Cojo1
asked on
HELP!! Blank Blue screen when booting up and constant pop-ups
I've got some kind fo spyware/adware infecting my PC.When I boot up it just shows a completely blank blue screen and then after a while I get a pop-up stating my system is infected, etc... and than a pop-up for AntiSpySpider. There is a link in the first pop-up that claims to update the Windows Security Center, so I clicked on it since the PC is not currently connected to a network or the internet. It brought me to an Internet Explorer window and I used that to go to C:\windws and run the Explorer.exe. Now my system is booted up but I am constantly getting pop-ups. Here is the HiJackThis Logfile. Can anyone help?
Cojo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:44 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\Program Files\Intel\Wireless\Bin\E
C:\Program Files\Intel\Wireless\Bin\S
C:\Program Files\Intel\Wireless\Bin\W
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\SCardS
C:\Program Files\ISS\RSDP\blackd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRAM FILES\DRU\bin\DRUService.e
C:\Program Files\Google\Common\Google
C:\Program Files\McAfee\Common Framework\FrameworkService
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\444.0
C:\Program Files\Dell\NICCONFIGSVC\NI
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\PROGRA~1\PHAROS~1\Core\
C:\WINDOWS\portsv.exe
C:\Program Files\Intel\Wireless\Bin\R
C:\WINDOWS\system32\rcmdsv
C:\Program Files\Radmin\r_server.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\snmpdm
C:\WINDOWS\system32\svchos
C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.ex
C:\Program Files\Serena\ChangeMan\DS\
C:\WINDOWS\system32\fxssvc
C:\WINDOWS\system32\CCM\Cc
C:\Program Files\1E\SMSWakeUp50\SMSWU
C:\WINDOWS\system32\userin
C:\WINDOWS\system32\iftuys
C:\WINDOWS\system32\wbem\w
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\system32\wbem\w
C:\WINDOWS\system32\wbem\w
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\userin
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\explorer.exe
C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe
C:\WINDOWS\system32\hkcmd.
C:\Program Files\Apoint\Apoint.exe
C:\progra~1\FileNET\IDM\fn
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PaperPort\pptd40nt.e
C:\WINDOWS\system32\spool\
C:\Program Files\HP\hpcoretech\hpcmpm
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\Z
C:\Program Files\Intel\Wireless\Bin\i
C:\WINDOWS\System32\cscrip
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\zz\ZenMediaSour
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wbem\w
C:\_taft\mg\Microsoft Money\System\mnyexpr.exe
C:\Documents and Settings\tl1272\Applicatio
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\COMMON~1\CROSO
C:\Program Files\QdrModule\QdrModule1
C:\WINDOWS\?racle\m?hta.ex
C:\WINDOWS\system32\rundll
C:\Program Files\uTorrent\uTorrent.ex
C:\PROGRA~1\MICROS~4\rapim
C:\Documents and Settings\tl1272\Applicatio
C:\Program Files\Intel\Wireless\Bin\D
C:\Program Files\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-7
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-a
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-a
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-4
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-0
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-2
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-9
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-7
O2 - BHO: (no name) - {A664BB3E-738C-5A55-FF38-7
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-1
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-4
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-7
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-7
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-7
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-c
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [0FileNET System Manager] c:\progra~1\FileNET\IDM\fn
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\PaperPort\pptd40nt.e
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\PaperPort\IndexSearc
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [VPN_MTU] "C:\Program Files\cisco systems\vpn client\setmtu.exe" /s 1200
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SBCAssess] "C:\Program Files\Compapps\SBCAssess\S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\Z
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\i
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe /PATCH,/SRCUPDATEC:\DOCUME
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Creative Detector] C:\WINDOWS\zz\ZenMediaSour
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\_taft\mg\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\tl1272\Applicatio
O4 - HKCU\..\Run: [Eusn] "C:\PROGRA~1\COMMON~1\CROS
O4 - HKCU\..\Run: [QdrModule17] "C:\Program Files\QdrModule\QdrModule1
O4 - HKCU\..\Run: [Tbaxhfom] C:\WINDOWS\?racle\m?hta.ex
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: Q Team-Link Messenger.lnk = C:\Program Files\Q Team-Link Messenger\jre1.5.0_09\bin\
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O7 - HKCU\Software\Microsoft\Wi
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\
O8 - Extra context menu item: Customize Menu - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: Open with BitPump - C:\WINDOWS\zz\AnalogX\BitP
