HijackThis Log File - Edifiz

[edifiz]

I also get some Internet Explorer Script error when i try to open some applns or games ...

How can i paste that error window here ??

The Ctrl+Print Screen Option doesnt seem to work ..

[tetonbob]

Quote:

Originally Posted by edifiz

There is an option which says

'The Java SE Runtime Environment (JRE) allows end-users to run Java applications. '

No where does it say the following

'The J2SE Runtime Environment (JRE) allows end-users to run Java applications'

Minor wording change in recent days.

It's the fourth one down.

[edifiz]

I am unable to remove Java 2 Runtime Environment, SE v1.4.1_02 . When i click on Change/Remove button it takes me thru the process n it shows 100% done but the thing is still thr in Control Panel>Ad/Remove Program Window ...

Do i still instal the New Java Prog saved on my desktop ?

[tetonbob]

Reboot after the uninstall.

[edifiz]

I am sorry .. Didnt mention that in my earlier thread ... even after restarting its still thr ...

[Clark76]

Along with my instruction in post #19 please do this:

• Double click on HijackThis.exe to run it.
• Go to Config || Misc Tools
• click the button labelled "Open Uninstall Manager"
  • click the "Save List" button
  • post back with this list

[edifiz]

Deckard's System Scanner v20070611.50
Run by Owner on 2007-07-15 at 18:17:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:19:40 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\TSF\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIRUSP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IridiumTimeWizard] D:\My Documents\rupa\tp\iridium.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [12Voip] "C:\Program Files\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Freecell Solitaire - http://presence.games.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup161.cab
O18 - Protocol: bw+0 - {459F93BE-477C-45AC-B9BD-1F010C483399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {459F93BE-477C-45AC-B9BD-1F010C483399} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- Files created between 2007-06-15 and 2007-07-15 -----------------------------

2007-07-15 15:30:58 0 d-------- C:\Program Files\Common Files\Java
2007-07-15 01:16:51 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-07-13 08:12:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-07-13 08:12:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-07-11 07:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-07-07 06:28:15 0 d-------- C:\Program Files\Peterson's
2007-07-06 21:18:40 0 d--h----- C:\Program Files\Zero G Registry
2007-07-04 09:16:15 0 d-------- C:\TSF
2007-06-24 16:38:52 0 d-------- C:\Program Files\Apple Software Update
2007-06-22 22:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-17 12:40:58 0 d-------- C:\Documents and Settings\Owner\Application Data\12Voip
2007-06-16 08:43:16 0 d-------- C:\Program Files\iCall


-- Find3M Report ---------------------------------------------------------------

2007-07-15 15:31:47 0 d-------- C:\Program Files\Java
2007-07-14 17:32:27 0 d-------- C:\Program Files\Yahoo! Games
2007-07-06 21:32:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-07-06 21:32:12 335 --a------ C:\WINDOWS\nsreg.dat
2007-07-06 21:22:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-04 14:03:22 0 d-------- C:\Program Files\Windows Defender
2007-07-04 14:02:16 0 d-------- C:\Program Files\SpywareGuard
2007-07-04 14:01:42 0 d-------- C:\Program Files\QuickTime
2007-07-04 13:53:20 0 d-------- C:\Program Files\iTunes
2007-07-04 13:50:46 0 d-------- C:\Program Files\FinePixViewer
2007-07-04 13:50:34 0 d-------- C:\Program Files\EarthLink TotalAccess
2007-07-04 09:56:13 0 d-------- C:\Program Files\iWin Games
2007-07-04 08:55:14 0 d-------- C:\Program Files\Winamp
2007-06-28 10:44:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-06-24 16:42:46 0 d-------- C:\Program Files\iPod
2007-06-06 17:48:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-05-20 13:08:32 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2007-05-19 22:21:02 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-18 15:17:37 0 d-------- C:\Documents and Settings\Owner\Application Data\FloodLightGames


