Jump to content

1972vet

Experts
  • Content Count

    1,341
  • Joined

  • Last visited

Posts posted by 1972vet


  1. To repair your installation of Windows without loosing any files that you've already created, please do the following:

    Insert your Windows XP Setup CD, and restart your computer.

    • When the Press any key to boot from CD message is displayed on your
      screen, press a key to start your computer from the Windows XP CD.
    • Press ENTER when you see the message To setup Windows XP now, and
      then press ENTER displayed on the Welcome to Setup screen.
    • Do not choose the option to press R to use the Recovery Console.
    • In the Windows XP Licensing Agreement, press F8 to agree to the
      license agreement.
    • Make sure that your current installation of Windows XP is selected
      in the box, and then press R to repair Windows XP.
    • Follow the instructions on the screen to complete Setup.

    When completed, your system should boot normally. The installed applications and files you had before should still be present. There will more than likely still be some malware present as we have not wiped the disk. Please post the mbam log from your last run. Thanks!


  2. OK, you said earlier that when you tried safe mode that you got to a black screen that said "safe mode" but there were no icons...which actually, is typical so based on your own description, your safe mode option is still valid.

    Let's boot back to safe mode, log on as "Administrator", wait long enough and your safe mode desktop should appear.

    Once it stabalizes (remember, safe mode takes it's time so be patient), open the mbam utility and click the "Logs" tab. Select the log with the most current date and open it. When the log opens, click File from the menu at the top, then select "Save As" and save it to your desktop. Don't bother changing the name of the file...it should already be named and highlighted for you by default.

    Next, click Start-->Control Panel-->System-->Advanced Tab-->Startup and Recovery Settings

    ...Click the Edit button at the top of the Startup and Recovery window.

    Now, please tread very carefully here...that file is your boot.ini and is a critical file that your bios looks at before windows loads. In a blank area of the boot.ini notepad, please Right-Click and select Select All...then right-click again and select Copy. Now, please close the boot.ini notepad and open a blank notepad. Right-click in the blank notepad and select Paste. Now save THAT notepad to your desktop. Save it as bootini.txt

    Upload both of those files back here on your next reply. Thanks!


  3. Make sure that there are NO Floppy Disks, CD's, or External Drives connected to the computer.

    • Insert the Windows XP Bootable CD into the computer.
    • When prompted to press any key to boot from the CD, press Any key.
    • Once in the Windows XP Setup Menu press the "R" key to repair Windows.
    • Log into your Windows installation by pressing the "1" key and pressing enter.
    • You will then be prompted for your Administrator Password, enter that password (if none assigned, just press enter)
    • Copy the below two files to the root directory of the primary hard disk. In my below example we are copying these files from the CD-ROM drive letter "D". Since we haven't yet seen a log from you that shows us your drive letter, this letter may be different on your computer.
    copy d:\i386\ntldr c:\

    copy d:\i386\ntdetect.com c:\

    Once the two files are both copied over Successfully you may then restart your computer...windows should start normally. If Windows starts up normally for you, post the mbam log from your earlier run. Thanks!


  4. OK, before we decide which way to proceed, tell us when your system boots up, do you even get a start button? If so, does the start menu open at all or does the computer just not respond to anything you type?

    ...and if not, describe the steps the system goes through when you try to boot up. Does the Welcome screen appear? I understand you said their are no icons, but does your desktop appear normal otherwise?...I mean, is there the familiar color scheme, task bar, start button, etc.


  5. Your Java application is one update behind. In time, this outdated version can cause a slight security risk as a result.

    Please follow these steps to remove older version Java components

    1. Close any open programs you may have running, especially your web

    browser.

    2. Click Start-->Control Panel-->Add or Remove Programs.

    3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.

    Not every version of Java will begin with "Java" so be sure to read each entry in the list.

    Repeat step 3 as many times as necessary to remove all versions of Java.

    **If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

    4. Navigate to and delete:

    • C:\Program Files\Java <=this folder if found

    5. Then go to this page.

    Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications" and click the "Download" button to the right. Select the platform for "Windows".

    6. Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement", then click Continue...The page will refresh

    Then, click on the link to download Windows Offline Installation. Save it to your desktop.

    Now, from your desktop, double-click on the executable to install the newest version.

    Please open a blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    File::

    C:\WINDOWS\system32\awtsPJYq.dll

    C:\WINDOWS\system32\ovtjsffm.dll

    C:\WINDOWS\system32\kxgcmere.dll

    C:\WINDOWS\system32\efcCssSj.dll

    C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll

    Registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20107791-F846-4396-829C-5D1167EF7E0E}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4448F0CF-B2CF-4CD7-A108-E9A521781BEF}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{504D4782-3C40-4BA1-B00B-30B145AAB66D}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD21240F-91DC-47A6-B14F-43F548033D32}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F2915E-0B44-48BD-BA08-A15E10ECFCB0}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BM447b567e"=-

    "474865e2"=-

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPJYq]

    [-HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "FirewallOverride"=dword:00000000

    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000000

    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000000


  6. ...now i have absolutely nothing. i've tried safe mode, last successful config, anything, and all i get is the compaq background, can't even control-alt-delete. did whatever i had delete the OS as well?

    Your description is vague. When you say that you "tried safe mode" please tell us what that means to you. The way some folks describe their situation may mean something entirely different to us..in other words, were you actually able to enter safe mode but you found that nothing works while you are in safe mode? What happens when you select "Last Known Good Configuration that Worked"?

    You did say that all you get is the compaq background but that doesn't describe the background you SHOULD get while in safe mode or even at the "Advanced" menu listing.

    When you boot to safe mode the system will take quite a bit longer to present a stable desktop. Did you wait long enough? Were you presented with any questions on your screen?

    You asked if you had deleted the OS as well along with the malicious software that mbam found...that's sort of a loaded question but the short answer would be NO. Windows cannot be deleted while you are using windows on the mounted drive. However, it IS possible to delete an operating system if you have more than one operating system installed (this would require more than one partition).

    Please post back with a bit more detail.


  7. Please download combofix from This Webpage...and read through the instructions there for running the tool.

    ***Important Note***

    Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

    The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

    Once installed, a blue screen prompt should appear that reads as follows:

    The Recovery Console was successfully installed.

    When you see that screen, please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please post back the following on your next reply:

    C:\ComboFix.txt

    New HijackThis log.


  8. Delete the .reg file on your Desktop. You should return to the instructions regarding "showing hidden files" and reverse them to re-hide those files.

    Now that your system is clean and running the way you expect, let's create a new restore point you can refer to should the need arise at some point in the future.

    Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean) Click "Create" and reboot your computer.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!


  9. Make sure you can http://*.update.microsoft.com

    The service below aawservice is legitimate but should not be running from the "My Documents' folder. You may have to reinstall the application if you still use it:

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Documents and Settings\Ryo_2\My Documents\aawservice.exe

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Now please close all open windows except for the hijackthis application's window (that includes this browser window), then click the Fix Checked button.

    Reboot the computer into Safe mode. Once in safe mode and logged on as "Administrator" please continue with the instructions below:

    Locate and delete the following files/folders indicated in Bold text:

    C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

    C:\WINDOWS\system32\kovuxptx.dll

    C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

    C:\Documents and Settings\Ryo_2\My Documents\aawservice.exe

    Reboot back to your normal windows user mode. Please perform this online scan: F-Secure Online Scanner Next Generation Beta

    1. Click on the link "F-Secure Online Scanner Next Generation Beta".

    2. You may receive an alert on the address bar at this point to install the ActiveX control.

    3. Click on that alert and then Click Insall ActiveX component.

    4. Read the license agreement and click "Accept".

    5.Click "Custom Scan" and be sure the following are checked:

    • Scan whole System
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics

    6. When the scan completes, click the "I want to decide item by item" button.

    7. For each item found, Select "Disinfect" and click "Next".

    8. When done, click the "Show Report" button, then copy and paste the entire report into your next reply along with a fresh HijackThis log. Also, please advise how your system is behaving now. Thanks


  10. everything is running lovely now...i even got the updates to work...i would like to post one last log of everything so you can check if everything is running A oKAY

    No need to post another log. Your last log looked fine. To assist you with your Windows Update issue should it ever occur again, download the "Dial_a_fix" utility Here.

    Now that your system is clean and running the way you expect, let's first remove all of your old system restore points since they would include the infections that you've removed.

    Click start-->Control Panel-->System-->System Restore...Check the box Turn off System Restore on all drives then click "Apply" and "OK" to close the System Properties box. Reboot the system. When the desktop appears stable, return to the System Properties box "System Restore" tab. Remove the check from Turn off System Restore on all drives". In a blink, the system will have created a new clean restore point for you and named it "System Check Point".

    Now highlight the drive letter in the Available drives section then click the Settings button (If you have only one drive then just click the ["Settings" button). Move the slider over to the left until the Disk space to use: reads as close to 500 MB's without going over 500 MB's. This will free up quite a bit of Disk space for you. Having System Restore set at or as close to 500MB's as possible (without going over that amount) will create plenty of System Restore points and is more than sufficient.

    Now we need to create a new restore point that you can refer to should the need arise at some point in the future.

    Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean) Click "Create" and reboot your computer.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.

    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Sunbelt Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!


  11. Now that's a good looking log you got there...

    Your Internet Explorer was copied from the wrong location. You should be able to locate the file here:

    C:\Program Files\Internet Explorer\iexplore.exe

    ...just right-click on the file iexplore.exe and select from the menu:

    Send to-->Desktop (create shortcut)

    Additionally, if you want to put a copy of the file back onto your start menu so that it's available when you click start-->All Programs...then please do this:

    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select
      Show hidden files and folders.
    • Uncheck the "Hide protected operating system files
      (recommended) option.
    • Click Yes to confirm.
    • Click OK.

    Next, navigate to:

    C:\Documents and Settings\{Your User Account Name}\Start Menu\Programs

    ...now you can drag a copy of the file shortcut you created earlier to this folder. Return to the above instructions regarding the "Hide protected operating system files (recommended)" and place a check in the box. Likewise, remove the check now from "Show hidden files and folders".

    The entries that showed us your Internet Explorer running on startup were in your previous log here:

    O4 - S-1-5-18 Startup: iexplorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User '?')

    O4 - .DEFAULT Startup: iexplorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User 'Default user')

    ...so I believe what you meant to say was you dropped it into the "Startup" folder. I believe what you were trying to do is exactly what I detailed above in the instructions on how to place the file into your "Start Menu". The last log you've posted now shows that the entries are no longer present in the "Startup" folder.

    How's it running for you now?


  12. I see nothing left in the log that's malicious. Your on board Avast antivirus is still disabled evidently. Open the application and navigate through it's preferences/options to see if you can select an option that allows it to run when Windows starts. If so, reboot immediately after you've configured it correctly. Run your hjt utility again and look in the section that lists all of the "O4" entries. Does Avast appear there? If not, download a fresh copy and reinstall the application over itself...this will repair the installation. Use the default settings. On your next reply I would expect to see your Avast antivirus running properly.

    The remnant left over from the Symantec uninstall is still there...let's do this:

    Copy and paste the following into a blank NotePad:

    sc stop CLTNetCnService

    sc delete CLTNetCnService

    Click File-->Save as and name the file delservice.bat

    Under "Save as type" Select "all files" and save it to your Desktop.

    Double-click the delservice.bat file on your Desktop. It will appear as though nothing has happened but that's expected. Delete the .bat file and Reboot the system.

    Next, please run hijackthis again and check this entry:

    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    Close all windows before clicking the Fix Checked button. Reboot.

    When the system comes back up, click start-->Run...then type CMD in the run box and click "OK" or hit your enter key.

    At the command prompt, copy and paste the following then press your enter key:

    net start > junk

    net start > junk

    notepad junk

    Please post back the content of the notepad file that opened for you along with a fresh HijackThis log and, if you will, please answer my questions below. Thanks!

    I have some questions for you now...I am always interested to learn something new...why would you want to do these two things:

    1) Rename your Internet Explorer to use all capital letters

    2) Have your Internet Explorer running on system startup


  13. Ahh...glad to see you were able to resolve this issue.

    Now that your system is clean and running the way you expect, let's create a new restore point you can refer to should the need arise at some point in the future.

    Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean) Click "Create" and reboot your computer.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!


  14. .. umm no i didnt intentially diable the software to not come up when windows starts .. how do i change that..

    You may have to reinstall the software but...maybe not. Once we are convinced that the malicious software has all been removed it is possible that your antivirus may return. We'll see after you've completed the instructions posted for you previously

    and the bitcomet you said to delete? but i use it to download movies annd things .. i still have to delete it?

    Considering that the BitComet may well be largely responsible for your current malware issues, I would say YES you should remove it. And please note, I had said to uninstall it, not to delete it. There is a huge difference...by the way, if you do use it to download "movies and things" from some shared folder uploaded to the web, the download is a copyright infringement. You CAN be fined and do jail time in some instances for such violations.


  15. You have some troublesome cookies that linger, and there are malware which have attached themselves to your restore points in the "System Restore" feature. We'll remove those restore points only AFTER we're convinced that your system has been thoroughly cleaned.

    Your Avast antivirus software services are running but the application doesn't seem to start when Windows starts. Is this a configuration that you have set intentionally? If so, it's NOT recommended. If indeed the software was disabled by the malicious software you had (and may still have) on the system, it may be necessary to reinstall the software...let's see what the next log looks like though before we go tampering with it but keep in mind, we would like to know if you intentionally removed the Avast Antivirus from startup.

    We've also noticed that there are some lingering services/processes that were left over from a failed Symantec uninstall... You can use their Removal Tool to completely dissolve the remnants left behind from a failed install/uninstall or damaged Symantec product.

    Your Java application is out of date and causes a slight security risk as a result. This vulnerability combined with the use of file sharing software is most likely the combination of events that is responsible for your current malware issues...

    Please follow these steps to remove older version Java components

    1. Close any open programs you may have running, especially your web

    browser.

    2. Click Start-->Control Panel-->Add or Remove Programs.

    3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.

    Not every version of Java will begin with "Java" so be sure to read each entry in the list.

    Repeat step 3 as many times as necessary to remove all versions of Java.

    **If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

    4. Navigate to and delete:

    • C:\Program Files\Java <=this folder if found

    5. Then go to this page.

    Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications" and click the "Download" button to the right. Select the platform for "Windows".

    6. Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement", then click Continue...The page will refresh

    Then, click on the link to download Windows Offline Installation. Save it to your desktop.

    Now, from your desktop, double-click on the executable to install the newest version.

    Click here for information regarding the risks of using File Sharing software.

    Please uninstall the following software:

    BitComet

    BitCometTools

    BitComet ToolBar

    ...or anything with BitComet in it's name

    Click start-->Control Panel-->Add/Remove Programs...scroll down the list to locate the program names and click Remove for each. Reboot the system when the uninstalls complete to properly record the changes made to the hard disk.

    The following startup entries noted in the HijackThis log are suspicious only because of the upper case (CAPITAL) letters used in the spelling of the file "IEXPLORE.EXE" but the file path is correct:

    O4 - S-1-5-18 Startup: IEXPLORE.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User '?')

    O4 - .DEFAULT Startup: IEXPLORE.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE (User 'Default user')

    ...the file path should appear as such:

    C:\Program Files\Internet Explorer\iexplore.exe

    I don't suspect that you've done this but as with your Avast anti-virus, the question should still be asked...if you did NOT change the spelling of that file (to use the upper case letters) then you should upload this file for a free scan.

    Please visit this site. Navigate to the file indicated below in Bold and upload the file for a free scan:

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    If you're unsure how to do that, follow the instructions below:

    1. Click in the "Upload a file" box to put the cursor there then click the Browse button next to it.
    2. In the File Upload window that opens, click the drop down arrow in the "Look in" box and select your Local Disk.
    3. Click the "Program Files" folder and click "Open", use the scroll bar to scroll across and locate the "Internet Explorer" folder.
    4. Scroll across until you locate the file IEXPLORE.EXE and click open.
    5. Now click the Send button. Please copy the "Results" to submit with your next reply.

    You can run HijackThis again and check the box next to the following entries that may still exist:

    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

    Now close all open windows except for the HijackThis application's window...(that includes this browser window), then click the Fix Checked button.

    Locate and delete the following files/folders indicated below in Bold text:

    C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

    C:\Program Files\Common Files\Symantec Shared

    Reboot the system and post back a fresh HijackThis log along with the results log from your "VirusTotal" scan. Also, please advise us how the system behaves for you now. Thanks!

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.