Jump to content
Sign in to follow this  
rick1

Smitfraud-C.gp{Resolved}

Recommended Posts

Hey,

 

Got infected by this trojan Smitfraud-C.gp earlier today and I've used several removal tools now as well as SmitFraudFix in safe-mode. Now I need some help to find out if its still on my computer. If you got the time to see if you can find anything else suspicious, that would be just great!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:38:40, on 2008-04-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\hphmon06.exe

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\PROGRAM\Mozilla Firefox\firefox.exe

C:\Program\Spybot - Search & Destroy\SpybotSD.exe

C:\Program\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Steam\Steam.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PowerGrid.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?5ccdae86bbe040d4a79c63d157aed08e

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?5ccdae86bbe040d4a79c63d157aed08e

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...130/mcfscan.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 9709 bytes

 

 

 

 

Thanks in advance,

Rick

Edited by rick1

Share this post


Link to post
Share on other sites

 

Hey Rick,

 

Sorry I can't help you with this. I don't know how to interpret HJT logs, but I'm sure someone who does know will respond soon.

 

A favor maybe? I would be happy just to know how to DO a HJT log. While you're waiting for your answer about your HJT log, maybe you could help out an old lady?

 

Thanks, and I hope your virus problem goes away.

Share this post


Link to post
Share on other sites

Hi and welcome rick1

 

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

 

* Open Spybot Search & Destroy.

* In the Mode menu click "Advanced mode" if not already selected.

* Choose "Yes" at the Warning prompt.

* Expand the "Tools" menu.

* Click "Resident".

* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.

* In the File menu click "Exit" to exit Spybot Search & Destroy.

===============

 

 

Please disable AVG Anti-Spyware as it may interfere with the fix.

Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.

In the Resident Shield section, toggle the AVG Anti-Spyware active protection off by clicking Change state which will then change the protection status to 'inactive'

If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.

Reply No and set it to inactive for the duration of your cleanup.

 

 

 

Please go to Add/Remove programs in the Control panel and remove/uninstall (if found)

AskBar

 

 

 

NEXT**

Please download Malwarebytes' Anti-Malware to your desktop

 

Additional Link

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.

* You can also access the log by doing the following:

 

o Click on the Malwarebytes' Anti-Malware icon to launch the program.

o Click on the Logs tab.

o Click on the log at the bottom of those listed to highlight it.

o Click Open.

 

In your next reply, please post:

* the Malwarebytes' Anti-Malware log

* new HijackThis log taken after the above scan has run

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

 

 

 

 

grumpyinwinter

A favor maybe? I would be happy just to know how to DO a HJT log. While you're waiting for your answer about your HJT log, maybe you could help out an old lady?

I can help.

 

Download Trend Micro Hijack This™ and save to desktop.

It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.

Doubleclick the HJTInstall.exe to start it.

By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

 

Accept the license agreement by clicking the "I Accept" button.

Click on the "Do a system scan and save a log file button. It will scan and then ask you to save the log.

Click "Save log" to save the log file and then the log will open in Notepad.

Click on Edit-> Select All then click on "Edit -> Copy" to copy the entire contents of the log.

 

If you need a log analyzed I need to ask that you start a new topic to avoid confusion.

Share this post


Link to post
Share on other sites

Welcome back

 

That came back clean

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

 

 

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5
  • Scroll to Java Runtime Environment (JRE) 6 Update 5 and click on the download button

    Click on the Accept License Agreement button

    Next select

    Download Now! Windows Offline Installation, Multi-language

     

    Now close all windows, including your browser.

    Double click on the Java installation that you downloaded and follow the prompts.

     

    NEXT-remove all older versions of Java

    Go to Start > Control Panel double-click on the Software icon > add/remove programs.

    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    Select it and click Remove.

  • Close any programs you may have running - especially your web browser.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.

 

 

 

 

 

NEXT**

Go to Start > Control Panel > Internet Options

In the General tab, Temporary Internet Files, click:Delete Files

When prompted, check:Delete all offline content

You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)

Click OK

 

Then, go to Start >Run and enter: cleanmgr

Select the drive to clean: C:\

Check the following boxes and then press OK to remove:

Temporary Files

Temporary Internet Files

RecycleBin

Agree to the prompt to perform the action...

 

 

 

NEXT**

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.

Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.

 

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

 

 

 

 

 

NEXT**

Let's run one more scan to check for any left overs.

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Yes, when prompted to install its ActiveX component.

(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

The program launches and downloads the latest definition files.

  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives

      Scan Mail Bases

  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.

There is no option to clean/disinfect, however, we need to analyze the information on the report.

Posted Image

 

Posted Image

 

To obtain the report:

Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply.

 

 

 

In your next reply post:

Kaspersky log

New HJT

 

How is the computer at the moment?

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Share this post


Link to post
Share on other sites

Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

====

 

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following files/folders in bold

 

C:\Documents and Settings\HP_Žgaren\Shared\prison break season 3.wm <--needs to go

C:\Documents and Settings\HP_Žgaren\Skrivbord\SmitfraudFix<--delete this folder

 

Now reboot the machine

 

 

Your last HJT log was cut off...I need to see another.

 

No need to use the quotebox to reply.

Share this post


Link to post
Share on other sites

Welcome back

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)

 

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

 

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

(Description: HP monitoring tool. Unnecessary. Remove this to free up some system resources.)

 

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

(Description: HP software update checker and wizard launcher.)

 

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

(Description: A small program that reminds you to register your Creative Labs product (i.e. sound card, video card). Unnecessary. Removing this will free up a small amount of system resources.)

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.6.0_05\bin\jusched.exe

(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

 

 

 

Now reboot the machine to set the registry

 

 

I've got another problem now as well. Every webpage seems to look like its made in Microsoft Word or something. There's really no graphics like banners, logos etc. Any idea if its the Java causing it?

Is this still an issue?

 

 

http://windowsxp.mvps.org/IEFIX.htm

follow the above for IE repair.

Share this post


Link to post
Share on other sites

I can't explain it......

 

I can say it's not malware.

 

Have you added any addon's in Firefox lately or check for any updates?

 

Sounds as if this is an issue I'll have to direct over to our User to User forum.

Share this post


Link to post
Share on other sites

Great thanks for the help!

Glad we could help

 

 

If you should continue to have a problem with FireFox.....start a new topic in User to User, they'll be glad to help you.

 

 

Below are recommendations to protect your computer.

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 2.0 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Free Antivirus-AntiSpyware-Firewall Software

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-c...-do-i-need.html

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×