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{4B5F2E08-6F39-479a-B547-B2026E4C7EDF} C:\Program Files\EarthLink TotalAccess\PnEL.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\VIRUSP~1\SPYBOT~1\SDHelper.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"mmtask"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\""
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"IridiumTimeWizard"="D:\\My Documents\\rupa\\tp\\iridium.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"FreeCall"="\"C:\\program files\\freecall.com\\freecall\\freecall.exe\" -nosplash -minimized"
"12Voip"="\"C:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe\" -nosplash -minimized"
"E6TaskPanel"="\"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe\" -winstart"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://us.f208.mail.yahoo.com/ym/Sho...&view=a&head=b

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-15 at 18:20:09 ---------

[edifiz]

Abacast Client
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
AVG Anti-Spyware 7.5
Britannica Ready Reference
CleanUp!
Cucusoft MPEG/MOV/RM/DivX/AVI to VCD/DVD/SVCD Converter Lite 7.
Dell Digital Jukebox Driver
Dell ResourceCD
EarthLink FastLane
EarthLink TotalAccess 2004
Easy CD Creator 5 Basic
FinePixViewer Ver.4.0
Florida Traffic Information 2004
FUJIFILM USB Driver
GMAT
Google Talk (remove only)
Google Toolbar for Internet Explorer
HCS+ (KHA_Custom)
HCS2000
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ImageMixer VCD for FinePix
Intel(R) Extreme Graphics Driver
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java(TM) 6 Update 2
Kaspersky Online Scanner
Lavasoft VX2 Cleaner
Lernout & Hauspie TruVoice for Microsoft Agent
Lexmark Supplies Monitor
Lexmark Z55
LiveUpdate 1.90 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser and SDK
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
Musicmatch® Jukebox
Nero Suite
Norton WMI Update
Panda ActiveScan
PowerDVD
Quicken 2002 New User Edition
QuickTime
RealPlayer
REXplorer Component Upgrade
Rhapsody Player Engine
Runic One
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Skype 2.5
Sony MP3 Conversion Tool
SoundMAX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareBlocker
SpywareGuard v2.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
URGE
VCW VicMan's Photo Editor 7.65
VideoLAN VLC media player 0.8.4a
WebEx
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
WordPerfect Office 2002
WordPerfect Office 2002
Yahoo! Anti-Spy
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar

[Clark76]

Download the Windows Installer CleanUp Utility

Locate and run msicuu2.exe to install the Windows Installer CleanUp Utility.
Locate and launch the Windows Installer CleanUp Utility on the Start menu.
From the Windows Installer CleanUp Utility window, locate Java 2 Runtime Environment, SE v1.4.1_02 in the list and click the Remove button.
Once the application has been removed, click the Exit button to close the utility.

reboot the computer in normal mode

Then, Click > Start > Control Panel > Add / Remove Programs and look to see if if it is gone. Post back and let me know the results.

[edifiz]

i m not able to find Java 2 Runtime Environment, SE v1.4.1_02 in the 'windows instal clean up' window ...

hwever it still exists in control panel/add remove programs

[Clark76]

• Double click on HijackThis.exe to run it.
• Go to Config || Misc Tools
• click the button labelled "Open Uninstall Manager"
  • select Java 2 Runtime Environment, SE v1.4.1_02, and click "Delete This Entry"

Well done, your logs are clean!

==============

Delete the following folder in blue:

C:\ QooBox

==============

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Check the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

===============

You can now re-enable SpywareGuard.

Click Start > Programs > SpywareGuard > SpywareGuard

===============

Flush the System Restore Points

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

=============

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

=================================================

This is a good time to set up protection against further attacks. Read TonyKlein's How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard, to prevent spyware intrusions. IE-Spyad is another excellent program that places over 4000 websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. All of the above have good free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

More information and downloads are available at the following links:

Spyware Blaster
Spyware Guard
IE-Spyad

===========

Please respond to this thread one more time so we can mark this thread as Resolved.

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

[edifiz]

Thank you soo much for all your help .

Before closing the thread can you pls help me out one last time with the foll questions ?

