Byteverify and JavaNocheat found

Computing.Net > Forums > Security and Virus > Byteverify and JavaNocheat found

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Byteverify and JavaNocheat found

Name: faraan
Date: November 30, 2003 at 08:40:16 Pacific
OS: MS WIN 2000 5.00.2195 SP4
CPU/Ram: Pentium II / 528 MB

Comment:

Can't open hotmail and download windows update. Here's Hijack this log.
Logfile of HijackThis v1.97.7
Scan saved at 12:46:48 PM, on 11/28/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARUpld32.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARMon32a.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINNT\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINNT\uptodate.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\jetsuite\JETSTAT.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Palm\HOTSYNC.exe
C:\WINNT\system32\mrtMngr.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=98567&id=113816169254100127
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidebar.smarter.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=98567&id=113816169254100127
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - C:\WINNT\system32\stlbupdt.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINNT\gsim.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web Search - {EC788B03-A743-4274-AC9E-DB4F2A03F515} - C:\WINNT\system32\wst.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - C:\WINNT\system32\stlbupdt.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [Rundll16] C:\WINNT\rundll16.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINNT\system32\stlbupdt.DLL,DllRunMain
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [stcloader] C:\WINNT\system32\stcloader.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.exe
O4 - Global Startup: HP LaserJet 3100 Status.lnk = C:\jetsuite\JETSTAT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74407602-3D9F-4617-A418-A10C490AB6DE}: NameServer = 151.202.0.85 151.203.0.85

Sponsored Link

Ads by Google

Response Number 1

Name: tamtam
Date: November 30, 2003 at 09:35:00 Pacific

Reply:

Download and run CWShredder from following site
http://www.spywareinfo.com/~merijn/
Update Windows and post a new log

Response Number 2

Name: faraan
Date: November 30, 2003 at 17:12:06 Pacific

Reply:

Thanx for your help.I scanned the system with CW Shredder and it found nothing. Here's the log
Logfile of HijackThis v1.97.7
Scan saved at 8:13:05 PM, on 11/30/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARUpld32.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARMon32a.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINNT\uptodate.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\jetsuite\JETSTAT.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Palm\HOTSYNC.exe
C:\WINNT\system32\mrtMngr.exe
C:\WINNT\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINNT\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINNT\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINNT\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=98567&id=113816169254100127
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidebar.smarter.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=98567&id=113816169254100127
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - C:\WINNT\system32\stlbupdt.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINNT\gsim.dll
O3 - Toolbar: Web Search - {EC788B03-A743-4274-AC9E-DB4F2A03F515} - C:\WINNT\system32\wst.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - C:\WINNT\system32\stlbupdt.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [Rundll16] C:\WINNT\rundll16.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINNT\system32\stlbupdt.DLL,DllRunMain
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [stcloader] C:\WINNT\system32\stcloader.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.exe
O4 - Global Startup: HP LaserJet 3100 Status.lnk = C:\jetsuite\JETSTAT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{74407602-3D9F-4617-A418-A10C490AB6DE}: NameServer = 151.202.0.85 151.203.0.85

Response Number 3

Name: gmoney
Date: November 30, 2003 at 22:19:49 Pacific

Reply:

What program found Byteverify and
JavaNocheat - Hijack This or your antivirus?
Norton can remove JavaNoCheat - or you can just
manually delete the four .class files
listed here.
BTW, I've found sarc.com to be a good place to
find detailed info about viruses and worms)

Response Number 4

Name: faraan
Date: December 1, 2003 at 05:10:35 Pacific

Reply:

Thanx for your help guys. I can't access my hotmail account 'cause IE redirects me to a search site. I ran Norton and it found Byteverify and JavaNocheat on the system and it says the system is infected.
Now how do I find these four .class files to clear JavaNocheat. And still my main problem is Byteverify.

Response Number 5

Name: sxshep
Date: December 1, 2003 at 10:18:10 Pacific

Reply:

faraan,
First go to control panel and open your Java console select the cache tab, and select clear, but first disable system restore if you have it. This should clear any byte verify bugs hiding in your Java applet.
As for your HT log, to the best of my knowledge let the program fix the following progams, again with System Restore disabled.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=98567&id=113816169254100127
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidebar.smarter.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=98567&id=113816169254100127
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - C:\WINNT\system32\stlbupdt.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINNT\gsim.dll
O3 - Toolbar: Web Search - {EC788B03-A743-4274-AC9E-DB4F2A03F515} - C:\WINNT\system32\wst.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - C:\WINNT\system32\stlbupdt.DLL
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINNT\system32\stlbupdt.DLL,DllRunMain
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [stcloader] C:\WINNT\system32\stcloader.exe

There might be more.
hth
shep

microsoft c download HP Laserjet 3330 software /opt/cdunix/ndm/bin/ndmcli palm hotsync failure palm hotsync error hotsync download palm hotsync simple and light browser quicktime ole found rss_feeds	mobsync.exe vsmon.exe found.000 found.001 logon.cmd sp4.cab found.00 WinMgmtイベント　ID:429 loadqm.exe creative launcher systray
See More

Response Number 6

Name: faraan
Date: December 1, 2003 at 11:16:37 Pacific

Reply:

Shep. Thanx for your help. First how do I find out that I have system restore? Second which program are you refering to fix rest of the problems.

Response Number 7

Name: sxshep
Date: December 1, 2003 at 12:22:01 Pacific

Reply:

Don't think 2000 has it, never run it. So proceed, run HiJack this and put check marks in the items listed above and hit the "fix checked" button. Make sure all windows and your browser are closed before running the program. Restart your computer after the cleanup. Did you understand the Java console thing? See how that works out for you.
shep

Response Number 8

Name: faraan
Date: December 1, 2003 at 15:51:47 Pacific

Reply:

Shep
Thanx for your help. I did clearup the java cahce as your instructions were really good. I ran the HI program and deleted the programs you mentioned. Now when I enter my name and password on hotmail screen it displays the page where it says "Page not found". Now what?
I really appreciate your time and effort in this.

Response Number 9

Name: sxshep
Date: December 1, 2003 at 16:41:32 Pacific

Reply:

You could try to clear your DNS cache:
http://www.winnetmag.com/Article/ArticleID/27023/27023.html
Do you have a normal home page?
Is the problem now with hotmail only?
hth
shep

Response Number 10

Name: faraan
Date: December 1, 2003 at 17:58:36 Pacific

Reply:

I cleared the DNS as mentioned but the problem is still there.
My current homepage is news.google.com
What's a normal page?
I'm also having the same problem with few more sites.

Sponsored Link

Ads by Google

Strange PC Behaviour

SpywareBlaster update ava...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Byteverify and JavaNocheat found

Byteverify found on system

Summary

www.computing.net/answers/security/byteverify-found-on-system/7630.html

Java.ByteVerify.exploit trojan

Summary

www.computing.net/answers/security/javabyteverifyexploit-trojan/11631.html

AWTTSP.DLL and startup problem

Summary

www.computing.net/answers/security/awttspdll-and-startup-problem/20969.html

From the Geek Dictionary
win - 1. exclamation used to express that you're lucky or happy about something, ...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
monitor says no signal

Smart Phones that Sync with Outlook

What is over clocking

Fedora drivers for Dell inspiron 1525

Upgrading HD's in Raid 1 configuration

All Awaiting Reply

Tom's News
New Super Mario Bros. Wii Looks Great in 1080p

Parents Pull Girl's Tooth, Scares Cat With RC Car

Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE