Flash Player 5.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 5.0.42.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Setup\Swflash.ocx
Macromedia Flash Player 5.x 5.0.42.0
This installation of Macromedia Flash Player 5.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 5.0.42.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Swflash.ocx
Macromedia Flash Player 6.x 6.0.47.8
This installation of Macromedia Flash Player 6.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 6.0.47.8, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 6.0.88.0.

Update Instructions:
Update to version 6.0.88.0 or 9.0.47.0.
http://www.macromedia.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA22467 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Program Files\Common Files\AOL\Flasha.ocx
Sun Java JRE 1.6.x / 6.x 6.0.60.2

Recommend It!

Tell a Friend

Website Buttons

View/Include Statistics

Referral Programme:

Introduction

Sign Up

Submit To:
Digg.com

Del.icio.us

Slashdot

Software Inspectors

Scan Online

Personal (PSI)

Network (NSI 2.0)

Other

FAQ / Help

Reminder Service

Send Feedback

About Secunia
Software Inspector

Return to Start

TIP!
Generate unique content for your website. Signup for the Secunia Software Inspector Referral Programme and get unique statistics based on inspections of users you refer! Reminder Service Close

It is extremely important to have updated software on your computer to avoid falling victim to e.g. a malicious website exploiting patched vulnerabilities.

To help ensure that your software is up-to-date you can use the Secunia Software Inspector. However, as software is constantly updated it would require you to run the Secunia Software Inspector once or twice every week to be sure that a new version hasn't been released for your software.

Therefore, have we made the reminder service, which will send you an email every time a new version or update is released affecting any of the software included in the Secunia Software Inspector. Simply enter your email address below and we will keep you up-to-date. It is natually free of charge to subscribe.

Your Email: (Required)

Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia

tetonbob · 05-22-2008, 09:40 PM

Looks like you're referring to Adobe Flash Player?

There appear to be multiple older versions installed.

Quote:

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

First, visit this page, to get the uninstaller:

http://kb.adobe.com/selfservice/view...nalId=tn_14157

Then, visit this page, to get the most recent versions:

http://www.adobe.com/go/getflash

05-21-2008, 11:13 PM	#22 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 25,559 OS: 2000 Pro; XP Pro; XP Home	Re: "WhenU" Malware - please help me![moved from xp] Hi, by editing your posts, I'll not be notified of new information or questions. Please try to wait for my reply after you've asked one. Thanks. Next, I'd like a new HijackThis log, as previously requested. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Our help is voluntary, but this site needs donations to operate. Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.

05-21-2008, 11:31 PM	#23 (permalink)
lennonforever Registered User Join Date: May 2008 Posts: 55 OS: Windows XP	Re: "WhenU" Malware - please help me![moved from xp] I supposed that you wanted me to proceddd so here is the HIjackthis.log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:15:52 AM, on 5/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: My Little Pony Registration.lnk = E:\ATR1.EXE O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145818117640 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10024 bytes Thank you for being so patient with me. Now waht should I do, Bob?

05-21-2008, 11:45 PM	#24 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 25,559 OS: 2000 Pro; XP Pro; XP Home	Re: "WhenU" Malware - please help me![moved from xp] Let's see if WhenU is gone from your Add or Remove Programs list once and for all. Create an uninstall list: Open HiJackThis Click on the button " Open the Misc Tools section" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Our help is voluntary, but this site needs donations to operate. Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.

