Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown infection(s)... started with Pokapoka and Trojan.Elitebar. Ple


  • Please log in to reply

#1
newe03

newe03

    Member

  • Member
  • PipPip
  • 34 posts
Hi! :tazz:

This is my first time trying this...I've just about exhausted everything I can think of trying to fix my computer and made minimal progress if any, so I'd really really love your help. I will give you a summary of what has happened so far (I've tried a lot on my own because I didn't know this resource was out there! I wish I had realized it earlier!), and then I'll post my HijackThis Logfile.

(If you don't need a summary of what all I've done so far, please skip ahead to my HijackThis file).

I first had Norton Antivirus on my computer, and it detected the "pokapoka70.exe" virus and "nt_hide70.dll" virus. After deleting and quarantining as many of the infected files as I could, I restarted, only to find that those viruses still existed, and I also got a virus notification of "Trojan.Elitebar" virus. Upon trying to restart again, my computer would not start... it would freeze saying "Please wait..." and would not get to the log-in menu. It would not let me start in safemode either, for it kept getting hung up on a file called d347bus.sys. I was finally able to start it using the "Start using last good/working settings" mode. I looked up directions for deleting the Trojan.Elitebar virus on the Symantec website and followed their directions (including turning off System Restore...which I still have off. It also involved looking at my "hosts" file, and there was another line in there besides the one that there is supposed to be. I deleted that other line.).

It appeared to have worked after I finally restarted, because I no longer got virus notifications when I logged on. However, then I noticed I could no longer access the internet through IE, and there was a strange toolbar in my IE window. I was also getting lots of pop-ups. I looked in Add/Remove programs and saw "180Search Toolbar" which looked unfamiliar, so I tried to delete it. I think I had to go into Safemode to do so. Also, in safemode I could use IE, but not in Normal mode. When I returned to normal mode, I still couldn't use IE, the toolbar was gone sometimes and there sometimes, but also my Windows Taskmanager would not open. I would just get the little green square on the bottom right of the screen that showed it was running, but I could not actually see it. My computer was working very slowly also. I found some information on others who had this problem, with both IE and the taskmanager, and they said that somehow uninstalling their Norton Antivirus helped the problem.

I uninstalled Norton Antivirus and sure enough, now I could use IE and open Windows Taskmanager in Normal Mode... don't really get it, but it worked. However, the weird toolbar was still there in IE and I was still getting many popups. I went to my school's webpage and installed the newest version of Symantec to replace the Norton Antivirus I had uninstalled. However, upon trying to open Symantec, my computer would freeze. This happened many times. So not being able to run Symantec, I ran Ad-aware a couple times to try to see what was affecting my computer (even though I know they probably look for different things). Also, when I logged onto AIM, after a few minutes something took over control of my AIM and started sending messages to people on my buddy list one by one with infected links. I couldn't stop it, it was doing it all on it's own, so I logged out.

I left my computer off for about a week and borrowed a computer, but I had to give it back today. I really need my computer for schoolwork so I got it out again today to try to fix it. When I turned it on, it was extremely slow in all applications, especially the internet. I came across your website. I followed all of the instructions on your Start page as you requested.

When I rebooted, Symantec's auto-protection scan popped up with viruses such as Adaware.Shorty, Adaware.MaxSearch, Trojan.Elitebar, Adaware.180Search. My system was still working very slow. I ran regular Symantec, which found those infections as well as nt_hide76.dll, system32.dll, mc-110-12-0000080.exe, Adperform180safull.exe, stubSafull.exe, etc.... Symantec claimed it was able to delete the first 2 of those, and quarantined the rest. I went into the Register Keys ("Regedit") as I had done before when I was following directions on removing pokapoka, and while trying to look for the keys that Symantec says would be modified for these other viruses, I came across pokapoka75.exe and pokapoka76.exe, so I deleted those. I also ran Symantec's tool for removing 180Search Toolbar files.... however, in the end it said that I did not have any such files on my computer (though it told me I had them earlier). Meanwhile, the Spybot-SD that I downloaded and ran from your site earlier, kept popping up with messages whenever keys were changed by one of the viruses. Unfortunately, it would ask if I wanted to accept the changes or not, and looked like it had two buttons, but they were cut off at the bottom of the window so I couldn't read them, and it wouldn't let me expand the window.... it was very strange. So I just kept clicking the "X" to close the box, but they kept popping up over and over. So, I finally shut down and restarted out of exasperation.

When I restarted, my computer was working at normal speed! IE was working fine, taskmanager was working fine. I wasn't getting any popups. The weird toolbar was gone. Everything seemed to be great for an hour or so. I was just about to run HijackThis, but I thought maybe I had fixed it and didn't need to.

About an hour later, I started getting popups all of a sudden. I logged onto AIM then, and within a few seconds, I noticed that my mouse pointer would switch between a pointer and an hourglass every second... as if it's running something or trying to. I logged off of AIM, but my mouse is continuing to do this for many minutes, and is still going as I am typing this. My computer has gotten slower again too. So, I ran HijackThis, and here is my file. I am really at a loss for what is going on, and I hope that my efforts to fix it haven't just made things worse.

I really look forward to your help (and sorry for the long summary... I wasn't sure how much detail you needed.)



Logfile of HijackThis v1.99.1
Scan saved at 11:03:07 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kerberos\leash32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\My

Downloads\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.eza1netsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.wisc.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft

Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer

= :0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common

Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang

1033
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server

/startmonitor /deaf
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration]

windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common

Files\Windows\mc-110-12-0000080.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton

SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program

Files\Kerberos\leash32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -

http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -

http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -

http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...client/wuweb_si

te.cab?1103167582532
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and

Settings\Administrator\My Documents\My Downloads\cwshredder-1.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec

Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation

- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton

SystemWorks\Norton Speed Disk\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program

Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz:

Sorry for the delayed response, it has been very busy lately.Please rescan with Hijack This and and save a log file. When notepad opens click on <<format>> and uncheck wordrap then post a brand new Hijack log in this thread and we can begin your cleanup

Thanks

Edited by loophole, 26 October 2005 - 09:36 PM.

  • 0

#3
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi!! Great, thanks so much! :tazz:

Here's my new HijackThis Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 10:58:06 PM, on 10/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kerberos\leash32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eza1netsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wisc.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103167582532
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Administrator\My Documents\My Downloads\cwshredder-1.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#4
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I don't know if it's important or not, but before I saw your message I ran Symantec and it found one file that it quarantined. i haven't restarted since then. if you want me to restart and then post a new logfile, just let me know!

Also, currently my System Restore is turned off, just in case that's important too.

Can't wait for your help, cuz I'm stumped! :tazz:
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Sure tell me what file it Quarantined :tazz:
  • 0

#6
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
auf0.exe
  • 0

#7
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok lets begin :tazz:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eza1netsearch.com/sp2.php
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe



Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\windir32.exe
C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe

After that, Reboot.

Download and install CleanUp! Here
but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. When it ask you to reboot select NO

Please run this online virus scan:
Panda Active Scan You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here. Also post a new Hijack log
Thanks :)
  • 0

#8
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi :)

** I ran HJT and clicked those files and selected FIX.

I have Spybot installed (as per the directions that are posted on this website for the first steps we should do to try to catch any malware before we start a new topic). I don't know if it's just my computer or not, but now whenever a registry value or something like that is going to change, I get a message from Spy-Bot asking me to deny or allow the change. (The buttons are actually half-hidden in the window, and I can't scroll down to them, but I've figured out which one is which after trial and error haha.) Is this normal for Spy-Bot?

I clicked ALLOW for all 7 of the changes. I hope this was correct?

** Then I rebooted in safemode. I am still in safemode now. 2 questions about booting into safemode:
1. There are 3 safemode options: safemode, safemode with networking, and safemode with command prompt. what's the difference? I clicked safemode with networking because I hoped that meant I would still be able to use the internet.
2. When loading into safemode, there is a point where it says: Press ESC to stop loading d374bus.sys. I didn't do anything then... should I push ESC?

** I looked for the 2 files you mentioned using both windows explorer and my computer. I couldn't find them. ??? :tazz:

I'll stay in safemode for a little bit and wait for your reply :woot:

P.S. also... when I accidentally rebooted in normal mode before, there was a message that popped up very briefly that said "Your System is at Risk... Symantec has been disabled" (or something close to that.... it just flashed). just fyi.
  • 0

#9
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Sorry yes accept the changes with spybot . Normally whenever we do any work with hijack allow the changes. Normally safemode without networking is the way to go. Since you cant find those file reboot and go ahead and post a new hijack log and lets see if they are really gone :tazz:
  • 0

#10
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
okay :tazz: here i go!!
  • 0

Advertisements


#11
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:13:35 AM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kerberos\leash32.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wisc.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103167582532
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Administrator\My Documents\My Downloads\cwshredder-1.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#12
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Well your log looks clean. There are bound to be some leftovers that Hijack cant see. Follow the rest of the directions and lets see what the panda scan finds :tazz:
  • 0

#13
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
well unfortunately i have to head to bed... the panda scan is still running, and hopefully it will complete running overnight. i'll post in the morning :tazz:
  • 0

#14
newe03

newe03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
G'morning :tazz:
I followed your directions from before. Below are my two reports. (I didn't restart yet..)

Here is my CleanUp! Report:


Incident Status Location

Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\system32.dll
Adware:adware/surfaccuracy No disinfected C:\PROGRAM FILES\SurfAccuracy
Adware:adware/ist.istbar No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-21ad06b0-35375346.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-53afda83.zip[Dummy.class]



Here is my new HJT Logfile:


Logfile of HijackThis v1.99.1
Scan saved at 8:59:25 AM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kerberos\leash32.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wisc.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103167582532
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Administrator\My Documents\My Downloads\cwshredder-1.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#15
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz:

Looks pretty clean

Uninstall Surf accuracy if it is present

Delete this folder C:\PROGRAM FILES\SurfAccuracy

Delete this file C:\PROGRAM FILES\COMMON FILES\system32.dll

Next

1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel

Reboot

Post a new hijack log and tell me how your system is running now.

Thanks :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP