Update Java:For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
Update Adobe:Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 11 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.
You need to disable Real Time monitoring while cleaning:Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version v9: https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/webplayerdemo/en?rcv=1&dist=divxdotcom
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O20 - AppInit_DLLs: xzcrxm.dll
O20 - Winlogon Notify: byXQKaYq - byXQKaYq.dll (file missing)
2. Start> Run> msconfig> enter> Selective Startup> Startup menu> UNCHECK everything EXCEPT the processes for Avira/AntiVirAll Java EXCEPT v6u11
All Adobe Reader EXCEPT v9
Protection in Firefox:I use firefox most of the time, do I need to change cookie settings there?
Yes: Tools> Options> Privacy section> CHECK 'accept Cookies'> UNCHECK 'accept third party Cookies.
For Firefox, I highly recommend using AdBlock Plus and the Easy List filters. These will block Domains that you would normally have to put in 'Exceptions' in Cookies:
AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
Easy List: http://easylist.adblockplus.org/
Suggest getting all 3 of the Easy List.
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
I do not have a Run option from the start menu on this computer
.Right click on Taskbar> Properties> Start tab> Customize> Advanced tab> be sure 'Run command' is checked> OK> Apply> OK
I know the second one says Foxit Toolbar, but the CLSID is for Ask. Please see the information here why you don't want it:O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
I should have caught these last night. I'm sorry- I was tired. These autoruns need to be stopped and removed:* Clear your existing system restore points and establish a new clean restore point:
1. Go to Start > All Programs > Accessories > System Tools > System Restore
2. Select Create a restore point, and OK it.
3. Next, go to Start > Run and type in cleanmgr
4. Select the More options tab
5.Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')>>Searchcentrix hijacker
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\S-1-5-19\..\Run: [vawaluzolu] Rundll32.exe "C:\WINDOWS\system32\hujinuya.dll",s (User 'LOCAL SERVICE')
Right click on Start> Explore> Windows> System 32> right click> delete of any of the following if found:LogMeIn
Sidebar
Microsoft Office Application Launcher.
RocketDock
Reboot into Normal Mode. You will get a nag message you can ignore after checking 'don't show this message again.' Stay in Selective Startup.hujinuya.dll
xzcrxm.dll
byXQKaYq.dll
This is the Java updater and should be turned off. Every time we do anything with Java, it puts itself back on Startup:Also noticed java/jre6/bin/jusched in msconfig startup.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Please refer to either of my previous two posts giving directions to disable teatimer.
Can I keep windows messenger from running at startup, or do I need it for something?
You sure can. UNCHECK is on the Startup menu using Start> Run> msconfig> enter> Selective Startup> Startup tab.
It tends to be a bit pushy sometimes, so if you don't use it, do this in addition to unchecking on Startup:
Right click on Start> Explore> Programs> Right click on Messenger> Rename> add old to the end, like this: messengerold.
And yet one more setting for this beast:
In Outlook Express: Tools> Options> General tab> UNCHECK 'automatically log on to Windows Messenger> Apply> OK
Java:O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP
Adobe:The Java updater is still running. you can see it as 'jusched' in the Task Manager:
Control Panel> Java> Update tab> UNCHECK 'automatically check for updates'> answer Yes when asked if you're sure.
When you have finished the above, reboot the computer. You will get a nag message that you can ignore and close after checking 'don't show this message again'. Stay in Selective Startup/Since you fired Adobe, let's disable the Service:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
Start> Run> services.msc> right click on Adobe LM Service> Properties> Change Startup type to Disabled.
The Restore Points should be remove again since you had a few malware entries when you did the removal: Clear your existing System Restore points and establish a new clean restore point:http://download.bleepingcomputer.com.../OTCleanIt.exe
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
* Next, go to Start > Run and type in cleanmgr
"Ensure the selection is on C:\ and click on OK"-
* Select the *More options* tab
* Choose the option to clean up System Restore and OK it.
* This will remove all restore points except the new one you just created.
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')]
Have you ever wanted to remove Windows components like Media Player, Internet Explorer, Outlook Express, MSN Explorer, Messenger...How about not even to install them with Windows ?
nLite is a tool for pre-installation Windows configuration and component removal at your choice. Optional bootable image ready for burning on media or testing in virtual machines.
With nLite you will be able to have Windows installation which on install does not include, or even contain on media, the unwanted components.