Hi,
Remove MS Java
The Microsoft Java Virtual Machine, or MS Java VM, is used to run Java applets that can be found on web sites. When you visit a web site that has a Java applet, the MS JVM will compile and execute that applet on your machine. Microsoft no longer supports the MS JVM and it has become obsolete. There have also been known security issues with unpatched versions of the MS JVM and you should remove it and install the safer SUN JVM as an alternative (instructions follow).
Instructions on how to remove MS Java can be found >here<
____
Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
This is a registration reminder that is used by several companies. It is also believed to report back to the installing company some information about your computer. I recommend that you fix it.
Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
_____
Combofix Deletions
- Open notepad."
- Copy and paste the text inside the code box below to notepad
Code:
File::
C:\WINDOWS\System32\SVKP.sys
Folder::
C:\WINDOWS\Qm9EYXZTVGU
C:\WINDOWS\system32\drvr2
C:\WINDOWS\system32\cfig322
C:\WINDOWS\system32\capcom
Driver::
SVKP
Dirlook::
C:\WINDOWS\system32\DRVSTORE
- Save and Name it as "CFScript"
- Drag and drop CFScript.txt to your copy of combofix.
- You can take a look at the image below if you're unsure on how to do it.
- Combofix wil restart your machine then it will produce a log afterwards.
- Please post the contents of that log along with a fresh HijackThis log.
_____
Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.- Click Start > Control Panel
- Click Add/Remove Programs
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove button.
- Repeat as many times as necessary to remove all versions of Java.
- Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u2, and install it to your computer.
_____
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
On your next reply, please include a
- Fresh HijackThis log.
- combofix log
- kaspersky scan log