05-22-2008, 12:10 AM	#25 (permalink)
lennonforever Registered User Join Date: May 2008 Posts: 55 OS: Windows XP	Re: "WhenU" Malware - please help me![moved from xp] Oh my word, Bob! I really think it's gone! Is it gone? Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 8.1.1 Adobe Shockwave Player 11 ArcSoft Picture Software Barbie(TM) as Rapunzel Barbie® As Sleeping Beauty ccCommon Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Hamtaro Wake Up Snoozer HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) hp deskjet 3600 HP Deskjet printer preloaded drivers HP Digital Imaging Album Printing 1.0 HP Instant Support HP Memories Disc HP Photo and Imaging 1.2 - Photosmart Cameras HP Photo and Imaging 2.0 - Deskjet Series HP Photosmart printers preloaded drivers Intel(R) Extreme Graphics Driver IntelliMover Data Transfer Demo Internet Worm Protection InterVideo WinDVD Player Java(TM) 6 Update 3 Java(TM) 6 Update 5 KBD Kelly Club(TM) Pet Parade(TM) CD-ROM Lernout & Hauspie TruVoice American English TTS Engine LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Mad About Cats Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Mozilla Firefox (2.0.0.14) MUSICMATCH® Jukebox My Little Pony NAVShortcut Netflix Movie Viewer Norton AntiVirus 2006 Norton AntiVirus 2006 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center Norton WMI Update NVIDIA Windows 2000/XP Display Drivers OmniPass Panda ActiveScan 2.0 PC-Doctor for Windows PlayLinc PS2 Python 2.2 combined Win32 extensions Python 2.2.1 Quicken 2003 New User Edition QuickTime RealPlayer RecordNow S3Display S3Gamma2 S3Info2 S3Overlay Scooby-Doo(TM), Case File #2 The Scary Stone Dragon Scooby-Doo(TM), Jinx At The Sphinx(TM) Scooby-Doo(TM), Showdown in Ghost Town(TM) Screensavers Installer Version 3 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Simple Backup for My Pictures Simple Installer - Multilanguage Version Smart Link 56K Voice Modem Sonic Update Manager SpamSubtract SPBBC SpywareBlaster 4.0 Symantec Symantec KB-DocID:2003093015493306 toolkit Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Updates from HP Verizon Online Help and Support Verizon Servicepoint 1.5.12 Viewpoint Media Player (Remove Only) Weblink Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WordPerfect Productivity Pack WordPerfect Productivity Pack

05-22-2008, 12:18 AM	#26 (permalink)
lennonforever Registered User Join Date: May 2008 Posts: 55 OS: Windows XP	Re: "WhenU" Malware - please help me![moved from xp] I am so exhausted, Bob. I am retiring for the night, er, I mean the morning.

05-22-2008, 12:25 AM	#27 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 25,559 OS: 2000 Pro; XP Pro; XP Home	Re: "WhenU" Malware - please help me![moved from xp] Good job! It's gone. LOL, me too..........these next steps you can do at your leisure. We should take care of a couple more things... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. In your case, it is: Java(TM) 6 Update 3 Java(TM) 6 Update 5 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Other than that............... Your logs appear clean.You should be good to go. We still have a few items to address. C:\Deckard is DSS working folder. You can safely delete it. Also delete dss.exe and any other tools or logs from tools we used. C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache in a little while. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Clear & Reset System Restore's Cache click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. PC Safety and Security--What Do I Need? Think Prevention! In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Our help is voluntary, but this site needs donations to operate. Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.

05-22-2008, 06:49 PM	#28 (permalink)
lennonforever Registered User Join Date: May 2008 Posts: 55 OS: Windows XP	Re: "WhenU" Malware - please help me![moved from xp] Bob, your expertise is so greatly appreciated! Your patience and spot-on precise instructions were so fantastic. I really , really appreciate all you have done. I am now going to proceed with the instructions you now have given me. I will post again, after that, becasue I have a few last questions concerning maintenance and disposition of the items I downloaded for the 5-step removal process. Thank you ever so much ,lennonf

05-22-2008, 09:35 PM	#29 (permalink)
lennonforever Registered User Join Date: May 2008 Posts: 55 OS: Windows XP	Re: "WhenU" Malware - please help me![moved from xp] Bob , this is the Secunia Scan as suggested by your last post. I dont understand this, Why is it saying I should install the same Adobe application over and over again? Or is it? Please advise me as to what to do, thank you Home Corporate Website Jobs Mailing Lists RSS Blog Advertise Software Inspectors Scan Online Personal (PSI) Network (NSI 2.0) Solutions For Security Professionals Security Vendors Free Solutions For Open Communities Journalists & Media Secunia Advisories Search Historic Advisories Listed By Product Listed By Vendor Statistics / Graphs Secunia Research Report Vulnerability About Advisories Virus Information Chronological List Last 10 Virus Alerts About Virus Information Secunia Customers Customer Area Secunia: Online Software Inspector The Secunia Online Software Inspector will inspect your operating system and software for insecure versions and missing security updates. A default inspection normally lasts 5-40 seconds, while a thorough inspection may take several minutes. Note: If you have anti-virus software or similar enabled, an inspection may increase significantly in duration. Detection Statistics: 19 Applications Detected in Total 12 Insecure Versions Detected 7 Secure Versions Detected Running For: 26 Minutes, 13 Seconds Errors Detected: 0 Errors Detected Enable thorough system inspection Enable the Secunia Online Software Inspector to search for software installed in non-default locations. Did you find this scan useful? Then you might find it even more useful to run our powerful installable programs, capable of conducting very thorough and indepth scans. Personal Edition (free) \| Business Edition Status / Currently Processing: Detection completed successfully Applications / Result Version Detected Status Microsoft Windows XP Home Edition Service Pack 2 Adobe Reader 8.x 8.1.1.20 This installation of Adobe Reader 8.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 8.1.1.20, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 8.1.2.0. Update Instructions: Update to Adobe Reader 8.1.2.0 or later. http://www.adobe.com/products/acrobat/readstep2.html Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28802 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Apple QuickTime 7.x 7.2.0.240 This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 7.2.0.240, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 7.4.5.0. Update Instructions: Update to version 7.4.5.0 or later. http://www.apple.com/quicktime/download/ NOTE: This version is not supported on Windows 2000. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA29650 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\Program Files\QuickTime\QuickTimePlayer.exe Microsoft Internet Explorer 7.x 7.0.6000.16640 Microsoft Outlook Express 6 6.00.2900.2180 Microsoft Windows Media Player 9.x 9.00.00.3250 Mozilla Firefox 2.0.x 2.0.0.14 Adobe Flash Player 9.x 9.0.115.0 This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 9.0.115.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9e.ocx Adobe Flash Player 9.x 9.0.47.0 This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll Adobe Flash Player 9.x 9.0.47.0 This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll Adobe Flash Player 9.x 9.0.115.0 This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 9.0.115.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9e.ocx Adobe Flash Player 9.x 9.0.47.0 This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll Adobe Flash Player 9.x 9.0.47.0 This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 9.0.47.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll Sun Java JRE 1.6.x / 6.x 6.0.60.2 Apple QuickTime 7.x 7.2.0.240 This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 7.2.0.240, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 7.4.5.0. Update Instructions: Update to version 7.4.5.0 or later. http://www.apple.com/quicktime/download/ NOTE: This version is not supported on Windows 2000. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA29650 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\WINDOWS\system32\QuickTime.qts Macromedia Flash Player 5.x 5.0.42.0 This installation of Macromedia Flash Player 5.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 5.0.42.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Setup\Swflash.ocx Macromedia Flash Player 5.x 5.0.42.0 This installation of Macromedia Flash Player 5.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 5.0.42.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Swflash.ocx Macromedia Flash Player 6.x 6.0.47.8 This installation of Macromedia Flash Player 6.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 6.0.47.8, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 6.0.88.0. Update Instructions: Update to version 6.0.88.0 or 9.0.47.0. http://www.macromedia.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA22467 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\Program Files\Common Files\AOL\Flasha.ocx Sun Java JRE 1.6.x / 6.x 6.0.60.2 Recommend It! Tell a Friend Website Buttons View/Include Statistics Referral Programme: Introduction Sign Up Submit To: Digg.com Del.icio.us Slashdot Software Inspectors Scan Online Personal (PSI) Network (NSI 2.0) Other FAQ / Help Reminder Service Send Feedback About Secunia Software Inspector Return to Start TIP! Generate unique content for your website. Signup for the Secunia Software Inspector Referral Programme and get unique statistics based on inspections of users you refer! Reminder Service Close It is extremely important to have updated software on your computer to avoid falling victim to e.g. a malicious website exploiting patched vulnerabilities. To help ensure that your software is up-to-date you can use the Secunia Software Inspector. However, as software is constantly updated it would require you to run the Secunia Software Inspector once or twice every week to be sure that a new version hasn't been released for your software. Therefore, have we made the reminder service, which will send you an email every time a new version or update is released affecting any of the software included in the Secunia Software Inspector. Simply enter your email address below and we will keep you up-to-date. It is natually free of charge to subscribe. Your Email: (Required) Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia