TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Tony1004 on April 08, 2006, 09:00:20 PM
-
Help!
I think i mistakely delete the .dll of it.
I can't recover it with simply re-install
Just unable to be used!
The installation file is download from www.java.com
-
What .dll are you talking about?
Can you explain a little clearer please what exactly your problems are
-
I mean i can't use the javascript on the website.
Even after reinstall the Java
-
What .dll are you talking about?
-
I mean the .dll java is using
It is called ssv.dll
I reinstall but still cannot use the java code on web
-
Can you give me a link to the website you are having troubles with Java too please
Also, to see if it will help or not
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important
Also, this will help me see what versions of Java you have
After you have closed Hijackthis
Reopen it and then click on "Misc tools section"
Then click the "Uninstall manager"
Click the SAVE LIST... button
Save the list too desktop then copy and paste the whole contents back here please
-
[quote name=\'guestolo\' post=\'105697\' date=\'Apr 10 2006, 06:28 PM\']Can you give me a link to the website you are having troubles with Java too please
Also, to see if it will help or not
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important
Also, this will help me see what versions of Java you have
After you have closed Hijackthis
Reopen it and then click on "Misc tools section"
Then click the "Uninstall manager"
Click the SAVE LIST... button
Save the list too desktop then copy and paste the whole contents back here please[/quote]
Like panda's
I mean the free online scanning website
Logfile of HijackThis v1.99.1
Scan saved at 16:19:24, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Tony\My Documents\hijackthis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-hk\msntb.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O11 - Options group: [!CNS] 網絡實名
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SDAgent Service (SDAgentService) - Unknown owner - C:\Program Files\Common Files\smartde\sde.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Like panda's
I mean the free online scanning website
Panda's uses activex controls too run it's scan
I'm just on my way to work, your log needs some cleaning
But can I still see the following I asked for
Open Hijackthis.exe
click on "Misc tools section"
Then click the "Uninstall manager"
Click the SAVE LIST... button
Save the list too desktop then copy and paste the whole contents back here please
-
I am a chinese,so i will add some explantation of chinese.!!!
ACDSee 6.0 Standard Full
Ad-Aware SE Professional
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Reader 6.0.1 - Chinese Traditional
Age of Empires III
AsusUpdate
AVG Free Edition
BHA B's Recorder GOLD BASIC 7.10
BitComet 0.60
CursorXP
DC1125
DVD-RAM驅動程式<--------------A DVD driver
Easy Audio Cutter V1.0
EDIY GBALink V5.60
EPSON Printer Software
FlashGet(JetCar)
GM56USB Voice Modem
HijackThis 1.99.1
IRD Software for IR56B Chinese Version 3.4
J2SE Runtime Environment 5.0 Update 6
jv16 PowerTools 1.4.1
K-Lite Codec Pack 2.32 Full
LG PhoneManager
LG SyncManager
LG USB Modem driver
LingvoSoft Talking Dictionary (English<->Chinese Traditional) for Pocket PC
Logitech iTouch Software
Logitech MouseWare 9.79.1
Macromedia Dreamweaver 4
Macromedia Extension Manager
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft ActiveSync 3.8
Microsoft AppLocale
Microsoft Office XP Chinese (Simplified) User Interface Pack
Microsoft Office XP English User Interface Pack
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Visual Basic 6.0 專業版 (繁體中文)<---------Visual Basic
Microsoft Web 發佈精靈 1.53<---------same as above
Microsoft Windows Application Compatibility Database
MSN Messenger 7.5
MSN 工具列
Nero - Burning Rom
NOD32防毒系統<---------NOD32 Trial going to be uninstalled
NVIDIA Drivers
NvMixer
PaperPort
PerfectDisk
PowerDVD
QuickTime Alternative 1.35
Real Alternative 1.27
Registry Compactor 1.1
Registry Medic 3.0 (Build 807)
Rise Of Legends Demo
Spybot - Search & Destroy 1.4
SuperPass2 V2.0
Uninstall Tool
Unlocker 1.7.9
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
WinRAR 壓縮工具<--------WinRAR
ZoneAlarm
網絡實名<---------Cnsmin3721
遠端桌面連線<----------connection manager
線上遊戲領航員 v2.2.0.0<---------Online game
櫻花輸入法<---------Japanese input software
魔力寶貝Ver 4.0<-----------Online game
魔力寶貝Ver 4.0 遊戲資料片<-----------Onlinegame
-
[quote name=\'guestolo\' post=\'105889\' date=\'Apr 11 2006, 08:13 AM\']Panda's uses activex controls too run it's scan
I'm just on my way to work, your log needs some cleaning
But can I still see the following I asked for
Open Hijackthis.exe[/quote]
No i mean panda's top left or right conrner
it has a buttom called scan