1. Is my comp free from any hacking software etc ??? ie no1 has access to the activities goin on in my comp right ?
2. Thr r still couple of application mostly games that i am not able to run. I get some script error ..i am not able to copy paste the screenshot of the window here or else cud hv given u a better idea of what i am talking about.
3. When i click on a link it doesnt take me to that webpage cos the address in the address bar automatically starts with some http22% ... i then have to retype the whole address again. This is only when i click on links and not when i type the address directly in the address bar.
4. The moment i enabled the spybot search i keep gettin these pop ups sayin some old value new value and there are 3 options 'remember this decision' n the other 2 options that are not visible. What do i need to do for that ?
If you could tell me hw to copy paste that screen in my reply i can do that for you to get a clearer idea ...

Thank you once again ...

[Clark76]

Quote:

1. Is my comp free from any hacking software etc ??? ie no1 has access to the activities goin on in my comp right ?

From what I can see, your system is clean.

Quote:

2. Thr r still couple of application mostly games that i am not able to run. I get some script error ..i am not able to copy paste the screenshot of the window here or else cud hv given u a better idea of what i am talking about.

Are these online games or games installed on your computer?

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

• Press the Print screen key
• Click the "Start" button (normally located in the bottom left of your screen).
• Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
• Wait while the application "Paint" opens. Once it is open, proceed to the next step.
• Click the "Edit" menu and select "Paste".
• Click the "File" menu and select "Save As...". A dialog box will appear.
• In the "File name" field, enter a name of your choice.
• Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
• Click the "Save" button.

Then you need to attach the file to the post

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. click Browse and navigate to where you saved the screen shot.
3. Click Upload.

Quote:

3. When i click on a link it doesnt take me to that webpage cos the address in the address bar automatically starts with some http22% ... i then have to retype the whole address again. This is only when i click on links and not when i type the address directly in the address bar.

Let me know if this helps.

• open Internet Explorer
• click Tools then Internet Options
• under the Advance Tab, click Restore advanced settings

Quote:

4. The moment i enabled the spybot search i keep gettin these pop ups sayin some old value new value and there are 3 options 'remember this decision' n the other 2 options that are not visible. What do i need to do for that ?

Using Internet Explorer, download ResetTeaTimer.bat.

If you are using Firefox, right click the above link and choose ‘Save As’. Save it to your desktop.

Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

If you still get alerts please write them down what they are and post back here with them.

[edifiz]

1. thanks a lot

2. these are games that i h d/l on my computer n used to work fine b4 ... i have attached a screenshot of one of them ...(Ques2.jpg)

Inspite of clickin on either yes or no i keep gettin the same window

3. tried restoring advance setting but problem still exists ...

This is when i click on any link i receive on yahoo messenger or yahoo mail or other emails .. The address in the address bar starts with

http://%22

4. i followed ur instruction .. havent recd any msg as yet. But wheever i get it the window doesnt show the option on all click box and i am not able to use the mouse to click on it. only the tab key works

5. every time i restart my comp i get this msg (Ques5.jpg). What should i do ?

[Clark76]

1. Your welcome
2. I suggest posting in the PC Gaming Support forum and after explaining your problem attach that same screenshot
3. I suggest posting in the Internet Explorer Forum and after explaining your problem, tell them you have been cleared here and supply them a link to this thread.
4. Glad to here you are not receiving anymore warnings but I am not sure why the mouse would not let you click on the options. If the problem appears again please post back.
5. Try this:

• Click start and choose Run. Type services.msc in the open box and click OK.
• Locate the Windows Defender service and double click it.
• Click Start button to start the service.
• Choose Automatic in the Startup type list.
• Click OK to save the setting.

Let me know how this goes.

[edifiz]

2. 3. & 4.Thanks

5. I get the following msg (untitled.JPG)

[Clark76]

I did some searching around and found one user saying that uninstalling then reinstalling it solved their problems. Reading your attached pic it says that the licence has expired. I am thinking that you might have had a version of it which has timed out. I would try uninstalling it then re-download and install Windows Defender.

[edifiz]

ok will try doing that ... nyways i doesnt give me any problem .... u can close this thread and thank you very much for all your help ...

there are couple of other inactive threads of mine that i am unable to delete .. it was posted long time back ... if u cud tell me a way to delete those i will delete it ... i dont find that delete option in that thread of mine ...

thanks once again ...

[Clark76]

You are welcome.

There is no way for you to delete your old posts. They serve as a record in case someone needs to look at them. I would not worry about them

[edifiz]

no probs ... thnx :)