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: Save Forms - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-0
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O14 - IERESET.INF: START_PAGE_URL=http://myintranet.sbc.com
O16 - DPF: {00191E4B-49C2-48E2-A548-8
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {0a454840-7232-11d5-b63d-0
O16 - DPF: {406B5949-7190-4245-91A9-3
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C
O16 - DPF: {9C134253-E8A3-4759-9F98-3
O16 - DPF: {C9386579-3C0F-4713-82C6-5
O16 - DPF: {CAFECAFE-0013-0001-0018-A
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-7
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\RSDP\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DRUAgent - AT&T - C:\PROGRAM FILES\DRU\bin\DRUService.e
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.0.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\ORACLE\ORA92\bin\omtsre
O23 - Service: OracleOraHome92ClientCache
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\RSDP\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SMSWUagent - 1E Ltd. - C:\Program Files\1E\SMSWakeUp50\SMSWU
O23 - Service: snmpdm - Unknown owner - C:\WINDOWS\system32\snmpdm
O23 - Service: IBM Tivoli Remote Control - Target (TRCTARGET) - Unknown owner - C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.ex
O23 - Service: VCS NT Service (VCS_Service) - Unknown owner - C:\Program Files\Serena\ChangeMan\DS\
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\W
--
End of file - 19642 bytes
Cojo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:44 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\Program Files\Intel\Wireless\Bin\E
C:\Program Files\Intel\Wireless\Bin\S
C:\Program Files\Intel\Wireless\Bin\W
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\SCardS
C:\Program Files\ISS\RSDP\blackd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRAM FILES\DRU\bin\DRUService.e
C:\Program Files\Google\Common\Google
C:\Program Files\McAfee\Common Framework\FrameworkService
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\444.0
C:\Program Files\Dell\NICCONFIGSVC\NI
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\PROGRA~1\PHAROS~1\Core\
C:\WINDOWS\portsv.exe
C:\Program Files\Intel\Wireless\Bin\R
C:\WINDOWS\system32\rcmdsv
C:\Program Files\Radmin\r_server.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\snmpdm
C:\WINDOWS\system32\svchos
C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.ex
C:\Program Files\Serena\ChangeMan\DS\
C:\WINDOWS\system32\fxssvc
C:\WINDOWS\system32\CCM\Cc
C:\Program Files\1E\SMSWakeUp50\SMSWU
C:\WINDOWS\system32\userin
C:\WINDOWS\system32\iftuys
C:\WINDOWS\system32\wbem\w
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\system32\wbem\w
C:\WINDOWS\system32\wbem\w
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\userin
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\explorer.exe
C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe
C:\WINDOWS\system32\hkcmd.
C:\Program Files\Apoint\Apoint.exe
C:\progra~1\FileNET\IDM\fn
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PaperPort\pptd40nt.e
C:\WINDOWS\system32\spool\
C:\Program Files\HP\hpcoretech\hpcmpm
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\Z
C:\Program Files\Intel\Wireless\Bin\i
C:\WINDOWS\System32\cscrip
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\zz\ZenMediaSour
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wbem\w
C:\_taft\mg\Microsoft Money\System\mnyexpr.exe
C:\Documents and Settings\tl1272\Applicatio
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\COMMON~1\CROSO
C:\Program Files\QdrModule\QdrModule1
C:\WINDOWS\?racle\m?hta.ex
C:\WINDOWS\system32\rundll
C:\Program Files\uTorrent\uTorrent.ex
C:\PROGRA~1\MICROS~4\rapim
C:\Documents and Settings\tl1272\Applicatio
C:\Program Files\Intel\Wireless\Bin\D
C:\Program Files\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-7
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-a
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-a
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-4
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-0
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-2
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-9
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-7
O2 - BHO: (no name) - {A664BB3E-738C-5A55-FF38-7
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-1
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-4
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-7
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-7
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-7
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-c
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [0FileNET System Manager] c:\progra~1\FileNET\IDM\fn
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\PaperPort\pptd40nt.e
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\PaperPort\IndexSearc
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [VPN_MTU] "C:\Program Files\cisco systems\vpn client\setmtu.exe" /s 1200
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SBCAssess] "C:\Program Files\Compapps\SBCAssess\S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\Z
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\i
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe /PATCH,/SRCUPDATEC:\DOCUME
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Creative Detector] C:\WINDOWS\zz\ZenMediaSour
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\_taft\mg\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\tl1272\Applicatio
O4 - HKCU\..\Run: [Eusn] "C:\PROGRA~1\COMMON~1\CROS
O4 - HKCU\..\Run: [QdrModule17] "C:\Program Files\QdrModule\QdrModule1
O4 - HKCU\..\Run: [Tbaxhfom] C:\WINDOWS\?racle\m?hta.ex
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: Q Team-Link Messenger.lnk = C:\Program Files\Q Team-Link Messenger\jre1.5.0_09\bin\
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O7 - HKCU\Software\Microsoft\Wi
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\
O8 - Extra context menu item: Customize Menu - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: Open with BitPump - C:\WINDOWS\zz\AnalogX\BitP
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: Save Forms - file://C:\Utils\RoboForm\R
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-0
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O14 - IERESET.INF: START_PAGE_URL=http://myintranet.sbc.com
O16 - DPF: {00191E4B-49C2-48E2-A548-8
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {0a454840-7232-11d5-b63d-0
O16 - DPF: {406B5949-7190-4245-91A9-3
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C
O16 - DPF: {9C134253-E8A3-4759-9F98-3
O16 - DPF: {C9386579-3C0F-4713-82C6-5
O16 - DPF: {CAFECAFE-0013-0001-0018-A
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-7
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\RSDP\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DRUAgent - AT&T - C:\PROGRAM FILES\DRU\bin\DRUService.e
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.0.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\ORACLE\ORA92\bin\omtsre
O23 - Service: OracleOraHome92ClientCache
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\RSDP\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SMSWUagent - 1E Ltd. - C:\Program Files\1E\SMSWakeUp50\SMSWU
O23 - Service: snmpdm - Unknown owner - C:\WINDOWS\system32\snmpdm
O23 - Service: IBM Tivoli Remote Control - Target (TRCTARGET) - Unknown owner - C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.ex
O23 - Service: VCS NT Service (VCS_Service) - Unknown owner - C:\Program Files\Serena\ChangeMan\DS\
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\W
--
End of file - 19642 bytes
virtuatech
Looks like you have a script file running C:\WINDOWS\System32\cscrip
Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
ASKER
What do I do after identifying the files that the script is using?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh, I forgot to mention that when I go to boot into SAFE mode, they system won't accept my password. I can log in with my password fine in normal mode. Any ideas on how to get around that? Cojo
Don't think we can get "around" anything here. Just clean it up and hope for the best. Sometimes with systems this infected there is OS damage that cannot be repaired.
ASKER
Will it work without being in SAFE mode? When I run RunThis.bat, I only get a menu with the options to select "A, B, C, D, U,1,2,3,4 or E to Exit" I typed "Y" like your instructions and the window closed. Don't think it's doing anything. Should I be selecting another option or is it not working because I'm not in SAFE mode? By the way - Thanx for the help. Cojo
ASKER
I got around the problem. I am now able to login with SAFE mode. I created a new account. (Looks like my old account must have an old password stored with it.) Anyway,I can now run SDFIX in safe mode and will go thru your instructions above and post back when I'm done. - thx - cojo
ASKER
I ran the SDFIX and it completed and said it was going to reboot my system. It rebooted and is now stuck on the blank blue screen. It's like it's not starting Explorer.exe. Any ideas?
To start EXPLORER.EXE manually:
1. Open Windows Task Manager. Press CTRL+SHIFT+ESC.
2. On Windows Task Manager, Click File>New Task (Run..)
3. In Create New Task, type %WinDir%\EXPLORER.EXE and click OK.
4. Close Task Manager.
We may have to make a registry edit to bring back explorer on startup. Run combofix first though. Again....badly infected machine. You may want to consider a re-install if we continue to have issues here.
1. Open Windows Task Manager. Press CTRL+SHIFT+ESC.
2. On Windows Task Manager, Click File>New Task (Run..)
3. In Create New Task, type %WinDir%\EXPLORER.EXE and click OK.
4. Close Task Manager.
We may have to make a registry edit to bring back explorer on startup. Run combofix first though. Again....badly infected machine. You may want to consider a re-install if we continue to have issues here.
ASKER
Managed to get by it by logging in with the new account I created. For some reason I can't boot up with my main account (which I really need to). Here's the logs that I got after running both. I still need to be able to fix my main account to boot up right besides whatever this shows wrong.
SDFIX-log-first-run-6-09-08.txt.txt
combofix-log-6-9-08.txt
SDFIX-log-first-run-6-09-08.txt.txt
combofix-log-6-9-08.txt
Can you post a new HijackThis log too? You say you cannot get into your main profile...why? What happens when you try?
Do you know of this program?
C:\Program Files\Radmin
Do you use a remote admin. or use remote access on this pc?
Do you know of this program?
C:\Program Files\Radmin
Do you use a remote admin. or use remote access on this pc?
ASKER
Yes RADMIN is my remote access software. -- When I log into my main account, it only comes up to a blank blue screen (not the blue screen of death). I don't think it's running Explorer.exe. Also if I hit Ctrl-Alt-Del, the "Task Manager" button is grayed out. But only on the main account, not the tnew one I created. Weird! Attached is the new HijackThis file.
hijackthis.log
hijackthis.log
These scripts that are running...do you know what they are?
[HKEY_LOCAL_MACHINE\softwa
"Script"=drustatus.vbe
[HKEY_LOCAL_MACHINE\softwa
"Script"=newhealth.vbs
[HKEY_LOCAL_MACHINE\softwa
"Script"=LEDNIssueLogonScr
[HKEY_LOCAL_MACHINE\softwa
"Script"=drustatus.vbe
[HKEY_LOCAL_MACHINE\softwa
"Script"=newhealth.vbs
[HKEY_LOCAL_MACHINE\softwa
"Script"=LEDNIssueLogonScr
ASKER
I do not know what these are. Also, does it make a difference that this HijackThis script was not run under the user account that I'm having the problem with? Because I can't login to that account to do anything. It just stays on the blank blue screen.If I could get the Task Mgr ungrayed than I could start Explorer.exe and run it from that account.
Yes, it does matter where it's run from, and it would be nice if we could get into that account, but I'm not sure how we can at this point. I'm assuming (maybe wrongly) that this machine is part of a domain? In a work environment?
ASKER
UPDATE: OK, I am able to login now to the main account. I went into Documents and Settings and renamed the folder for my main account. When I logged in, it recreated it and logged me in fine. Weird, but it worked. Here's the HijackThis logfile from the account.
hijackthis.log
hijackthis.log
Great, good job. Not sure what you did though?
There is one entry I am pretty sure is bad, but haven't been able to find much info. on as it appears pretty new. We can use combofix to deal with it. You may need to download combofix into this profile as it was run earlier from another correct? If so do that and download to your desktop, then...
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
--------------------------
File::
C:\WINDOWS\portsv.exe
Folder::
C:\WINDOWS\system32\2705
Driver::
PlugPlayRPC
--------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please upload the following reports/logs.
-Combofix.txt
-A new HijackThis log
There is one entry I am pretty sure is bad, but haven't been able to find much info. on as it appears pretty new. We can use combofix to deal with it. You may need to download combofix into this profile as it was run earlier from another correct? If so do that and download to your desktop, then...
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
--------------------------
File::
C:\WINDOWS\portsv.exe
Folder::
C:\WINDOWS\system32\2705
Driver::
PlugPlayRPC
--------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please upload the following reports/logs.
-Combofix.txt
-A new HijackThis log
ASKER
Is that the right folder?
Folder::
C:\WINDOWS\system32\2705
I don't mean to question you but I just wanted to double check before I ran it. In the HJT log it shows the file being in C:\WINDOWS. the only file in this folder is ~@24771p.spt
Folder::
C:\WINDOWS\system32\2705
I don't mean to question you but I just wanted to double check before I ran it. In the HJT log it shows the file being in C:\WINDOWS. the only file in this folder is ~@24771p.spt
It is from the combofix log and was created right at the same time the portsv.exe file was. Many times there are just randomly named folders created and this is probably one of them. It's probably harmless but....if you know it's OK then don't remove. There are quite a few things on this PC I don't recognize and that's why I asked about being on a domain and having many policies and restrictions in place.
ASKER
Nevermind, I misunderstood. I didn't realize that was cleanining up the folder. For some reason I thought that under the folder section, you were telling it where to find the file portsv.exe. My bad, sorry.
ASKER
Ok, ran that combofix and here's the log for it and another HJT log.
ASKER
OK how's it running now? You need to update your Java, older versions are vulnerable to malware.
ASKER
How do I update the Java?
Updating Java:
Go to Start > Control Panel > Add/Remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select and click Remove.
Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp
Go to Start > Control Panel > Add/Remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select and click Remove.
Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp
ASKER
Thank you very much for your help with this. You were right on the money with your solution. Sorry for all the questions. Keep up the great work!
Glad it worked out and you're welcome. Don't worry about asking questions, that's how we learn.
You should uninstall combofix...
Click START then Run...
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
You should uninstall combofix...
Click START then Run...
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.