The buttom use javascript so that i can't even go into the scanning page
-
Sorry for the delay
Can you do the following please
Since you are going to uninstall the Trial version of Nod32
Can you do it now please
Having more than one Active av running in the background, can cause conflicts and decrease system performance
Reboot if prompted
Back in Windows
Download and install Windows CleanUp! 4.5.1 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp451.exe\")
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done click Close
Decline to log off or restart the computer
Do a "System scan only" with Hijackthis and put a check next to these entries:
R3 - Default URLSearchHook is missing
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-hk\msntb.dll (file missing)
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
O4 - HKCU\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck
"Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
==In Ewido Anti-Malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Note: when Ewido is running it's scan, don't open any other windows, let it run uninterrupted please
Reboot one last time
Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Come back here and post a fresh hijackthis log and the whole log from Ewido's
EDIT>>I forgot about this entry in your hijackthis log
O23 - Service: SDAgent Service (SDAgentService) - Unknown owner - C:\Program Files\Common Files\smartde\sde.exe (file missing)
If your unsure what it's related too, can you do the following please
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- SDAgent Service
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
The file may still be around
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
or
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to this file on your hard disk
C:\Program Files\Common Files\smartde\sde.exe<--this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
-
No sde.exe!
I've delete it about 1 mouth ago!
Also Ewido cannot output the log!
Logfile of HijackThis v1.99.1
Scan saved at 12:17:55, on 13/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tony\My Documents\hijackthis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\RunOnce: [supdate2.dll] REGSVR32.EXE /s C:\WINDOWS\system32\supdate2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O11 - Options group: [!CNS] 網絡實名
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
I missed this in your uninstall list when you posted it
This entry
網絡實名<---------Cnsmin3721
It looks as if it's related too Chinese keywords
It's something you don't want on your computer and giving you problems
Take a look at this link please
http://www3.ca.com/securityadvisor/pest/pe...px?id=453072511 (http://\"http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072511\")
Can you try uninstall it from Add/Remove programs and reboot your computer and posting back a fresh hijackthis log
Before trying to uninstall the program, can you do the following
Create a new restore point
Go to START>>Programs>>Accessories>>System Tools>>System restore
Click Create a new restore point
Name it and click Create
Then try and uninstall>>>>Reboot the computer
Could you also let me know if there are any other files in this folder
C:\Program Files\Common Files\smartde
and this one too, take note of the exact spelling
C:\Program Files\Common Files\UPDAT <-this folder
anything you recognize
Also, you said this
Also Ewido cannot output the log!
Why wouldn't it? Did you try and save the report?
Did the scan finish?
We'll get the rest of this, but let me know the above info
also try and remove the entry in add/remove programs related to Chinese keywords please
-
[quote name=\'guestolo\' post=\'106573\' date=\'Apr 12 2006, 10:48 PM\']I missed this in your uninstall list when you posted it
This entry
網絡實名<---------Cnsmin3721
It looks as if it's related too Chinese keywords
It's something you don't want on your computer and giving you problems
Take a look at this link please
http://www3.ca.com/securityadvisor/pest/pe...px?id=453072511 (http://\"http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072511\")
Can you try uninstall it from Add/Remove programs and reboot your computer and posting back a fresh hijackthis log
Before trying to uninstall the program, can you do the following
Create a new restore point
Go to START>>Programs>>Accessories>>System Tools>>System restore
Click Create a new restore point
Name it and click Create
Then try and uninstall>>>>Reboot the computer
Could you also let me know if there are any other files in this folder
C:\Program Files\Common Files\smartde
and this one too, take note of the exact spelling
C:\Program Files\Common Files\UPDAT <-this folder
anything you recognize
Also, you said this
Why wouldn't it? Did you try and save the report?
Did the scan finish?
We'll get the rest of this, but let me know the above info
also try and remove the entry in add/remove programs related to Chinese keywords please[/quote]
C:\Program Files\Common Files\smartde<------------no i've delete it once 1 month before
C:\Program Files\Common Files\UPDAT <-------------I got this, delete or not
Because i am using traditional chinese
Ewido is a simplified chinese version<------------don't know why
So it cannot output the text on notepad
This entry
網絡實名<---------Cnsmin3721
It looks as if it's related too Chinese keywords
Yes it is called 3721
Another name is Cnsmin
Also how can it help to recover Java?
-
Any progress?
Or should we continue without uninstalling Chinese keywords?
-
[quote name=\'guestolo\' post=\'106981\' date=\'Apr 13 2006, 10:18 PM\']Any progress?
Or should we continue without uninstalling Chinese keywords?[/quote]
Yes we should continue, cause some of it are useful to me.
Also, i need to use java
Can you help me recover it first
It's urgent
It's about logon buttom of it (http://\"http://www.hsbc.com.hk/hk/home/\")
Help
-
Sorry for the delay
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
or
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to this file on your hard disk
C:\Program Files\Common Files\UPDAT\Update.exe <--this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Can you do the same for this file please
C:\WINDOWS\system32\supdate2.dll
Are there any other files in the UPDAT folder?
-
File: update.exe
Status:
INFECTED/MALWARE
MD5 26c3f5b0f50b223f57648ce6e5d60357
Packers detected:
-
Scanner results
AntiVir
Found Trojan/Dldr.QQHelpe.q.1
ArcaVir
Found nothing
Avast
Found Win32:Trojano-3160
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found DLOADER.Trojan (probable variant)
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.QQHelper.eq
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
C:\WINDOWS\system32\supdate2.dll<--------NO this file
-
Are there any other files in the UPDAT folder?
Also, what do you mean by this, you can't find the file?
C:\WINDOWS\system32\supdate2.dll<--------NO this file
-
[quote name=\'guestolo\' post=\'107312\' date=\'Apr 14 2006, 08:34 PM\']Also, what do you mean by this, you can't find the file?[/quote]
There is a update.dat in UPDAT
Also i mean i can't find the supdae2.dll
Even the hidden document is unchecked
-
I'll keep away from Chinese Keywords as you appear to want the program installed
It is considered adware however
These entries are related
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O11 - Options group: [!CNS] 網絡實名
Can you do the following please
Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode
Make sure that you have
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Go to START>>Run>>Type the following or copy and paste
sc delete SDAgentService
Hit ENTER
Then type the following
sc delete Universal Disk Manager
Hit ENTER
Type Exit and hit Enter
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode
Delete this file if found
Look again, make sure it doesn't exist, but don't delete something because it looks similiar
C:\WINDOWS\system32\supdate2.dll <-this file
and these folders if found
C:\Documents and Settings\Roland\Local Settings\Temp\RarSFX0 <-this folder
C:\Program Files\Common Files\UPDAT <-this folder
C:\Program Files\Common Files\Sand <-this folder
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\RunOnce: [supdate2.dll] REGSVR32.EXE /s C:\WINDOWS\system32\supdate2.dll
O4 - HKCU\..\Run: [HNETPOLCY] rundll32.exe C:\DOCUME~1\Roland\LOCALS~1\Temp\RarSFX0\HNETPO~1.DLL,Start
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Remain in safe mode
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done click Close
Reboot back to Normal mode
1. Open Microsoft Internet Explorer.
2. Click Tools > Internet Options.
3. Click the Security tab.
4. Click the Internet Icon.
5. Click Default Level.
6. Click the Local Intranet Icon.
7. Click Default Level.
8. Click the Trusted sites Icon.
9. Click Default Level.
10. Click the Restricted sites Icon.
12. Click Default Level on lower right corner of the window.
13. Click OK on lower right corner of the window.
14. Click on the Programs tab
15. Select Reset Web Settings
Download F-Secure Blacklight(blbeta.exe) (http://\"http://www.f-secure.com/blacklight/try.shtml\")
and save it to your desktop
Run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log
BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log". I'll need to see it later
Use Internet Explorer and Run the online Panda ActiveScan (http://\"http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan.htm&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest\")
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on MyComputer to start the scan.
When the scan is complete
click See Report, then click Save Report and save it to your Desktop.
I need to see the following please
1. Post the report from Panda's
2. Post a fresh hijackthis log
3. Post the log from blbeta.exe please