Rickus Posted February 9, 2009 ID:54946 Share Posted February 9, 2009 I managed to get the "red X" sorted out but the alert still takes me to anykuy ........this is very frustrating, here are my Logs:Malwarebytes' Anti-Malware 1.33Database version: 1740Windows 5.1.2600 Service Pack 32009/02/09 10:44:23 AMmbam-log-2009-02-09 (10-44-23).txtScan type: Full Scan (C:\|)Objects scanned: 134927Time elapsed: 49 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)NOD32 LOGScan LogVersion of virus signature database: 3836 (20090207)Date: 2009/02/08 Time: 04:45:06 PMScanned disks, folders and files: C:\Program Files\C:\Program Files\winzip111.exe Link to post Share on other sites More sharing options...
Tigger93 Posted February 9, 2009 ID:55002 Share Posted February 9, 2009 Hi. Download ComboFix from one of the locations below, and save it to your Desktop. Link 1Link 2 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.When finished, it shall produce a log for you. Post that log and a HijackThis log in your next replyNote: Do not mouseclick Combofix's window while its running. That may cause it to stall Link to post Share on other sites More sharing options...
Rickus Posted February 9, 2009 Author ID:55017 Share Posted February 9, 2009 Hi. Download ComboFix from one of the locations below, and save it to your Desktop. Link 1Link 2 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.When finished, it shall produce a log for you. Post that log and a HijackThis log in your next replyNote: Do not mouseclick Combofix's window while its running. That may cause it to stallThanx for youre quick reply I have done the steps as you said I should do........here are the logs...ComboFix 09-02-08.02 - User 2009-02-09 20:42:06.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1465 [GMT 2:00]Running from: c:\documents and settings\User\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)FW: Norton Internet Worm Protection *disabled* * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe.((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))).2009-02-09 12:45 . 2009-02-09 12:45 <DIR> d--h----- c:\windows\system32\GroupPolicy2009-02-09 08:49 . 2009-02-09 08:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-02-09 08:49 . 2009-02-09 08:49 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes2009-02-09 08:49 . 2009-02-09 08:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2009-02-09 08:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2009-02-09 08:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys2009-02-08 16:43 . 2009-02-08 16:49 <DIR> d-------- c:\program files\EsetOnlineScanner.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-09 15:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater2008-12-12 12:16 --------- d-----w c:\program files\Google2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys2008-12-11 10:11 --------- d-----w c:\program files\Microsoft Silverlight2008-02-26 06:43 12,727,648 ----a-w c:\program files\winzip111.exe2007-12-23 13:04 60,152 ----a-w c:\program files\striata-reader2.exe2007-06-21 13:28 15,732,984 -c--a-w c:\program files\Google_Earth_BZXD.exe2007-06-10 08:22 38,012,480 -c--a-w c:\program files\iTunesSetup.exe2007-06-07 09:44 66,177,040 -c--a-w c:\program files\pcc26f1410_1041.exe2007-03-19 13:05 3,142,656 -c--a-w c:\program files\b5B00enx.exe2008-09-18 04:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-13 761946]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-27 29744]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-01-05 c:\windows\system32\CHDAudPropShortcut.exe]"atwtusb"="atwtusb.exe" [2006-02-21 c:\windows\system32\ATWTUSB.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2008-03-16 67216][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.DVSD"= pdvcodec.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\StubInstaller.exe"=R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]S2 gupdate1c95c5376b3e7b4;Google Update Service (gupdate1c95c5376b3e7b4);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 119280]S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-04 29744][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32b071dc-d60c-11db-b864-00163678a9a5}]\Shell\AutoRun\command - E:\VMC_PBStarter.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32b071dd-d60c-11db-b864-00163678a9a5}]\Shell\AutoRun\command - E:\VMC_PBStarter.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a34e756-d6df-11db-b867-00163678a9a5}]\Shell\AutoRun\command - E:\VMC_PBStarter.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a34e757-d6df-11db-b867-00163678a9a5}]\Shell\AutoRun\command - E:\VMC_PBStarter.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade7e36f-d62a-11db-b866-00163678a9a5}]\Shell\AutoRun\command - E:\VMC_PBStarter.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f89d29b2-d6e3-11db-b868-00163678a9a5}]\Shell\AutoRun\command - E:\VMC_PBStarter.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f89d29b3-d6e3-11db-b868-00163678a9a5}]\Shell\AutoRun\command - E:\VMC_PBStarter.exe.Contents of the 'Scheduled Tasks' folder2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]2009-02-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 14:16]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = https://ib.absa.co.za/ib/ib.jspuInternet Connection Wizard,ShellNext = iexploreTCP: {AF0EDBD3-4D9D-4724-8BA4-E1998B9647CA} = 192.168.1.200.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-09 20:48:03Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.c:\windows\system32\rundll32.exec:\program files\Common Files\Teleca Shared\Generic.exec:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exec:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exec:\windows\system32\bgsvcgen.exec:\program files\Google\Common\Google Updater\GoogleUpdaterService.exec:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exec:\program files\PC Connectivity Solution\ServiceLayer.exec:\program files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2009-02-09 20:50:27 - machine was rebootedComboFix-quarantined-files.txt 2009-02-09 18:50:24Pre-Run: 38,003,056,640 bytes freePost-Run: 38,599,323,648 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect146 --- E O F --- 2009-01-14 05:06:54Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:01:48 PM, on 2009/02/09Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.5.0_07\bin\jusched.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Garmin\gStart.exeC:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\bgsvcgen.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\explorer.exeE:\PhoneConnectorVMC.exeE:\vmc.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ib.absa.co.za/ib/ib.jspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exeO4 - HKLM\..\Run: [atwtusb] atwtusb.exe betaO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startupO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: MotionSD STUDIO - SD Browser auto start -.lnk = C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191019910953O17 - HKLM\System\CCS\Services\Tcpip\..\{AF0EDBD3-4D9D-4724-8BA4-E1998B9647CA}: NameServer = 192.168.1.200O17 - HKLM\System\CCS\Services\Tcpip\..\{B6AAA55F-1722-4C09-B177-81D4E48F714D}: NameServer = 196.207.36.251 196.207.36.254O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Update Service (gupdate1c95c5376b3e7b4) (gupdate1c95c5376b3e7b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe--End of file - 8342 bytes Link to post Share on other sites More sharing options...
Tigger93 Posted February 9, 2009 ID:55027 Share Posted February 9, 2009 You need to uninstall your current version and download the latest version (9) from here.Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please download JavaRa and unzip it to your desktop.***Please close any instances of Internet Explorer (or other web browser) before continuing!***Double-click on JavaRa.exe to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location.Update Java RuntimeThe most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 12.Go to http://java.sun.com/javase/downloads/index.jsphttp://java.sun.com/javase/downloads/index.jsp' rel="external nofollow">Go to Java Runtime Environment (JRE) 6 Update 12 about half way down the page and click on the Download button.In Platform box choose Windows.Check the box to Accept License Agreement and click Continue.Click on Windows Offline Installation, click on the link under it which says jre-6u12-windows-i586-p.exe and save the downloaded file to your desktop.Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.Uncheck the Toolbar button (unless you want the toolbar)Reboot your computerThen post a new HijackThis log and the JavaRA log. Link to post Share on other sites More sharing options...
Recommended Posts